Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Gozi 2; my provider informed me


  • This topic is locked This topic is locked
22 replies to this topic

#1 Bie76

Bie76

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 11 December 2014 - 02:06 PM

Goodday,

 

Today I recieved a letter from my provider stating that a computer at my IP adres is infected by the trojan "gozi2". If I do not have it removed by their next check they will block my excess... When I goolge "gozi2" several sites give an error, which is described as a symptom in the letter... Aditionally my usb ports haven't been working and when I "ctrl+alt+delete" a limited window opens (see attached picture), for a while now (don't know specific). Also clicking the download DDS button on your site did not prompt a download, I was just redirected to your general download area. So I googled it and downloaded (didn't post).

On my laptop I have Avira antivirus and Zone alarm firewall installed. Both report beeing up to date, although I remember not beeing able to do a manual update of Avira, after the automatic update reported failure, a couple of months ago.

 

Hope you can help, thank you in advance, it is much appriciated! Greetz

 

-----------------------------------------------------------------------------------

Attached File  attach.txt   4.72KB   0 downloadsAttached File  picture of taskmanager.doc   44.5KB   4 downloads

 

dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.67.2
Run by Rb at 19:31:18 on 2014-12-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.2937.1485 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\PROGRAM FILES (X86)\CHECKPOINT\ZONEALARM\VSMON.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE
C:\PROGRAM FILES (X86)\SKYPE\TOOLBARS\AUTOUPDATE\SKYPEC2CAUTOUPDATESVC.EXE
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDSVC.EXE
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\SYSTEM32\TASKHOST.EXE
C:\Windows\system32\Dwm.exe
C:\WINDOWS\EXPLORER.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
C:\PROGRAM FILES (X86)\TOSHIBA\TOSHIBA WEB CAMERA APPLICATION\TWEBCAMERA.EXE
C:\PROGRAM FILES (X86)\CHECKPOINT\ZONEALARM\ZATRAY.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ARM\1.0\ADOBEARM.EXE
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\CONCENTR.EXE
C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGNT.EXE
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
C:\PROGRAM FILES (X86)\CITRIX\ICA CLIENT\WFCRUN32.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\PROGRAM FILES\TOSHIBA\TOSHIBA HDD SSD ALERT\TOSSMARTSRV.EXE
C:\PROGRAM FILES\TOSHIBA\TOSHIBA HDD SSD ALERT\TOSSENOTIFY.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUCHECK.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE
C:\PROGRAM FILES (X86)\REAL\REALPLAYER\UPDATE\REALSCHED.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
C:\WINDOWS\SYSTEM32\CSCRIPT.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://ssl.bkg.nl/vpn/index.html
uDefault_Page_URL = hxxp://toshiba.msn.com
mWinlogon: Userinit = userinit.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
mRun: [NPSStartup] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 212.54.40.25 212.54.44.54
TCP: Interfaces\{236BCB2C-1E4B-40F7-91E8-9D23AFD1697A} : DHCPNameServer = 212.54.40.25 212.54.44.54
TCP: Interfaces\{236BCB2C-1E4B-40F7-91E8-9D23AFD1697A}\3596475636F6D6934333548383 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A0DE28C5-2603-4AE5-AE66-AB71E95E3365} : DHCPNameServer = 212.54.40.25 212.54.35.25
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
x64-Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
x64-Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robbert\AppData\Roaming\Mozilla\Firefox\Profiles\ibovpfe8.default\
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?prt=mp3tubetbe&Keywords=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npatgpc.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?prt=mp3tubetbe&Keywords=
FF - user.js: keyword.enabled - 1
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112400690373183-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=04ddc06d00000000000088252c759705&q=
FF - user.js: extensions.zonealarm.id - 04ddc06d00000000000088252c759705
FF - user.js: extensions.zonealarm.instlDay - 15430
FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3
FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.322:03:13
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1600
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN112400690373183-1600
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-5-3 28600]
R2 AntiVirSchedulerService;Avira Planner;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-5-3 432888]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-5-3 432888]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-5-3 119272]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-10-4 1811456]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2012-3-31 51496]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-3-31 1148632]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-6-18 54160]
R3 CeKbFilter;CeKbFilter;C:\Windows\System32\drivers\CeKbFilter.sys [2013-5-20 20592]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-10-4 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-21 413800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2010-10-4 932384]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-24 136704]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2010-11-26 20480]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-20 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-4 232992]
S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2010-1-6 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2011-7-27 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-20 57856]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-24 1255736]
.
=============== Created Last 30 ================
.
2014-12-10 18:08:32    --------    d-----w-    C:\Windows\System32\appraiser
2014-12-10 17:53:37    3209728    ----a-w-    C:\Windows\SysWow64\mf.dll
2014-12-10 17:53:36    4121600    ----a-w-    C:\Windows\System32\mf.dll
2014-12-10 01:18:59    10949120    ----a-w-    C:\Program Files\Internet Explorer\F12Resources.dll
2014-12-10 01:18:21    830976    ----a-w-    C:\Windows\System32\appraiser.dll
2014-12-10 01:18:21    1232040    ----a-w-    C:\Windows\System32\aitstatic.exe
2014-12-10 01:18:20    741376    ----a-w-    C:\Windows\System32\invagent.dll
2014-12-10 01:18:20    192000    ----a-w-    C:\Windows\System32\aepic.dll
2014-12-10 01:18:20    1083392    ----a-w-    C:\Windows\System32\aeinv.dll
2014-12-10 01:18:19    413184    ----a-w-    C:\Windows\System32\generaltel.dll
2014-12-10 01:18:19    396800    ----a-w-    C:\Windows\System32\devinv.dll
2014-12-10 01:18:18    227328    ----a-w-    C:\Windows\System32\aepdu.dll
2014-12-10 01:18:01    1480192    ----a-w-    C:\Windows\System32\crypt32.dll
2014-12-10 01:18:00    1174528    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2014-12-10 01:15:27    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-12-10 01:15:27    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-12-10 00:36:01    11632448    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3797400-87BB-47BC-ABE2-B4784DB6D7D1}\mpengine.dll
2014-12-03 19:58:30    220784    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2014-11-23 09:31:34    --------    d-----w-    C:\Windows\rescache
2014-11-21 19:49:17    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-11-21 19:49:17    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-11-21 19:49:17    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-11-21 19:49:15    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-11-21 19:49:15    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-11-21 19:46:05    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-11-21 19:46:05    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-11-21 19:46:04    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-11-21 19:46:04    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-11-21 19:46:04    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-11-21 19:46:04    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-11-21 19:46:04    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-11-21 19:46:03    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-11-21 19:45:54    342016    ----a-w-    C:\Windows\System32\schannel.dll
2014-11-21 19:45:52    309760    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-11-21 19:45:51    248832    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-11-21 19:45:51    221184    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-11-21 19:45:49    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-11-21 19:45:48    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-11-21 19:45:48    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-11-21 19:45:47    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-11-21 19:45:47    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-11-21 19:45:47    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-11-21 19:45:46    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-11-21 19:45:46    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-11-21 19:44:17    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-11-21 19:44:17    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-11-21 19:44:15    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-11-21 19:44:05    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-11-21 19:44:04    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-11-21 19:43:11    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-11-21 19:43:11    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
.
==================== Find3M  ====================
.
2014-12-10 21:23:15    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 21:23:15    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-22 03:06:23    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:43    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-11-22 02:35:29    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07    6039552    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:55:16    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-11-22 01:54:30    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58    2125312    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26    4299264    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21    2358272    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-22 01:22:49    2052096    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20    1888256    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-11 03:09:06    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26    119296    ----a-w-    C:\Windows\System32\drivers\tdx.sys
2014-11-04 13:30:58    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-30 02:03:43    165888    ----a-w-    C:\Windows\System32\charmap.exe
2014-10-30 01:45:43    155136    ----a-w-    C:\Windows\SysWow64\charmap.exe
2014-10-14 17:55:39    43064    ----a-w-    C:\Windows\System32\drivers\avnetflt.sys
2014-10-14 17:55:37    119272    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-10-03 02:12:23    310272    ----a-w-    C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23    2020352    ----a-w-    C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22    346624    ----a-w-    C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22    181248    ----a-w-    C:\Windows\System32\WsmAuto.dll
2014-10-03 02:11:49    266240    ----a-w-    C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03    248832    ----a-w-    C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03    214016    ----a-w-    C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03    145920    ----a-w-    C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03    1177088    ----a-w-    C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:25    198656    ----a-w-    C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
.
============= FINISH: 19:33:13.36 ===============
 

 



BC AdBot (Login to Remove)

 


m

#2 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:07 PM

Posted 15 December 2014 - 05:33 PM

hi,

 

Your post is a few days old. If you still need help download and post a FRST log;

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version. Looks like you can run the 64bit version.

    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
    When the tool opens
    click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

In any case until we know more you shouldnt really even use the machine other than to get the download and post it. Make sure it has no internet connectivity when not in use.


How Can I Reduce My Risk to Malware?


#3 Bie76

Bie76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 16 December 2014 - 01:41 PM

Thank you very much!

I have another laptop on this IP adres. Do you want me to open a new post/topic for that device?

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Robbert (administrator) on R_BIEMANS on 16-12-2014 19:16:01
Running from C:\Users\Robbert\DOWNLOADS\Temp
Loaded Profile: Robbert (Available profiles: Robbert)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777296 2012-09-07] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [233472 2008-03-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\update\realsched.exe [295512 2013-09-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: F - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {02530171-4e4f-11e0-9365-88252c759705} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {0253017b-4e4f-11e0-9365-88252c759705} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {18407c55-4a3b-11e0-aeac-88252c759705} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {18407c5e-4a3b-11e0-aeac-88252c759705} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {1cf2af25-33a7-11e0-93dd-001e101f21c1} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {3161861e-4ed8-11e0-977a-001e101fe70e} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {4cca8377-3521-11e0-ba7f-88252c759705} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {598dcb17-7f2c-11e0-b60d-88ae1dec93d2} - F:\AutoRun.exe
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {85c8c25a-f716-11df-9bb0-88252c759705} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {85c8c269-f716-11df-9bb0-88252c759705} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {b5b86a3a-4a28-11e0-9228-806e6f6e6963} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {c0f01471-f8aa-11df-b357-fe5c0fa0446c} - F:\SISetup.exe
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {d8206bba-33a3-11e0-bd1a-88252c759705} - F:\AutoRun.exe
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {daecf36f-4b33-11e0-bd8a-88252c759705} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {ec8a0174-f971-11df-90d3-da72a8153a6d} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {ec8a0177-f971-11df-90d3-da72a8153a6d} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {fd09684f-4d52-11e0-911a-88252c759705} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {fd096862-4d52-11e0-911a-88252c759705} - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MountPoints2: {fd096885-4d52-11e0-911a-88252c759705} - F:\AutoRun.exe
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://ssl.bkg.nl/vpn/index.html
HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
SearchScopes: HKLM -> DefaultScope {9A1FBF03-AB8B-4FCD-A5EB-542B90C03B43} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9A1FBF03-AB8B-4FCD-A5EB-542B90C03B43} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {74512538-ED82-4909-A748-31BED4C04428} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {74512538-ED82-4909-A748-31BED4C04428} URL = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3974187381-1829032915-3856777887-1000 -> DefaultScope {A72CFDF2-E9CE-43BD-8A19-BA04C7ACCF58} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3974187381-1829032915-3856777887-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=GGSV5&o=101684&src=crm&q={searchTerms}&locale=nl_US&apn_ptnrs=G4&apn_dtid=YYYYYYYYTR&apn_uid=32B0138C-F7D5-4F15-AD7A-2F252DE4EFCE&apn_sauid=613074C1-D09C-4A96-BC7A-EB36D74F0DDC
SearchScopes: HKU\S-1-5-21-3974187381-1829032915-3856777887-1000 -> {1BB5BBDC-F19D-40F3-B673-CCC99A526CAE} URL = http://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_results&prt=mp3tubetbe&Keywords={searchTerms}&clid=b2d47303599243e4936e64afad0c50bc
SearchScopes: HKU\S-1-5-21-3974187381-1829032915-3856777887-1000 -> {74512538-ED82-4909-A748-31BED4C04428} URL =
SearchScopes: HKU\S-1-5-21-3974187381-1829032915-3856777887-1000 -> {8D3AB495-3D5A-4013-BCE8-8F42DEF3483B} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-3974187381-1829032915-3856777887-1000 -> {A72CFDF2-E9CE-43BD-8A19-BA04C7ACCF58} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3974187381-1829032915-3856777887-1000 -> {D1D626DA-37A5-450C-A35C-B703C6439508} URL = http://rover.ebay.com/rover/1/1346-71494-26233-7/4?satitle={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKU\S-1-5-21-3974187381-1829032915-3856777887-1000 -> No Name - {30F7565F-7C0C-4119-8421-CC7816CCA20E} -  No File
Toolbar: HKU\S-1-5-21-3974187381-1829032915-3856777887-1000 -> No Name - {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -  No File
Toolbar: HKU\S-1-5-21-3974187381-1829032915-3856777887-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3974187381-1829032915-3856777887-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.44.54

