Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus/malware- perfomance issues and bandwidth use


  • This topic is locked This topic is locked
21 replies to this topic

#1 jimjimrob

jimjimrob

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 13 December 2014 - 06:05 PM

I was told to come here by multiple people on a forum I frequent. This is a recent issue for me, starting within the past couple days and cannot narrow down what the cause is. The issue is with performance of the machine as well as bandwidth usage and I'm assuming many google requests causing captcha requests. I have two(2) harddrives within the machine, one being mostly for storage. I use multiple programs that would cause an ip ban from google, but those are all run with proxies. I recently downloaded malwarebytes and scanned with it, as well as looking through the registry for common entries that may be the issue and found nothing. Any help would be greatly appreciated.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