FireFox:
========
FF ProfilePath: C:\Users\Robbert\AppData\Roaming\Mozilla\Firefox\Profiles\ibovpfe8.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: chrome://fastdial/content/fastdial.html
FF Keyword.URL: hxxp://mp3tubetoolbar.com/?prt=mp3tubetbe&Keywords=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3974187381-1829032915-3856777887-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF user.js: detected! => C:\Users\Robbert\AppData\Roaming\Mozilla\Firefox\Profiles\ibovpfe8.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: United States English Spellchecker - C:\Users\Robbert\AppData\Roaming\Mozilla\Firefox\Profiles\ibovpfe8.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-11-11]
FF Extension: Fast Dial - C:\Users\Robbert\AppData\Roaming\Mozilla\Firefox\Profiles\ibovpfe8.default\Extensions\fastdial@telega.phpnet.us [2014-10-06]
FF Extension: DivX Web Player - C:\Users\Robbert\AppData\Roaming\Mozilla\Firefox\Profiles\ibovpfe8.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-09-15]
FF Extension: Adblock Plus - C:\Users\Robbert\AppData\Roaming\Mozilla\Firefox\Profiles\ibovpfe8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-10]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-21]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Robbert\AppData\Roaming\IDM\idmmzcc3

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-26] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1148632 2012-03-27] (Crawler.com)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-17] (Avira Operations GmbH & Co. KG)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2012-03-31] (Windows ® Win 7 DDK provider)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 Nbdrv; system32\DRIVERS\nbdrv.sys [X]
S3 RkHit; \??\C:\Windows\system32\drivers\RKHit.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 19:13 - 2014-12-16 19:16 - 00000000 ____D () C:\FRST
2014-12-16 19:03 - 2014-12-16 19:03 - 00000000 __SHD () C:\Users\Robbert\AppData\Local\EmieBrowserModeList
2014-12-13 20:19 - 2014-12-13 20:19 - 00003216 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3974187381-1829032915-3856777887-1000
2014-12-13 20:18 - 2014-12-13 20:18 - 00003346 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3974187381-1829032915-3856777887-1000
2014-12-11 19:33 - 2014-12-11 19:44 - 00027675 _____ () C:\Users\Robbert\Desktop\dds.txt
2014-12-11 19:33 - 2014-12-11 19:44 - 00004829 _____ () C:\Users\Robbert\Desktop\attach.txt
2014-12-11 19:30 - 2014-12-11 19:30 - 00688992 ____R (Swearware) C:\Users\Robbert\Desktop\dds.scr
2014-12-10 19:51 - 2014-12-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 19:08 - 2014-12-10 19:08 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 18:53 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 18:53 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 02:19 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 02:19 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 02:19 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 02:19 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 02:19 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 02:19 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 02:19 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 02:19 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 02:19 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 02:19 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 02:19 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 02:19 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 02:19 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 02:19 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 02:19 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 02:19 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 02:19 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 02:19 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 02:19 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 02:19 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 02:19 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 02:19 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 02:19 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 02:19 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 02:19 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 02:19 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 02:19 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 02:19 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 02:19 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 02:19 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 02:19 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 02:19 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 02:19 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 02:19 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 02:19 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 02:19 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 02:19 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 02:19 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 02:19 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 02:19 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 02:19 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 02:19 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 02:19 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 02:19 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 02:19 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 02:19 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 02:19 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 02:19 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 02:19 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 02:19 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 02:19 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 02:19 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 02:19 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 02:19 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 02:19 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 02:19 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 02:18 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 02:18 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 02:18 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 02:18 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 02:18 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 02:18 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 02:18 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 02:18 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 02:17 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 02:17 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 02:17 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 02:17 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 02:17 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 02:17 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 02:17 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 02:17 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 02:17 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 02:17 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 02:17 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 02:17 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 02:17 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 02:17 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 02:17 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 02:15 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 02:15 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-23 10:31 - 2014-12-14 21:43 - 00000000 ____D () C:\Windows\rescache
2014-11-22 06:20 - 2014-12-13 20:17 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Robbert.job
2014-11-22 06:20 - 2014-11-22 06:20 - 00003622 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Robbert
2014-11-22 06:20 - 2014-11-22 06:20 - 00002682 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Robbert
2014-11-22 06:19 - 2014-12-16 19:05 - 00002978 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Robbert
2014-11-22 06:19 - 2014-12-16 19:05 - 00002974 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Robbert
2014-11-22 06:19 - 2014-12-16 19:05 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Robbert.job
2014-11-22 06:19 - 2014-12-16 19:05 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Robbert.job
2014-11-21 20:49 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-21 20:49 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-21 20:49 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-21 20:49 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-21 20:49 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-21 20:47 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-21 20:47 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-21 20:47 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-21 20:47 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-21 20:47 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-21 20:47 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-21 20:47 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-21 20:47 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-21 20:47 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-21 20:47 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-21 20:47 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-21 20:47 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-21 20:47 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-21 20:47 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-21 20:46 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-21 20:46 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-21 20:46 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-21 20:46 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-21 20:46 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-21 20:46 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-21 20:46 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-21 20:46 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-21 20:45 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-21 20:45 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-21 20:45 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-21 20:45 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-21 20:45 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-21 20:45 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-21 20:45 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-21 20:45 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-21 20:45 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-21 20:45 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-21 20:45 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-21 20:45 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-21 20:44 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-21 20:44 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-21 20:44 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-21 20:44 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-21 20:44 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-21 20:43 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-21 20:43 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 19:16 - 2012-03-31 17:24 - 00000000 ____D () C:\Users\Robbert\Downloads\Temp
2014-12-16 19:14 - 2010-10-04 14:31 - 01570443 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 19:01 - 2009-07-14 10:16 - 00768128 _____ () C:\Windows\system32\perfh013.dat
2014-12-16 19:01 - 2009-07-14 10:16 - 00163062 _____ () C:\Windows\system32\perfc013.dat
2014-12-16 19:01 - 2009-07-14 06:13 - 01732574 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 18:58 - 2012-03-28 21:41 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-16 18:58 - 2011-05-12 14:17 - 00000470 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2014-12-16 18:58 - 2011-05-12 14:16 - 00000444 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
2014-12-14 18:02 - 2012-05-15 04:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-14 18:01 - 2012-05-15 04:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 18:01 - 2012-05-15 04:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-14 15:28 - 2014-05-19 22:40 - 00000000 ____D () C:\Users\Robbert\Documents\5. deruijter
2014-12-13 20:19 - 2014-09-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-12-13 20:19 - 2012-04-25 21:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-13 20:18 - 2012-03-31 21:08 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-12-12 18:25 - 2009-07-14 05:45 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-12 18:25 - 2009-07-14 05:45 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-12 18:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 18:18 - 2009-07-14 05:51 - 00129895 _____ () C:\Windows\setupact.log
2014-12-10 22:23 - 2012-03-28 21:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 22:23 - 2012-03-28 21:41 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 22:23 - 2011-06-01 15:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 19:08 - 2014-05-06 17:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 19:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 19:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 19:06 - 2013-08-15 19:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 18:55 - 2010-11-27 14:27 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-06 09:07 - 2010-10-04 14:45 - 02073566 _____ () C:\Windows\PFRO.log
2014-11-24 14:04 - 2010-11-25 06:11 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-22 22:40 - 2009-07-14 05:45 - 00288128 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Robbert\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\Robbert\AppData\Local\Temp\AskSLib.dll
C:\Users\Robbert\AppData\Local\Temp\avgnt.exe
C:\Users\Robbert\AppData\Local\Temp\ConfigurationWizard.exe
C:\Users\Robbert\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Robbert\AppData\Local\Temp\GdiPlus.dll
C:\Users\Robbert\AppData\Local\Temp\hcuninstaller_20140907_211439_8164.exe
C:\Users\Robbert\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\Robbert\AppData\Local\Temp\install_flashplayer11x32_mssd_aih_1.exe
C:\Users\Robbert\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Robbert\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Robbert\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Robbert\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Robbert\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Robbert\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Robbert\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Robbert\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Robbert\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Robbert\AppData\Local\Temp\lowproc.exe
C:\Users\Robbert\AppData\Local\Temp\muzaf1.dll
C:\Users\Robbert\AppData\Local\Temp\muzapp.dll
C:\Users\Robbert\AppData\Local\Temp\muzapp.exe
C:\Users\Robbert\AppData\Local\Temp\muzwmts.dll
C:\Users\Robbert\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\Robbert\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\Robbert\AppData\Local\Temp\ResetDevice.exe
C:\Users\Robbert\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Robbert\AppData\Local\Temp\stubhelper.dll
C:\Users\Robbert\AppData\Local\Temp\Uninstall.exe
C:\Users\Robbert\AppData\Local\Temp\utt2464.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 09:50

==================== End Of Log ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Robbert at 2014-12-16 19:17:55
Running from C:\Users\Robbert\DOWNLOADS\Temp
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Advanced Dungeons & Dragons Core Rules 2.0 Expansion (HKLM-x32\...\AD&D Core Rules 2.0 Expansion) (Version:  - )
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{AE4025FC-99DA-42AB-84CF-AD246C13FD1A}) (Version: 28.12.1.16851 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
EndNote X4 (HKLM-x32\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.2.5149 - Thomson Reuters)
FreeUndelete (HKLM-x32\...\FreeUndelete) (Version:  - )
Happy Cloud Client (HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\Heroes of Might and Magic 3 Complete_is1) (Version:  - GOG.com)
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.6.0 - )
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 nl) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 nl)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3974187381-1829032915-3856777887-1000\...\MyFreeCodec) (Version:  - )
Nero 9 Essentials (HKLM-x32\...\{3292a694-3a9b-4638-8a6b-d0289a2c6756}) (Version:  - Nero AG)
Nero BackItUp (HKLM-x32\...\{0420F95C-11FF-4E02-B967-6CC22B188F9F}) (Version: 5.2.21001 - Nero AG)
Nero BackItUp and Burn (HKLM-x32\...\{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}) (Version: 1.2.0030 - Nero AG)
Nero Express (HKLM-x32\...\{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}) (Version: 9.6.16000 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version:  - )
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.69 - Crawler.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.01.00 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.27C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD-waarschuwing (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.11 - TOSHIBA CORPORATION)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Windows Live - Hulpprogramma voor uploaden (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{CD19EDD9-1632-4002-9212-7478E4BA0423}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
ZoneAlarm Firewall (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.780.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-12-2014 17:00:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B4182DB-C405-4BBC-9359-9C45D7651FDD} - System32\Tasks\{35A24A0B-994F-4593-9E4A-3C30D778A114} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe" -c -runfromtemp -l0x0413
Task: {2DA70F37-0C60-4F8A-84F6-E7F8D2FEE7C1} - System32\Tasks\{69DECFA3-2DF2-4374-927C-2FF4589A1292} => C:\Program Files (x86)\Black Isle\Baldur's Gate\Baldur.exe
Task: {3038153A-4EDC-4E21-9CD2-A4EB18BA025C} - System32\Tasks\ReclaimerUpdateXML_Robbert => C:\Users\Robbert\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-21] (RealNetworks, Inc.)
Task: {36498204-9AAB-4E10-A9CE-9A561F3C39AC} - System32\Tasks\{6CCAC336-C9D6-4C87-BD52-35BC8973BC7C} => pcalua.exe -a "C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriver.exe"
Task: {43F8E265-4792-474E-8B8C-EBE2C90347E9} - System32\Tasks\ReclaimerUpdateFiles_Robbert => C:\Users\Robbert\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-21] (RealNetworks, Inc.)
Task: {5015918A-F0D1-453B-986C-7ACE3082ACE9} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
Task: {51B4CB55-8AB2-4973-81CB-C349CAC6977D} - System32\Tasks\{0464C34B-D08A-4617-B8F1-72910C0A978C} => pcalua.exe -a C:\Users\Robbert\Downloads\Programs\northern_lights_screensaver.exe -d C:\Users\Robbert\AppData\Roaming\IDM
Task: {52B6D2B3-4E12-43C5-82CA-C8B2FBAD0FCB} - System32\Tasks\{AA0FF1F8-CAF5-4790-9C65-6DAB8BCB251F} => pcalua.exe -a "E:\三星 CDMA系列\ALL SAMSUNG CDMA 1X\Usb_driver\SSCDUninstall.exe" -d "E:\三星 CDMA系列\ALL SAMSUNG CDMA 1X\Usb_driver"
Task: {55CA7E46-4296-4E5F-BBEE-67099D43033B} - System32\Tasks\{8F0247DB-0752-4089-B6E5-8ECFB9B66FD7} => C:\Program Files (x86)\Black Isle\Baldur's Gate\Baldur.exe
Task: {6493AA0A-AA48-4B90-8892-0DF0515B8F4E} - System32\Tasks\{26A8681C-11C8-477E-AAB5-F333931D773B} => pcalua.exe -a E:\setup.exe -d E:\
Task: {6BD322B4-F6FD-4CC6-83D9-792C73FCB007} - System32\Tasks\{A72B381F-C9B4-4195-8708-4A129BB9D9B2} => pcalua.exe -a C:\Users\Robbert\Downloads\Temp\Diablo-III-Setup-enGB.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {6E1216CC-5DD6-4D4D-8FEC-F064B1774617} - System32\Tasks\{43052C8D-FE38-4B11-84B5-0F9C3A564818} => C:\Program Files (x86)\Black Isle\Baldur's Gate\Baldur.exe
Task: {7622B02B-BA32-4971-A969-1D63AB2AE0F2} - System32\Tasks\{9FF0DAAF-01DF-4FDA-8555-F69873DCB529} => C:\Program Files (x86)\Black Isle\Baldur's Gate\Baldur.exe
Task: {7F722ACF-ECF6-45F3-A895-401FBD88FC63} - System32\Tasks\{8C254FA8-76B8-4930-9C84-77482C521E8E} => pcalua.exe -a C:\Users\Robbert\Downloads\BGTalesDX8English.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {8489DB23-9DBB-46E7-B6E9-156CD5D0C828} - System32\Tasks\{002807E5-4F69-4B86-BD0F-F8426DF69F3F} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {8D2E398B-3F0E-4CE7-977C-B027882770AC} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {904A5786-FEEE-4F7F-9D52-513F1EA181DA} - System32\Tasks\{8D31AF3D-0B90-4CE6-BF54-A459283259B2} => C:\Program Files (x86)\Black Isle\Baldur's Gate\Baldur.exe
Task: {93FFBAF7-79D8-4CA2-9BAD-0656C1BC4405} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3974187381-1829032915-3856777887-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A92F5184-7B48-4DD3-AA0A-36FC59D2BC3A} - System32\Tasks\{8E6571AC-688E-40E9-8465-C20E0199ABDE} => C:\Program Files (x86)\Black Isle\Baldur's Gate\Baldur.exe
Task: {ACE688EF-9780-4E18-B87A-914723ECF784} - System32\Tasks\{BA2C69DC-AA91-422E-B165-1A55D43A0C1F} => pcalua.exe -a C:\Users\Robbert\Desktop\New_PC_Studio_1.5.1.10064_2.exe -d C:\Users\Robbert\Desktop
Task: {B09BB2E8-0BF8-422D-84FE-04F17F897A78} - System32\Tasks\RNUpgradeHelperLogonPrompt_Robbert => C:\Users\Robbert\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-21] (RealNetworks, Inc.)
Task: {B1C659D4-3E0D-44CC-A2B8-85FAFDF547CE} - System32\Tasks\{A4EE68E3-25CF-4726-8496-5E3B9BDDB3FB} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.1.0.112.259&amp;LastError=12002
Task: {B42B580A-C586-4C43-8F48-99BE739F0ED4} - System32\Tasks\RNUpgradeHelperResumePrompt_Robbert => C:\Users\Robbert\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-21] (RealNetworks, Inc.)
Task: {B509D19C-B718-49DB-9013-E7D80CA004D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {B53C9D08-415C-4983-916E-A89C1A0F737B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B7637C64-E3BB-456D-8153-BF78582B3503} - System32\Tasks\{E2DDD898-F62C-4685-82BD-302D5D059363} => pcalua.exe -a "C:\Program Files\HP\HP LaserJet P1100 Series\Uninstall.exe"
Task: {B99C23D6-2D75-43D2-A07D-64111B964B52} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3974187381-1829032915-3856777887-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CCFB3F17-878B-47EE-BA9B-D96D927B759F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3974187381-1829032915-3856777887-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CEC21AE5-050D-456A-838D-CC758B4E5A6B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3974187381-1829032915-3856777887-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DEDF590B-3999-4525-A610-D19E46D5C210} - System32\Tasks\{82EF5BFD-C045-43DF-8BE2-A6833A101669} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.115/nl/go/help.faq.installer?LastError=1601
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Robbert.job => C:\Users\Robbert\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Robbert.job => C:\Users\Robbert\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Robbert.job => C:\Users\Robbert\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 08:12 - 2010-10-14 09:05 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-12-10 19:51 - 2014-12-10 19:51 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-10 22:23 - 2014-12-10 22:23 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Register Baldur's Gate: Tales of the Sword Coast.lnk
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3974187381-1829032915-3856777887-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3974187381-1829032915-3856777887-1005 - Limited - Enabled)
Gast (S-1-5-21-3974187381-1829032915-3856777887-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3974187381-1829032915-3856777887-1002 - Limited - Enabled)
Robbert (S-1-5-21-3974187381-1829032915-3856777887-1000 - Administrator - Enabled) => C:\Users\Robbert

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2014 07:15:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2 op regel C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/14/2014 09:36:49 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Kan activeringscontext voor 'assemblyIdentity1' niet maken. Fout in manifest of beleidsbestand 'assemblyIdentity2' op regel assemblyIdentity3.
De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR  van kenmerk version in element assemblyIdentity is ongeldig.

Error: (12/14/2014 09:34:09 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1' niet maken. Fout in manifest of beleidsbestand 'WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 op regel WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definitie is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (12/14/2014 09:34:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1' niet maken.
Kan afhankelijke assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error: (12/06/2014 07:32:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: plugin-container.exe, versie: 33.1.1.5430, tijdstempel: 0x54656826
Naam van module met fout: mozalloc.dll, versie: 33.1.1.5430, tijdstempel: 0x54654321
Uitzonderingscode: 0x80000003
Foutoffset: 0x00001425
Id van proces met fout: 0x13e0
Starttijd van toepassing met fout: 0xplugin-container.exe0
Pad naar toepassing met fout: plugin-container.exe1
Pad naar module met fout: plugin-container.exe2
Rapport-id: plugin-container.exe3

Error: (12/05/2014 03:47:37 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: De back-up is niet geslaagd. Fout: Er is onvoldoende ruimte beschikbaar op dit station om de back-up op te slaan. Maak schijfruimte vrij door oudere back-ups en onnodige items te verwijderen of wijzig uw instellingen voor back-ups. (0x81000005).

Error: (12/03/2014 08:59:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: firefox.exe, versie: 33.1.1.5430, tijdstempel: 0x5412599f
Naam van module met fout: mozjs.dll, versie: 0.0.0.0, tijdstempel: 0x54123e84
Uitzonderingscode: 0x80000003
Foutoffset: 0x0021ad19
Id van proces met fout: 0x14fc
Starttijd van toepassing met fout: 0xfirefox.exe0
Pad naar toepassing met fout: firefox.exe1
Pad naar module met fout: firefox.exe2
Rapport-id: firefox.exe3

Error: (11/22/2014 05:22:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1' niet maken.
Kan afhankelijke assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error: (11/22/2014 05:21:05 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1' niet maken. Fout in manifest of beleidsbestand 'WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 op regel WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definitie is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (11/22/2014 05:20:29 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Kan activeringscontext voor 'assemblyIdentity1' niet maken. Fout in manifest of beleidsbestand 'assemblyIdentity2' op regel assemblyIdentity3.
De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR  van kenmerk version in element assemblyIdentity is ongeldig.


System errors:
=============
Error: (12/13/2014 08:18:26 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: De HomeGroup Listener-service is gestopt met de specifieke servicefout %%-2147023143.

Error: (12/10/2014 07:13:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: De HomeGroup Listener-service is gestopt met de specifieke servicefout %%-2147023143.

Error: (12/10/2014 07:05:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (12/08/2014 08:01:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: WwanSvc.

Error: (12/07/2014 08:32:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: De HomeGroup Listener-service is gestopt met de specifieke servicefout %%-2147023143.

Error: (12/07/2014 07:40:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: AntiVirSchedulerService.

Error: (12/06/2014 09:54:34 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Bij de schaduwkopieën van volume C: zijn afgebroken omdat de schaduwkopieopslag niet kan worden uitgebreid vanwege een door de gebruiker opgelegde limiet.

Error: (12/06/2014 09:11:26 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: De HomeGroup Listener-service is gestopt met de specifieke servicefout %%-2147023143.

Error: (12/05/2014 03:23:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: AntiVirSchedulerService.

Error: (12/03/2014 08:30:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: AntiVirSchedulerService.


Microsoft Office Sessions:
=========================
Error: (12/16/2014 07:15:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Robbert\Downloads\Temp\SoftonicDownloader_for_usbtrace.exe

Error: (12/14/2014 09:36:49 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dllc:\program files (x86)\common files\adobe air\Versions\1.0\Adobe AIR.dll3

Error: (12/14/2014 09:34:09 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (12/14/2014 09:34:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (12/06/2014 07:32:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.1.543054656826mozalloc.dll33.1.1.543054654321800000030000142513e001d01182f54b79a6C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll401ed16b-7d76-11e4-b228-88ae1dec93d2

Error: (12/05/2014 03:47:37 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Er is onvoldoende ruimte beschikbaar op dit station om de back-up op te slaan. Maak schijfruimte vrij door oudere back-ups en onnodige items te verwijderen of wijzig uw instellingen voor back-ups. (0x81000005)

Error: (12/03/2014 08:59:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe33.1.1.54305412599fmozjs.dll0.0.0.054123e84800000030021ad1914fc01d00f338015e5c1C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\mozjs.dlle35c24ac-7b26-11e4-98ef-88ae1dec93d2

Error: (11/22/2014 05:22:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (11/22/2014 05:21:05 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (11/22/2014 05:20:29 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


CodeIntegrity Errors:
===================================
  Date: 2013-09-15 21:01:32.501
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2013-09-14 22:37:03.982
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2013-09-14 19:51:57.309
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2013-09-12 19:01:50.548
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2013-09-12 17:32:38.998
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2013-09-11 21:15:08.288
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2013-09-10 21:27:45.140
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2013-09-09 19:30:40.188
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2013-09-08 21:46:22.352
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2013-09-07 20:04:14.710
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 48%
Total physical RAM: 2936.88 MB
Available physical RAM: 1514.72 MB
Total Pagefile: 5871.95 MB
Available Pagefile: 3518.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:5.58 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4767BFE7)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files



#4 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:07 PM

Posted 16 December 2014 - 06:28 PM

hi,

 

 

I have another laptop on this IP adres. Do you want me to open a new post/topic for that device?

No, lets stick with this machine for now.

 

We are going to get three downloads for you to use. The first two will target adware. The last will scan for and remove malware. Lets see what these dig up and we will go from there. I still wouldnt be using the machine on the internet just yet. Not until we run some more tools.

 

The downloads;

 

1) Please download adwcleaner from here and save to your desktop.

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
    Allow the system to reboot. You will then be presented with the report at restart.  Copy & Paste this report on your next reply.

    http://www.bleepingcomputer.com/download/adwcleaner/

Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

 

2) Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Shutdown your antivirus to avoid any conflicts.
    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message


3) Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 
    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.


How Can I Reduce My Risk to Malware?


#5 Bie76

Bie76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 19 December 2014 - 05:13 PM

Hi,

 

Sorry for the delay, but I was working out of town dor the last couple of these. These are the logs:

 

# AdwCleaner v4.105 - Rapport aangemaakt 19/12/2014 op 21:35:51
# Laatste Update 08/12/2014 door Xplode
# Database : 2014-12-16.1 [Live]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : Robbert - R_BIEMANS
# Gestart vanuit : C:\Users\Robbert\Downloads\1. cleaning\AdwCleaner.exe
# Optie : Verwijderen

***** [ Services ] *****

Service Verwijderd : c2cautoupdatesvc
Service Verwijderd : c2cpnrsvc

***** [ Bestanden / Mappen ] *****

Map Verwijderd : C:\Users\Robbert\AppData\Local\Temp\mt_ffx
Map Verwijderd : C:\Users\Robbert\AppData\LocalLow\Check Point Software Technologies LTD
Map Verwijderd : C:\Users\Robbert\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Bestand Verwijderd : C:\Users\Robbert\AppData\Local\Temp\Uninstall.exe
Bestand Verwijderd : C:\Users\Robbert\AppData\Roaming\Mozilla\Firefox\Profiles\ibovpfe8.default\user.js

***** [ Taken ] *****


***** [ Snelkoppelingen ] *****


***** [ Register ] *****

Waarde Verwijderd : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{46897C77-E7A6-4C33-BFFB-E9C2E2718942}]
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Sleutel Verwijderd : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1BB5BBDC-F19D-40F3-B673-CCC99A526CAE}
Sleutel Verwijderd : HKCU\Software\Headlight
Sleutel Verwijderd : HKCU\Software\Myfree Codec
Sleutel Verwijderd : HKCU\Software\ParetoLogic
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Mp3Tube
Sleutel Verwijderd : HKLM\SOFTWARE\Myfree Codec
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 nl)

[ibovpfe8.default\prefs.js] - Regel verwijderd : user_pref("browser.search.defaultengine", "Ask.com");
[ibovpfe8.default\prefs.js] - Regel verwijderd : user_pref("browser.search.order.1", "Ask.com");
[ibovpfe8.default\prefs.js] - Regel verwijderd : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,fastdial%40telega.phpnet.us:4.12,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5");
[ibovpfe8.default\prefs.js] - Regel verwijderd : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112400690373183-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=04ddc06d00000000000088252c7[...]
[ibovpfe8.default\prefs.js] - Regel verwijderd : user_pref("extensions.zonealarm.tlbrsrchurl", "hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112400690373183-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=04ddc06d00000000000088252c7[...]
[ibovpfe8.default\prefs.js] - Regel verwijderd : user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?prt=mp3tubetbe&Keywords=");

*************************

AdwCleaner[R0].txt - [5422 octets] - [19/12/2014 21:23:35]
AdwCleaner[R1].txt - [5482 octets] - [19/12/2014 21:31:09]
AdwCleaner[S0].txt - [4958 octets] - [19/12/2014 21:35:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5018 octets] ##########

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Robbert on vr 19-12-2014 at 21:44:38.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Robbert\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Robbert\AppData\Roaming\mozilla\firefox\profiles\ibovpfe8.default\prefs.js

user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112400690373183-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=04
user_pref("extensions.zonealarm.tlbrsrchurl", "hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112400690373183-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=04
user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?prt=mp3tubetbe&Keywords=");
Emptied folder: C:\Users\Robbert\AppData\Roaming\mozilla\firefox\profiles\ibovpfe8.default\minidumps [115 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 19-12-2014 at 21:51:07.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19-12-2014
Scan Time: 22:35:46
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.09.19.05
Rootkit Database: v2014.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Robbert

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323072
Time Elapsed: 22 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.BundleInstaller.DW, C:\Users\Robbert\AppData\Local\Temp\D0MN3Vca.exe.part, Quarantined, [3ddf6f80c8b3c274a6898f86b74ace32],

Physical Sectors: 0
(No malicious items detected)


(end)



#6 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:07 PM

Posted 19 December 2014 - 09:50 PM

hi,

 

Looks like some adware type stuff was removed, no trojans though. Lets get another download thats specific for rootkits:

 

Download Malwarebytes Anti-Rootkit to your desktop.  BETA

http://www.malwarebytes.org/antirootkit/

    Double-click the icon to start the tool.
    It will ask you where to extract it, then it will start.
    Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    Click in the introduction screen "next" to continue.
    Click in the following screen "Update" to obtain the latest malware definitions.
    Once the update is complete select "Next" and click "Scan".
    When the scan is finished and no malware has been found select "Exit".
    If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    Open the MBAR folder and paste the content of the following files in your next reply:

    "mbar-log-{date} (xx-xx-xx).txt"
    "system-log.txt"


How Can I Reduce My Risk to Malware?


#7 Bie76

Bie76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 21 December 2014 - 09:48 AM

Hi,

 

This is what I did:

Downloaded the program. When installed it opened and I got the message in the attachment. I pressed yes. Then the program continued and I updated the program. Afther this I disconnected internet and switched of my virus scanner. Then I started scanning “drivers” “sectors” and “system”. These are the logs:

 

MBAR LOG:

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Robbert :: R_BIEMANS [administrator]

20-12-2014 17:05:43
mbar-log-2014-12-20 (17-05-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 339728
Time elapsed: 25 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

SYSTEM LOG

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 3079544832, free: 284819456

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 3079544832, free: 1073643520

=======================================

Attached Files


Edited by Bie76, 21 December 2014 - 09:49 AM.


#8 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:07 PM

Posted 21 December 2014 - 10:10 AM

I cant open that rootkitwarniong.doc you saved. I dont have MS Word installed. Can you find the log and just copy/paste it in your reply.

 


How Can I Reduce My Risk to Malware?


#9 Bie76

Bie76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 22 December 2014 - 01:02 PM

This is what the warning stated:

 

----------------------------------------------------------------------------------

Probable rootkit activity detected

--------------

"registry value "appInint_Dlls"has been found, which may be caused by rootkit activity.

 

Note: Press "no" button if yoi're not sure. If the tool crashess or terminates unexpectedly during a system scan, restartt the tool and press "Yes" should this message apear again.

 

Do you wantt to remove this value and restart the tool?

                                                               YES                          NO

----------------------------------------------------------------------------------



#10 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:07 PM

Posted 23 December 2014 - 09:30 AM

Thats not enough information to determine a rootkit, so you can click "no" if you havent already. Based on the log looks like you are clean now, no trojans anyway that are showing up. Maybe Avira solved the problem. I think we can remove the tools we used and call it quits.

 


How Can I Reduce My Risk to Malware?


#11 Bie76

Bie76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 24 December 2014 - 08:58 AM

Hi,

 

So if  I understand you right, there were no trojans of other malware on this machine? Since I did get the letter, on the gozi2 infection, from my internet provider I assume that concerns my friends laptop, on the same IP adress. Do I need to open a new topic to take a look at that machine?

beeing clean, my USB ports are still not working and my task manager is not properly displayed, any thuoghts on that? Normally I would re-install my system, to solve these problems, but without my USB ports I can not make a back-up of my pictures, music etc... Do you know other back-up option that |I should concider?

 

Anyway thank you and I will remove thhe tools we installed. Gtz



#12 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:07 PM

Posted 24 December 2014 - 11:03 AM

hi,

 

Yes, based on the logs your machine looks clean. We can get one more tool as a check for rootkits;

    Download TDSSKiller and save it to your desktop.

    http://www.bleepingcomputer.com/download/tdsskiller/

    Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    If an infected file is detected, the default action will be Cure, click on Continue.
    If a suspicious file is detected, the default action will be Skip, click on Continue.
    It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of     TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.



 You can start adwcleaner and use its uninstall button to remove it. Keep Malwarebytes and use it as a antimalware app. JRT.exe you can delete off the desktop. FRST you can delete off the desktop.

That picture you attached of taksmanager.doc, I cant open. Save it as a .png,jpeg or bmp then reattach it.

Another back up option would be CD/DVD media if you have a optical drive.

Another would be to upload items to free online storage sites. There are lots of sites that offer free storage. Once you do the reinstall just download the items to your machine. Encrypting items before uploading is a good idea, because they just reside on somebody elses hard drive

Or you could troubleshoot the USB problems:

http://www.allusb.com/troubleshooting

http://www.maximumpc.com/article/features/complete_guide_troubleshooting_usb_problems?page=0,0

Opening a new topic for the other machine would be good just to avoid having two topics running togeather.


How Can I Reduce My Risk to Malware?


#13 Bie76

Bie76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 27 December 2014 - 06:00 AM

Hi,

 

thanks for the tips!

This is the log:

11:37:07.0747 0x08f0  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
11:37:20.0038 0x08f0  ============================================================
11:37:20.0038 0x08f0  Current date / time: 2014/12/27 11:37:20.0038
11:37:20.0038 0x08f0  SystemInfo:
11:37:20.0038 0x08f0  
11:37:20.0038 0x08f0  OS Version: 6.1.7601 ServicePack: 1.0
11:37:20.0038 0x08f0  Product type: Workstation
11:37:20.0038 0x08f0  ComputerName: R_BIEMANS
11:37:20.0039 0x08f0  UserName: Robbert
11:37:20.0039 0x08f0  Windows directory: C:\Windows
11:37:20.0039 0x08f0  System windows directory: C:\Windows
11:37:20.0039 0x08f0  Running under WOW64
11:37:20.0039 0x08f0  Processor architecture: Intel x64
11:37:20.0039 0x08f0  Number of processors: 2
11:37:20.0039 0x08f0  Page size: 0x1000
11:37:20.0039 0x08f0  Boot type: Normal boot
11:37:20.0039 0x08f0  ============================================================
11:37:20.0829 0x08f0  KLMD registered as C:\Windows\system32\drivers\13138653.sys
11:37:21.0612 0x08f0  System UUID: {5593EEE3-297A-4388-D787-AB5D868CC6AF}
11:37:23.0594 0x08f0  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:37:23.0617 0x08f0  ============================================================
11:37:23.0617 0x08f0  \Device\Harddisk0\DR0:
11:37:23.0650 0x08f0  MBR partitions:
11:37:23.0650 0x08f0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000
11:37:23.0651 0x08f0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000
11:37:23.0651 0x08f0  ============================================================
11:37:23.0758 0x08f0  C: <-> \Device\Harddisk0\DR0\Partition1
11:37:23.0799 0x08f0  D: <-> \Device\Harddisk0\DR0\Partition2
11:37:23.0976 0x08f0  ============================================================
11:37:23.0977 0x08f0  Initialize success
11:37:23.0977 0x08f0  ============================================================
11:42:33.0593 0x0880  ============================================================
11:42:33.0593 0x0880  Scan started
11:42:33.0593 0x0880  Mode: Manual;
11:42:33.0593 0x0880  ============================================================
11:42:33.0593 0x0880  KSN ping started
11:42:47.0611 0x0880  KSN ping finished: true
11:42:50.0496 0x0880  ================ Scan system memory ========================
11:42:50.0496 0x0880  System memory - ok
11:42:50.0496 0x0880  ================ Scan services =============================
11:42:50.0755 0x0880  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:42:50.0766 0x0880  1394ohci - ok
11:42:50.0875 0x0880  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:42:50.0894 0x0880  ACPI - ok
11:42:50.0943 0x0880  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:42:50.0945 0x0880  AcpiPmi - ok
11:42:51.0091 0x0880  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:42:51.0095 0x0880  AdobeARMservice - ok
11:42:51.0319 0x0880  [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:42:51.0331 0x0880  AdobeFlashPlayerUpdateSvc - ok
11:42:51.0435 0x0880  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:42:51.0495 0x0880  adp94xx - ok
11:42:51.0562 0x0880  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:42:51.0582 0x0880  adpahci - ok
11:42:51.0604 0x0880  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:42:51.0610 0x0880  adpu320 - ok
11:42:51.0635 0x0880  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:42:51.0639 0x0880  AeLookupSvc - ok
11:42:51.0732 0x0880  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
11:42:51.0746 0x0880  AFD - ok
11:42:51.0826 0x0880  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
11:42:51.0830 0x0880  agp440 - ok
11:42:51.0866 0x0880  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
11:42:51.0871 0x0880  ALG - ok
11:42:51.0965 0x0880  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:42:51.0973 0x0880  aliide - ok
11:42:51.0989 0x0880  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:42:51.0992 0x0880  amdide - ok
11:42:52.0035 0x0880  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:42:52.0038 0x0880  AmdK8 - ok
11:42:52.0056 0x0880  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:42:52.0065 0x0880  AmdPPM - ok
11:42:52.0140 0x0880  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:42:52.0146 0x0880  amdsata - ok
11:42:52.0205 0x0880  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:42:52.0214 0x0880  amdsbs - ok
11:42:52.0258 0x0880  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:42:52.0261 0x0880  amdxata - ok
11:42:52.0363 0x0880  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:42:52.0406 0x0880  AntiVirSchedulerService - ok
11:42:52.0491 0x0880  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:42:52.0509 0x0880  AntiVirService - ok
11:42:52.0571 0x0880  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
11:42:52.0573 0x0880  AppID - ok
11:42:52.0587 0x0880  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:42:52.0589 0x0880  AppIDSvc - ok
11:42:52.0648 0x0880  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
11:42:52.0652 0x0880  Appinfo - ok
11:42:52.0709 0x0880  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:42:52.0724 0x0880  arc - ok
11:42:52.0746 0x0880  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:42:52.0761 0x0880  arcsas - ok
11:42:52.0980 0x0880  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:42:53.0085 0x0880  aspnet_state - ok
11:42:53.0138 0x0880  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:42:53.0147 0x0880  AsyncMac - ok
11:42:53.0182 0x0880  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:42:53.0191 0x0880  atapi - ok
11:42:53.0298 0x0880  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:42:53.0328 0x0880  AudioEndpointBuilder - ok
11:42:53.0351 0x0880  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:42:53.0366 0x0880  AudioSrv - ok
11:42:53.0447 0x0880  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:42:53.0453 0x0880  avgntflt - ok
11:42:53.0520 0x0880  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:42:53.0527 0x0880  avipbb - ok
11:42:53.0561 0x0880  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:42:53.0564 0x0880  avkmgr - ok
11:42:53.0632 0x0880  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:42:53.0639 0x0880  AxInstSV - ok
11:42:53.0704 0x0880  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
11:42:53.0729 0x0880  b06bdrv - ok
11:42:53.0767 0x0880  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:42:53.0809 0x0880  b57nd60a - ok
11:42:53.0856 0x0880  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:42:53.0860 0x0880  BDESVC - ok
11:42:53.0889 0x0880  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:42:53.0891 0x0880  Beep - ok
11:42:53.0993 0x0880  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
11:42:54.0022 0x0880  BFE - ok
11:42:54.0124 0x0880  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
11:42:54.0348 0x0880  BITS - ok
11:42:54.0378 0x0880  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:42:54.0384 0x0880  blbdrive - ok
11:42:54.0451 0x0880  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:42:54.0464 0x0880  bowser - ok
11:42:54.0516 0x0880  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:42:54.0523 0x0880  BrFiltLo - ok
11:42:54.0574 0x0880  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:42:54.0580 0x0880  BrFiltUp - ok
11:42:54.0650 0x0880  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
11:42:54.0657 0x0880  Browser - ok
11:42:54.0691 0x0880  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:42:54.0707 0x0880  Brserid - ok
11:42:54.0727 0x0880  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:42:54.0733 0x0880  BrSerWdm - ok
11:42:54.0747 0x0880  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:42:54.0752 0x0880  BrUsbMdm - ok
11:42:54.0773 0x0880  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:42:54.0777 0x0880  BrUsbSer - ok
11:42:54.0803 0x0880  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:42:54.0811 0x0880  BTHMODEM - ok
11:42:54.0850 0x0880  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
11:42:54.0854 0x0880  bthserv - ok
11:42:54.0882 0x0880  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:42:54.0890 0x0880  cdfs - ok
11:42:54.0958 0x0880  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:42:54.0966 0x0880  cdrom - ok
11:42:55.0041 0x0880  [ A965B206921C55F2D1481789D609B711, F981E78BA0FAAEE96F1EE2AD5D7E1E47CE9D94575B44A36D3983E21FEC097D23 ] CeKbFilter      C:\Windows\system32\DRIVERS\CeKbFilter.sys
11:42:55.0050 0x0880  CeKbFilter - ok
11:42:55.0118 0x0880  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:42:55.0122 0x0880  CertPropSvc - ok
11:42:55.0175 0x0880  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:42:55.0185 0x0880  circlass - ok
11:42:55.0228 0x0880  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
11:42:55.0237 0x0880  CLFS - ok
11:42:55.0318 0x0880  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:55.0359 0x0880  clr_optimization_v2.0.50727_32 - ok
11:42:55.0418 0x0880  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:42:55.0428 0x0880  clr_optimization_v2.0.50727_64 - ok
11:42:55.0560 0x0880  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:55.0659 0x0880  clr_optimization_v4.0.30319_32 - ok
11:42:55.0699 0x0880  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:42:55.0739 0x0880  clr_optimization_v4.0.30319_64 - ok
11:42:55.0780 0x0880  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:42:55.0788 0x0880  CmBatt - ok
11:42:55.0845 0x0880  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:42:55.0850 0x0880  cmdide - ok
11:42:55.0946 0x0880  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
11:42:55.0984 0x0880  CNG - ok
11:42:56.0027 0x0880  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:42:56.0057 0x0880  Compbatt - ok
11:42:56.0142 0x0880  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:42:56.0181 0x0880  CompositeBus - ok
11:42:56.0218 0x0880  COMSysApp - ok
11:42:56.0278 0x0880  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:42:56.0288 0x0880  crcdisk - ok
11:42:56.0409 0x0880  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:42:56.0418 0x0880  CryptSvc - ok
11:42:56.0506 0x0880  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:42:56.0532 0x0880  DcomLaunch - ok
11:42:56.0563 0x0880  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
11:42:56.0572 0x0880  defragsvc - ok
11:42:56.0637 0x0880  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:42:56.0652 0x0880  DfsC - ok
11:42:56.0674 0x0880  dgderdrv - ok
11:42:56.0747 0x0880  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
11:42:56.0761 0x0880  dg_ssudbus - ok
11:42:56.0833 0x0880  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:42:56.0848 0x0880  Dhcp - ok
11:42:56.0877 0x0880  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
11:42:56.0881 0x0880  discache - ok
11:42:56.0914 0x0880  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:42:56.0919 0x0880  Disk - ok
11:42:56.0987 0x0880  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:42:56.0996 0x0880  Dnscache - ok
11:42:57.0061 0x0880  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:42:57.0074 0x0880  dot3svc - ok
11:42:57.0143 0x0880  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
11:42:57.0152 0x0880  DPS - ok
11:42:57.0215 0x0880  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:42:57.0220 0x0880  drmkaud - ok
11:42:57.0325 0x0880  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:42:57.0350 0x0880  DXGKrnl - ok
11:42:57.0398 0x0880  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
11:42:57.0402 0x0880  EapHost - ok
11:42:57.0553 0x0880  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
11:42:57.0749 0x0880  ebdrv - ok
11:42:57.0817 0x0880  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
11:42:57.0820 0x0880  EFS - ok
11:42:57.0932 0x0880  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:42:57.0956 0x0880  ehRecvr - ok
11:42:57.0991 0x0880  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
11:42:57.0996 0x0880  ehSched - ok
11:42:58.0048 0x0880  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:42:58.0069 0x0880  elxstor - ok
11:42:58.0117 0x0880  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:42:58.0122 0x0880  ErrDev - ok
11:42:58.0199 0x0880  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
11:42:58.0210 0x0880  EventSystem - ok
11:42:58.0229 0x0880  ewusbnet - ok
11:42:58.0250 0x0880  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:42:58.0263 0x0880  exfat - ok
11:42:58.0285 0x0880  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:42:58.0297 0x0880  fastfat - ok
11:42:58.0401 0x0880  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
11:42:58.0419 0x0880  Fax - ok
11:42:58.0445 0x0880  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:42:58.0452 0x0880  fdc - ok
11:42:58.0491 0x0880  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
11:42:58.0493 0x0880  fdPHost - ok
11:42:58.0506 0x0880  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:42:58.0508 0x0880  FDResPub - ok
11:42:58.0525 0x0880  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:42:58.0534 0x0880  FileInfo - ok
11:42:58.0551 0x0880  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:42:58.0557 0x0880  Filetrace - ok
11:42:58.0575 0x0880  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:42:58.0581 0x0880  flpydisk - ok
11:42:58.0649 0x0880  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:42:58.0662 0x0880  FltMgr - ok
11:42:58.0721 0x0880  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
11:42:58.0751 0x0880  FontCache - ok
11:42:58.0839 0x0880  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:42:58.0932 0x0880  FontCache3.0.0.0 - ok
11:42:58.0972 0x0880  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:42:58.0985 0x0880  FsDepends - ok
11:42:59.0018 0x0880  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:42:59.0024 0x0880  Fs_Rec - ok
11:42:59.0100 0x0880  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:42:59.0110 0x0880  fvevol - ok
11:42:59.0135 0x0880  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:42:59.0148 0x0880  gagp30kx - ok
11:42:59.0245 0x0880  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:42:59.0274 0x0880  gpsvc - ok
11:42:59.0303 0x0880  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:42:59.0310 0x0880  hcw85cir - ok
11:42:59.0404 0x0880  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:42:59.0452 0x0880  HdAudAddService - ok
11:42:59.0486 0x0880  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:42:59.0490 0x0880  HDAudBus - ok
11:42:59.0507 0x0880  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:42:59.0546 0x0880  HidBatt - ok
11:42:59.0581 0x0880  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:42:59.0594 0x0880  HidBth - ok
11:42:59.0612 0x0880  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:42:59.0623 0x0880  HidIr - ok
11:42:59.0649 0x0880  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
11:42:59.0654 0x0880  hidserv - ok
11:42:59.0725 0x0880  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:42:59.0734 0x0880  HidUsb - ok
11:42:59.0795 0x0880  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:42:59.0801 0x0880  hkmsvc - ok
11:42:59.0861 0x0880  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:42:59.0874 0x0880  HomeGroupListener - ok
11:42:59.0934 0x0880  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:42:59.0945 0x0880  HomeGroupProvider - ok
11:43:00.0024 0x0880  [ 53DCA61931847E35C950504BFB7559C6, 3F57CE29B52D32F7061407B63C4A9786F5B623E9F9F1121B02182DE044110D08 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
11:43:00.0032 0x0880  HP LaserJet Service - ok
11:43:00.0075 0x0880  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:43:00.0085 0x0880  HpSAMD - ok
11:43:00.0171 0x0880  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:43:00.0191 0x0880  HTTP - ok
11:43:00.0220 0x0880  hwdatacard - ok
11:43:00.0273 0x0880  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:43:00.0275 0x0880  hwpolicy - ok
11:43:00.0290 0x0880  hwusbdev - ok
11:43:00.0317 0x0880  hwusbfake - ok
11:43:00.0384 0x0880  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:43:00.0401 0x0880  i8042prt - ok
11:43:00.0475 0x0880  [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
11:43:00.0484 0x0880  iaStor - ok
11:43:00.0562 0x0880  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:43:00.0613 0x0880  iaStorV - ok
11:43:00.0788 0x0880  [ 4DE2EE2A5186D74BABC4E7F60D2AE989, F73E69A95EB532982567BE045F9316CA89E80E272209D259647D124752EFA24E ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
11:43:00.0834 0x0880  IconMan_R - ok
11:43:00.0989 0x0880  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:43:01.0045 0x0880  IDriverT - ok
11:43:01.0167 0x0880  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:43:01.0251 0x0880  idsvc - ok
11:43:01.0341 0x0880  IEEtwCollectorService - ok
11:43:01.0773 0x0880  [ 898AB5BFED7040D7AB07AF01885EB944, 72B140D6A62A8AF9439FA7061D8014EE7D1D49EC9EE6524881749A7C85926721 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
11:43:02.0306 0x0880  igfx - ok
11:43:02.0379 0x0880  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:43:02.0416 0x0880  iirsp - ok
11:43:02.0539 0x0880  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
11:43:02.0561 0x0880  IKEEXT - ok
11:43:02.0736 0x0880  [ E8017F1662D9142F45CEAB694D013C00, 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:43:02.0903 0x0880  IntcAzAudAddService - ok
11:43:02.0975 0x0880  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:43:02.0984 0x0880  intelide - ok
11:43:03.0030 0x0880  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:43:03.0034 0x0880  intelppm - ok
11:43:03.0064 0x0880  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:43:03.0071 0x0880  IPBusEnum - ok
11:43:03.0125 0x0880  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:43:03.0139 0x0880  IpFilterDriver - ok
11:43:03.0222 0x0880  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:43:03.0239 0x0880  iphlpsvc - ok
11:43:03.0289 0x0880  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:43:03.0305 0x0880  IPMIDRV - ok
11:43:03.0343 0x0880  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:43:03.0358 0x0880  IPNAT - ok
11:43:03.0388 0x0880  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:43:03.0396 0x0880  IRENUM - ok
11:43:03.0459 0x0880  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:43:03.0465 0x0880  isapnp - ok
11:43:03.0519 0x0880  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:43:03.0535 0x0880  iScsiPrt - ok
11:43:03.0563 0x0880  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:43:03.0571 0x0880  kbdclass - ok
11:43:03.0626 0x0880  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:43:03.0635 0x0880  kbdhid - ok
11:43:03.0663 0x0880  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
11:43:03.0667 0x0880  KeyIso - ok
11:43:03.0730 0x0880  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:43:03.0745 0x0880  KSecDD - ok
11:43:03.0807 0x0880  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:43:03.0826 0x0880  KSecPkg - ok
11:43:03.0850 0x0880  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:43:03.0856 0x0880  ksthunk - ok
11:43:03.0889 0x0880  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:43:03.0948 0x0880  KtmRm - ok
11:43:04.0047 0x0880  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:43:04.0076 0x0880  LanmanServer - ok
11:43:04.0136 0x0880  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:43:04.0179 0x0880  LanmanWorkstation - ok
11:43:04.0254 0x0880  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:43:04.0266 0x0880  lltdio - ok
11:43:04.0302 0x0880  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:43:04.0337 0x0880  lltdsvc - ok
11:43:04.0351 0x0880  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:43:04.0353 0x0880  lmhosts - ok
11:43:04.0420 0x0880  [ 2825A71E7501CB33B3B9F856610C729D, 2DE885B5D56F763F6A78EA31FC770930F8E87A8385926A809BA36ECA52EAD430 ] LPCFilter       C:\Windows\system32\DRIVERS\LPCFilter.sys
11:43:04.0432 0x0880  LPCFilter - ok
11:43:04.0487 0x0880  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:43:04.0502 0x0880  LSI_FC - ok
11:43:04.0543 0x0880  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:43:04.0557 0x0880  LSI_SAS - ok
11:43:04.0582 0x0880  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:43:04.0595 0x0880  LSI_SAS2 - ok
11:43:04.0624 0x0880  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:43:04.0634 0x0880  LSI_SCSI - ok
11:43:04.0662 0x0880  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
11:43:04.0673 0x0880  luafv - ok
11:43:04.0728 0x0880  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:43:04.0753 0x0880  Mcx2Svc - ok
11:43:04.0790 0x0880  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:43:04.0797 0x0880  megasas - ok
11:43:04.0826 0x0880  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:43:04.0878 0x0880  MegaSR - ok
11:43:04.0940 0x0880  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
11:43:04.0946 0x0880  MMCSS - ok
11:43:04.0966 0x0880  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
11:43:04.0977 0x0880  Modem - ok
11:43:05.0003 0x0880  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:43:05.0006 0x0880  monitor - ok
11:43:05.0031 0x0880  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:43:05.0043 0x0880  mouclass - ok
11:43:05.0074 0x0880  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:43:05.0080 0x0880  mouhid - ok
11:43:05.0156 0x0880  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:43:05.0162 0x0880  mountmgr - ok
11:43:05.0309 0x0880  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:43:05.0316 0x0880  MozillaMaintenance - ok
11:43:05.0339 0x0880  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:43:05.0360 0x0880  mpio - ok
11:43:05.0406 0x0880  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:43:05.0418 0x0880  mpsdrv - ok
11:43:05.0503 0x0880  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:43:05.0525 0x0880  MpsSvc - ok
11:43:05.0587 0x0880  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:43:05.0606 0x0880  MRxDAV - ok
11:43:05.0672 0x0880  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:43:05.0693 0x0880  mrxsmb - ok
11:43:05.0750 0x0880  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:43:05.0765 0x0880  mrxsmb10 - ok
11:43:05.0785 0x0880  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:43:05.0795 0x0880  mrxsmb20 - ok
11:43:05.0842 0x0880  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:43:05.0852 0x0880  msahci - ok
11:43:05.0906 0x0880  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:43:05.0925 0x0880  msdsm - ok
11:43:05.0948 0x0880  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
11:43:05.0965 0x0880  MSDTC - ok
11:43:06.0009 0x0880  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:43:06.0015 0x0880  Msfs - ok
11:43:06.0035 0x0880  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:43:06.0066 0x0880  mshidkmdf - ok
11:43:06.0118 0x0880  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:43:06.0127 0x0880  msisadrv - ok
11:43:06.0161 0x0880  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:43:06.0189 0x0880  MSiSCSI - ok
11:43:06.0197 0x0880  msiserver - ok
11:43:06.0228 0x0880  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:43:06.0233 0x0880  MSKSSRV - ok
11:43:06.0260 0x0880  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:43:06.0265 0x0880  MSPCLOCK - ok
11:43:06.0283 0x0880  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:43:06.0287 0x0880  MSPQM - ok
11:43:06.0366 0x0880  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:43:06.0386 0x0880  MsRPC - ok
11:43:06.0446 0x0880  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:43:06.0449 0x0880  mssmbios - ok
11:43:06.0486 0x0880  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:43:06.0493 0x0880  MSTEE - ok
11:43:06.0514 0x0880  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:43:06.0519 0x0880  MTConfig - ok
11:43:06.0540 0x0880  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
11:43:06.0548 0x0880  Mup - ok
11:43:06.0604 0x0880  [ 8FA52B6049596FE2FDBC8A5E8B14EBFC, FACCD41E32EB43506B3F375639CD4C9FE8818FCF76E12236FAC7E4254315BFE9 ] mvusbews        C:\Windows\system32\Drivers\mvusbews.sys
11:43:06.0613 0x0880  mvusbews - ok
11:43:06.0698 0x0880  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
11:43:06.0714 0x0880  napagent - ok
11:43:06.0763 0x0880  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:43:06.0772 0x0880  NativeWifiP - ok
11:43:06.0781 0x0880  Nbdrv - ok
11:43:06.0891 0x0880  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:43:06.0922 0x0880  NDIS - ok
11:43:06.0968 0x0880  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:43:06.0974 0x0880  NdisCap - ok
11:43:07.0010 0x0880  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:43:07.0016 0x0880  NdisTapi - ok
11:43:07.0088 0x0880  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:43:07.0099 0x0880  Ndisuio - ok
11:43:07.0158 0x0880  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:43:07.0178 0x0880  NdisWan - ok
11:43:07.0233 0x0880  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:43:07.0245 0x0880  NDProxy - ok
11:43:07.0351 0x0880  [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
11:43:07.0380 0x0880  Nero BackItUp Scheduler 4.0 - ok
11:43:07.0419 0x0880  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:43:07.0426 0x0880  NetBIOS - ok
11:43:07.0484 0x0880  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:43:07.0491 0x0880  NetBT - ok
11:43:07.0540 0x0880  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
11:43:07.0542 0x0880  Netlogon - ok
11:43:07.0593 0x0880  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
11:43:07.0609 0x0880  Netman - ok
11:43:07.0695 0x0880  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:43:07.0790 0x0880  NetMsmqActivator - ok
11:43:07.0801 0x0880  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:43:07.0808 0x0880  NetPipeActivator - ok
11:43:07.0876 0x0880  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
11:43:07.0889 0x0880  netprofm - ok
11:43:07.0962 0x0880  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:43:07.0968 0x0880  NetTcpActivator - ok
11:43:07.0980 0x0880  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:43:07.0986 0x0880  NetTcpPortSharing - ok
11:43:08.0015 0x0880  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:43:08.0023 0x0880  nfrd960 - ok
11:43:08.0051 0x0880  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:43:08.0061 0x0880  NlaSvc - ok
11:43:08.0077 0x0880  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:43:08.0083 0x0880  Npfs - ok
11:43:08.0103 0x0880  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
11:43:08.0106 0x0880  nsi - ok
11:43:08.0123 0x0880  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:43:08.0125 0x0880  nsiproxy - ok
11:43:08.0304 0x0880  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:43:08.0346 0x0880  Ntfs - ok
11:43:08.0372 0x0880  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
11:43:08.0376 0x0880  Null - ok
11:43:08.0434 0x0880  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:43:08.0450 0x0880  nvraid - ok
11:43:08.0531 0x0880  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:43:08.0576 0x0880  nvstor - ok
11:43:08.0673 0x0880  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:43:08.0714 0x0880  nv_agp - ok
11:43:08.0761 0x0880  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:43:08.0775 0x0880  ohci1394 - ok
11:43:08.0847 0x0880  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:43:08.0896 0x0880  ose - ok
11:43:08.0967 0x0880  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:43:08.0999 0x0880  p2pimsvc - ok
11:43:09.0041 0x0880  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
11:43:09.0053 0x0880  p2psvc - ok
11:43:09.0088 0x0880  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:43:09.0097 0x0880  Parport - ok
11:43:09.0155 0x0880  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:43:09.0170 0x0880  partmgr - ok
11:43:09.0236 0x0880  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:43:09.0248 0x0880  PcaSvc - ok
11:43:09.0316 0x0880  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
11:43:09.0337 0x0880  pci - ok
11:43:09.0389 0x0880  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
11:43:09.0397 0x0880  pciide - ok
11:43:09.0447 0x0880  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:43:09.0469 0x0880  pcmcia - ok
11:43:09.0481 0x0880  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:43:09.0491 0x0880  pcw - ok
11:43:09.0579 0x0880  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:43:09.0612 0x0880  PEAUTH - ok
11:43:09.0686 0x0880  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:43:09.0691 0x0880  PerfHost - ok
11:43:09.0796 0x0880  [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
11:43:09.0806 0x0880  PGEffect - ok
11:43:09.0924 0x0880  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
11:43:09.0960 0x0880  pla - ok
11:43:10.0064 0x0880  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:43:10.0084 0x0880  PlugPlay - ok
11:43:10.0118 0x0880  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:43:10.0122 0x0880  PNRPAutoReg - ok
11:43:10.0150 0x0880  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:43:10.0159 0x0880  PNRPsvc - ok
11:43:10.0230 0x0880  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:43:10.0243 0x0880  PolicyAgent - ok
11:43:10.0273 0x0880  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
11:43:10.0280 0x0880  Power - ok
11:43:10.0348 0x0880  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:43:10.0365 0x0880  PptpMiniport - ok
11:43:10.0398 0x0880  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:43:10.0407 0x0880  Processor - ok
11:43:10.0470 0x0880  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:43:10.0483 0x0880  ProfSvc - ok
11:43:10.0496 0x0880  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:43:10.0499 0x0880  ProtectedStorage - ok
11:43:10.0565 0x0880  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:43:10.0572 0x0880  Psched - ok
11:43:10.0654 0x0880  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:43:10.0776 0x0880  ql2300 - ok
11:43:10.0803 0x0880  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:43:10.0816 0x0880  ql40xx - ok
11:43:10.0860 0x0880  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
11:43:10.0868 0x0880  QWAVE - ok
11:43:10.0904 0x0880  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:43:10.0910 0x0880  QWAVEdrv - ok
11:43:10.0931 0x0880  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:43:10.0958 0x0880  RasAcd - ok
11:43:11.0001 0x0880  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:43:11.0013 0x0880  RasAgileVpn - ok
11:43:11.0032 0x0880  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
11:43:11.0037 0x0880  RasAuto - ok
11:43:11.0106 0x0880  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:43:11.0124 0x0880  Rasl2tp - ok
11:43:11.0202 0x0880  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
11:43:11.0214 0x0880  RasMan - ok
11:43:11.0242 0x0880  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:43:11.0253 0x0880  RasPppoe - ok
11:43:11.0280 0x0880  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:43:11.0290 0x0880  RasSstp - ok
11:43:11.0310 0x0880  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:43:11.0328 0x0880  rdbss - ok
11:43:11.0351 0x0880  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:43:11.0356 0x0880  rdpbus - ok
11:43:11.0372 0x0880  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:43:11.0373 0x0880  RDPCDD - ok
11:43:11.0400 0x0880  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:43:11.0402 0x0880  RDPENCDD - ok
11:43:11.0410 0x0880  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:43:11.0414 0x0880  RDPREFMP - ok
11:43:11.0490 0x0880  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:43:11.0495 0x0880  RdpVideoMiniport - ok
11:43:11.0558 0x0880  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:43:11.0576 0x0880  RDPWD - ok
11:43:11.0657 0x0880  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:43:11.0680 0x0880  rdyboost - ok
11:43:11.0762 0x0880  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
11:43:11.0765 0x0880  RealNetworks Downloader Resolver Service - ok
11:43:11.0795 0x0880  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:43:11.0804 0x0880  RemoteAccess - ok
11:43:11.0838 0x0880  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:43:11.0847 0x0880  RemoteRegistry - ok
11:43:11.0868 0x0880  RkHit - ok
11:43:11.0901 0x0880  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:43:11.0905 0x0880  RpcEptMapper - ok
11:43:11.0934 0x0880  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
11:43:11.0940 0x0880  RpcLocator - ok
11:43:12.0019 0x0880  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
11:43:12.0043 0x0880  RpcSs - ok
11:43:12.0078 0x0880  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:43:12.0086 0x0880  rspndr - ok
11:43:12.0172 0x0880  [ 907C4464381B5EBDFDC60F6C7D0DEDFC, A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
11:43:12.0183 0x0880  RSUSBSTOR - ok
11:43:12.0251 0x0880  [ 4FE1CEF69D36E913738234303986FBB3, 595002FD2B6D1545DE0FF7761DAA70776DA752E759D255A54A3A117AF02DE9B3 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
11:43:12.0269 0x0880  RTL8167 - ok
11:43:12.0380 0x0880  [ FFC748D848740D1BC8F330A8879C2674, 1D6DF95585D742329FF32E45E9A53EF80DE8E17F46BF12408638CCFC1576EB90 ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
11:43:12.0432 0x0880  RTL8192Ce - ok
11:43:12.0463 0x0880  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
11:43:12.0465 0x0880  SamSs - ok
11:43:12.0511 0x0880  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:43:12.0521 0x0880  sbp2port - ok
11:43:12.0546 0x0880  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:43:12.0553 0x0880  SCardSvr - ok
11:43:12.0622 0x0880  [ 4DFE7ADB4188F01ACE51F9AA7C6A2924, 3918586A9CE28C778257DB0020B010AD86A8D7E82A1F73678E6E57B9B8F19715 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
11:43:12.0635 0x0880  SCDEmu - ok
11:43:12.0696 0x0880  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:43:12.0707 0x0880  scfilter - ok
11:43:12.0823 0x0880  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
11:43:12.0853 0x0880  Schedule - ok
11:43:12.0908 0x0880  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:43:12.0911 0x0880  SCPolicySvc - ok
11:43:12.0977 0x0880  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:43:12.0988 0x0880  SDRSVC - ok
11:43:13.0024 0x0880  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:43:13.0032 0x0880  secdrv - ok
11:43:13.0093 0x0880  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
11:43:13.0099 0x0880  seclogon - ok
11:43:13.0138 0x0880  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
11:43:13.0145 0x0880  SENS - ok
11:43:13.0165 0x0880  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:43:13.0171 0x0880  SensrSvc - ok
11:43:13.0204 0x0880  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:43:13.0212 0x0880  Serenum - ok
11:43:13.0253 0x0880  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:43:13.0291 0x0880  Serial - ok
11:43:13.0348 0x0880  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:43:13.0356 0x0880  sermouse - ok
11:43:13.0451 0x0880  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
11:43:13.0460 0x0880  SessionEnv - ok
11:43:13.0534 0x0880  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:43:13.0571 0x0880  sffdisk - ok
11:43:13.0605 0x0880  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:43:13.0634 0x0880  sffp_mmc - ok
11:43:13.0662 0x0880  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:43:13.0668 0x0880  sffp_sd - ok
11:43:13.0712 0x0880  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:43:13.0719 0x0880  sfloppy - ok
11:43:13.0773 0x0880  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:43:13.0787 0x0880  SharedAccess - ok
11:43:13.0864 0x0880  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:43:13.0880 0x0880  ShellHWDetection - ok
11:43:13.0897 0x0880  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:43:13.0904 0x0880  SiSRaid2 - ok
11:43:13.0919 0x0880  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:43:13.0928 0x0880  SiSRaid4 - ok
11:43:13.0966 0x0880  [ 55C26C510199730D3EB87DB9CB77ED29, 5DAEF4463577F36DEF54231E76434CD7EF3C4A496D3B7685E12A45E0E605F686 ] SIUSBXP         C:\Windows\system32\drivers\SiUSBXp.sys
11:43:13.0971 0x0880  SIUSBXP - ok
11:43:14.0128 0x0880  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:43:14.0142 0x0880  SkypeUpdate - ok
11:43:14.0171 0x0880  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:43:14.0180 0x0880  Smb - ok
11:43:14.0221 0x0880  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:43:14.0228 0x0880  SNMPTRAP - ok
11:43:14.0252 0x0880  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:43:14.0257 0x0880  spldr - ok
11:43:14.0342 0x0880  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
11:43:14.0368 0x0880  Spooler - ok
11:43:14.0553 0x0880  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
11:43:14.0682 0x0880  sppsvc - ok
11:43:14.0715 0x0880  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:43:14.0719 0x0880  sppuinotify - ok
11:43:14.0760 0x0880  [ B9657A0AFF28C1CB114ACC0CB93EE4BB, 619DE6438827A648566CB6F6407DF30E3BBCE345775B0154D883A48E244A62EE ] sp_rsdrv2       C:\Windows\system32\DRIVERS\stflt.sys
11:43:14.0768 0x0880  sp_rsdrv2 - ok
11:43:14.0845 0x0880  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:43:14.0879 0x0880  srv - ok
11:43:14.0906 0x0880  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:43:14.0927 0x0880  srv2 - ok
11:43:14.0941 0x0880  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:43:14.0955 0x0880  srvnet - ok
11:43:14.0990 0x0880  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:43:14.0997 0x0880  SSDPSRV - ok
11:43:15.0016 0x0880  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:43:15.0020 0x0880  SstpSvc - ok
11:43:15.0110 0x0880  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
11:43:15.0130 0x0880  ssudmdm - ok
11:43:15.0228 0x0880  [ 81873573D9C349330D5991815D3E946D, 1A586B37D70E412A40E4D203C20F9D6CDCCB8103D0FDDEC3FE26F701BA98696F ] ST2012_Svc      C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
11:43:15.0256 0x0880  ST2012_Svc - ok
11:43:15.0286 0x0880  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:43:15.0293 0x0880  stexstor - ok
11:43:15.0396 0x0880  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
11:43:15.0416 0x0880  stisvc - ok
11:43:15.0478 0x0880  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:43:15.0486 0x0880  swenum - ok
11:43:15.0551 0x0880  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
11:43:15.0576 0x0880  swprv - ok
11:43:15.0654 0x0880  [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:43:15.0679 0x0880  SynTP - ok
11:43:15.0794 0x0880  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
11:43:15.0837 0x0880  SysMain - ok
11:43:15.0890 0x0880  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:43:15.0898 0x0880  TabletInputService - ok
11:43:15.0923 0x0880  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:43:15.0933 0x0880  TapiSrv - ok
11:43:15.0959 0x0880  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
11:43:15.0964 0x0880  TBS - ok
11:43:16.0084 0x0880  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:43:16.0130 0x0880  Tcpip - ok
11:43:16.0238 0x0880  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:43:16.0276 0x0880  TCPIP6 - ok
11:43:16.0345 0x0880  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:43:16.0356 0x0880  tcpipreg - ok
11:43:16.0402 0x0880  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:43:16.0409 0x0880  TDPIPE - ok
11:43:16.0464 0x0880  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:43:16.0471 0x0880  TDTCP - ok
11:43:16.0534 0x0880  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:43:16.0548 0x0880  tdx - ok
11:43:16.0602 0x0880  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:43:16.0613 0x0880  TermDD - ok
11:43:16.0700 0x0880  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
11:43:16.0725 0x0880  TermService - ok
11:43:16.0817 0x0880  [ 48D9D00C2E0E72C3D4F52772C80355F6, 86F281C7F5FA2FCF1A36C69DD6561531E48483CACB8A873B955F7E93D9A1D259 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
11:43:16.0825 0x0880  TFsExDisk - ok
11:43:16.0866 0x0880  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
11:43:16.0873 0x0880  Themes - ok
11:43:16.0909 0x0880  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
11:43:16.0914 0x0880  THREADORDER - ok
11:43:17.0029 0x0880  [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:43:17.0036 0x0880  TOSHIBA HDD SSD Alert Service - ok
11:43:17.0067 0x0880  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
11:43:17.0072 0x0880  TrkWks - ok
11:43:17.0163 0x0880  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:43:17.0171 0x0880  TrustedInstaller - ok
11:43:17.0233 0x0880  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:43:17.0239 0x0880  tssecsrv - ok
11:43:17.0315 0x0880  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:43:17.0329 0x0880  TsUsbFlt - ok
11:43:17.0413 0x0880  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:43:17.0420 0x0880  tunnel - ok
11:43:17.0517 0x0880  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
11:43:17.0525 0x0880  TVALZ - ok
11:43:17.0556 0x0880  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:43:17.0567 0x0880  uagp35 - ok
11:43:17.0641 0x0880  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:43:17.0663 0x0880  udfs - ok
11:43:17.0692 0x0880  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:43:17.0696 0x0880  UI0Detect - ok
11:43:17.0726 0x0880  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:43:17.0735 0x0880  uliagpkx - ok
11:43:17.0787 0x0880  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
11:43:17.0800 0x0880  umbus - ok
11:43:17.0831 0x0880  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:43:17.0839 0x0880  UmPass - ok
11:43:17.0879 0x0880  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
11:43:17.0890 0x0880  upnphost - ok
11:43:17.0951 0x0880  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:43:17.0964 0x0880  usbccgp - ok
11:43:18.0035 0x0880  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:43:18.0053 0x0880  usbcir - ok
11:43:18.0080 0x0880  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:43:18.0084 0x0880  usbehci - ok
11:43:18.0124 0x0880  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:43:18.0139 0x0880  usbhub - ok
11:43:18.0160 0x0880  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:43:18.0191 0x0880  usbohci - ok
11:43:18.0249 0x0880  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:43:18.0258 0x0880  usbprint - ok
11:43:18.0350 0x0880  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:43:18.0365 0x0880  USBSTOR - ok
11:43:18.0388 0x0880  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:43:18.0391 0x0880  usbuhci - ok
11:43:18.0458 0x0880  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:43:18.0467 0x0880  usbvideo - ok
11:43:18.0492 0x0880  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
11:43:18.0498 0x0880  UxSms - ok
11:43:18.0504 0x0880  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
11:43:18.0507 0x0880  VaultSvc - ok
11:43:18.0572 0x0880  [ FD911873C0BB6945FA38C16E9A2B58F9, EF8C833321449A6E8B671890F2EBC82ABC276B890D274AADDB626D763EE98964 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
11:43:18.0582 0x0880  VClone - ok
11:43:18.0609 0x0880  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:43:18.0620 0x0880  vdrvroot - ok
11:43:18.0707 0x0880  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
11:43:18.0733 0x0880  vds - ok
11:43:18.0767 0x0880  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:43:18.0773 0x0880  vga - ok
11:43:18.0796 0x0880  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:43:18.0803 0x0880  VgaSave - ok
11:43:18.0864 0x0880  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:43:18.0874 0x0880  vhdmp - ok
11:43:18.0935 0x0880  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:43:18.0944 0x0880  viaide - ok
11:43:18.0964 0x0880  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:43:18.0978 0x0880  volmgr - ok
11:43:19.0052 0x0880  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:43:19.0068 0x0880  volmgrx - ok
11:43:19.0100 0x0880  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:43:19.0118 0x0880  volsnap - ok
11:43:19.0162 0x0880  [ 2EC986F883C8450FA2C5F22524775E40, C4845543CFEA1BA8ACF89B03B445A85D7BEBAB63FA13B1D9E68F86330025B413 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
11:43:19.0183 0x0880  Vsdatant - ok
11:43:19.0241 0x0880  vsmon - ok
11:43:19.0287 0x0880  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:43:19.0304 0x0880  vsmraid - ok
11:43:19.0436 0x0880  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
11:43:19.0477 0x0880  VSS - ok
11:43:19.0499 0x0880  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:43:19.0506 0x0880  vwifibus - ok
11:43:19.0556 0x0880  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:43:19.0564 0x0880  vwififlt - ok
11:43:19.0591 0x0880  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
11:43:19.0593 0x0880  vwifimp - ok
11:43:19.0644 0x0880  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
11:43:19.0656 0x0880  W32Time - ok
11:43:19.0674 0x0880  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:43:19.0681 0x0880  WacomPen - ok
11:43:19.0752 0x0880  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:43:19.0766 0x0880  WANARP - ok
11:43:19.0776 0x0880  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:43:19.0781 0x0880  Wanarpv6 - ok
11:43:19.0888 0x0880  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:43:19.0944 0x0880  WatAdminSvc - ok
11:43:20.0046 0x0880  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
11:43:20.0085 0x0880  wbengine - ok
11:43:20.0125 0x0880  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:43:20.0133 0x0880  WbioSrvc - ok
11:43:20.0208 0x0880  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:43:20.0226 0x0880  wcncsvc - ok
11:43:20.0251 0x0880  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:43:20.0256 0x0880  WcsPlugInService - ok
11:43:20.0283 0x0880  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:43:20.0290 0x0880  Wd - ok
11:43:20.0384 0x0880  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:43:20.0416 0x0880  Wdf01000 - ok
11:43:20.0456 0x0880  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:43:20.0461 0x0880  WdiServiceHost - ok
11:43:20.0469 0x0880  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:43:20.0473 0x0880  WdiSystemHost - ok
11:43:20.0543 0x0880  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
11:43:20.0558 0x0880  WebClient - ok
11:43:20.0583 0x0880  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:43:20.0592 0x0880  Wecsvc - ok
11:43:20.0613 0x0880  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:43:20.0618 0x0880  wercplsupport - ok
11:43:20.0657 0x0880  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:43:20.0663 0x0880  WerSvc - ok
11:43:20.0690 0x0880  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:43:20.0695 0x0880  WfpLwf - ok
11:43:20.0707 0x0880  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:43:20.0713 0x0880  WIMMount - ok
11:43:20.0735 0x0880  WinDefend - ok
11:43:20.0750 0x0880  WinHttpAutoProxySvc - ok
11:43:20.0804 0x0880  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:43:20.0811 0x0880  Winmgmt - ok
11:43:20.0942 0x0880  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
11:43:20.0994 0x0880  WinRM - ok
11:43:21.0073 0x0880  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:43:21.0084 0x0880  WinUsb - ok
11:43:21.0154 0x0880  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:43:21.0194 0x0880  Wlansvc - ok
11:43:21.0348 0x0880  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:43:21.0403 0x0880  wlidsvc - ok
11:43:21.0470 0x0880  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:43:21.0478 0x0880  WmiAcpi - ok
11:43:21.0522 0x0880  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:43:21.0528 0x0880  wmiApSrv - ok
11:43:21.0566 0x0880  WMPNetworkSvc - ok
11:43:21.0601 0x0880  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:43:21.0604 0x0880  WPCSvc - ok
11:43:21.0665 0x0880  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:43:21.0675 0x0880  WPDBusEnum - ok
11:43:21.0699 0x0880  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:43:21.0705 0x0880  ws2ifsl - ok
11:43:21.0728 0x0880  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
11:43:21.0733 0x0880  wscsvc - ok
11:43:21.0791 0x0880  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
11:43:21.0798 0x0880  WSDPrintDevice - ok
11:43:21.0806 0x0880  WSearch - ok
11:43:21.0971 0x0880  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:43:22.0039 0x0880  wuauserv - ok
11:43:22.0101 0x0880  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:43:22.0115 0x0880  WudfPf - ok
11:43:22.0154 0x0880  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:43:22.0191 0x0880  WUDFRd - ok
11:43:22.0261 0x0880  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:43:22.0270 0x0880  wudfsvc - ok
11:43:22.0346 0x0880  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:43:22.0442 0x0880  WwanSvc - ok
11:43:22.0513 0x0880  [ EBD35BDCE49B94EB247213610094F399, 15A86FD702BED180CD92A78374C8A2D658A93B46EEC99BBC716CE618782E5A0B ] ZAPrivacyService C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
11:43:22.0517 0x0880  ZAPrivacyService - ok
11:43:22.0565 0x0880  ================ Scan global ===============================
11:43:22.0582 0x0880  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
11:43:22.0648 0x0880  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
11:43:22.0670 0x0880  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
11:43:22.0700 0x0880  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:43:22.0736 0x0880  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
11:43:22.0746 0x0880  [ Global ] - ok
11:43:22.0746 0x0880  ================ Scan MBR ==================================
11:43:22.0765 0x0880  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:43:23.0049 0x0880  \Device\Harddisk0\DR0 - ok
11:43:23.0049 0x0880  ================ Scan VBR ==================================
11:43:23.0054 0x0880  [ B31DB4E809C63543B588FEF8C37FA240 ] \Device\Harddisk0\DR0\Partition1
11:43:23.0057 0x0880  \Device\Harddisk0\DR0\Partition1 - ok
11:43:23.0062 0x0880  [ EA28F7BA371A5EDE425B0BD77281E20B ] \Device\Harddisk0\DR0\Partition2
11:43:23.0063 0x0880  \Device\Harddisk0\DR0\Partition2 - ok
11:43:23.0065 0x0880  ================ Scan generic autorun ======================
11:43:23.0129 0x0880  [ 3AE990AECCFC9A8F12294D03457EC72C, F357F09CD9B8983F72FCDBF56AE7B21FCFF98EDAFFC55B38B38F15B520F177B8 ] C:\Windows\system32\igfxtray.exe
11:43:23.0134 0x0880  IgfxTray - ok
11:43:23.0157 0x0880  [ FEDBA69F7DFD7EC2FBCAD85170E7793E, BD521CA185D9412207321F74D7A44B20FC920B397610C7F568F1DCD4371E2503 ] C:\Windows\system32\hkcmd.exe
11:43:23.0167 0x0880  HotKeysCmds - ok
11:43:23.0190 0x0880  [ EBE7107C4E2E21CACB3973C9508002BC, 68BB5FC94ADC27EC1FC2EC05402267FB3609197231DA4130CE6AE192F250E292 ] C:\Windows\system32\igfxpers.exe
11:43:23.0200 0x0880  Persistence - ok
11:43:23.0654 0x0880  [ 798DF4955D7DE4552706B3ECB65B3C80, C0DD4999D8E5505EBC5ADB2B458339BA1444FE897C8568E872C9F8CCF7C5360B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11:43:24.0053 0x0880  RtHDVCpl - ok
11:43:24.0211 0x0880  [ 4A0CE52AEE58783B90FB8CE418481EB0, 6AA4823D577B2E62B25F7425A52246556F555B49E9C795DA4485C4250C345861 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
11:43:24.0259 0x0880  RtHDVBg - ok
11:43:24.0267 0x0880  SynTPEnh - ok
11:43:24.0345 0x0880  [ F9EF20F6FDA1444C0864BD7AEDC10CAF, E6A18BD7200E7DE7599753DA27469AEC479A315931956D457547F243FCB92C2A ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
11:43:24.0362 0x0880  TosSENotify - ok
11:43:24.0409 0x0880  [ F82483A80D49ACCA81193A294FB233CD, 7EEA9E7F62A92AD98569B1A4F4809D91D7ED671821A738EB75BC6E469DB44494 ] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
11:43:24.0412 0x0880  TosVolRegulator - ok
11:43:24.0462 0x0880  [ 104A28EA683C17D5470B3934D158142D, 286E7AF73C94D5CCD9F84C83C5343F385290D786D130701C367E56D5681A751C ] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
11:43:24.0469 0x0880  Toshiba Registration - ok
11:43:24.0617 0x0880  [ 54C5FCD5500F862B4572C4960265C9F1, F0932ED24246DBCE33D4846E23547ACFDC42BE8DA7AA2B59F1B2ED48BBFF7D0C ] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
11:43:24.0679 0x0880  SpywareTerminatorShield - ok
11:43:24.0855 0x0880  [ E6A2593AD58D205535F5BA0AEB231DC1, 011BACD4ABCFF47C6218C2D110F7C0C5B4032A0AF9BFC4DD16ACC511981A66A8 ] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
11:43:24.0995 0x0880  SpywareTerminatorUpdater - ok
11:43:25.0104 0x0880  [ 80A02F5ADDDF2D615B85A4F19424DCBB, BBAC2A551CE02625FD7F3944D4EBDC7EF5C9F2C9D698449D77695C2B1DC1CE45 ] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
11:43:25.0130 0x0880  NBAgent - ok
11:43:25.0277 0x0880  [ 80D632DC81BDF6E58630D8FA329FAE54, 4E1CE7D9ADEF7D304C208A70B25B71CAE233763821A47615A699F4261086688B ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
11:43:25.0332 0x0880  TWebCamera - ok
11:43:25.0471 0x0880  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:43:25.0544 0x0880  Sidebar - ok
11:43:25.0594 0x0880  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:43:25.0605 0x0880  mctadmin - ok
11:43:25.0657 0x0880  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:43:25.0680 0x0880  Sidebar - ok
11:43:25.0690 0x0880  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:43:25.0694 0x0880  mctadmin - ok
11:43:25.0719 0x0880  KiesPreload - ok
11:43:25.0905 0x0880  [ 7999235AE6A9F0FE1C007203F03A4618, D552A169E7E5EC43B675120F11E6A1790902C4068FAAFC2DE81DDB5FA50F18E8 ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe
11:43:25.0938 0x0880  FlashPlayerUpdate - ok
11:43:25.0941 0x0880  Waiting for KSN requests completion. In queue: 62
11:43:26.0941 0x0880  Waiting for KSN requests completion. In queue: 62
11:43:27.0941 0x0880  Waiting for KSN requests completion. In queue: 62
11:43:29.0431 0x0880  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x41010 ( enabled : outofdate )
11:43:29.0505 0x0880  FW detected via SS2: ZoneAlarm Free Firewall Firewall, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 11.0.780.0 ), 0x41010 ( enabled )
11:43:32.0251 0x0880  ============================================================
11:43:32.0251 0x0880  Scan finished
11:43:32.0251 0x0880  ============================================================
11:43:32.0266 0x01e4  Detected object count: 0
11:43:32.0266 0x01e4  Actual detected object count: 0
 

 

 

I will go trough the USB troubleshoot sites you recomended! THX



#14 Bie76

Bie76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 27 December 2014 - 06:05 AM

the .bmp picture of my task manager


Edited by Bie76, 27 December 2014 - 06:11 AM.


#15 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:07 PM

Posted 27 December 2014 - 10:34 AM

hi,

 

That log looks good. The .bmp attachment isnt there?


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users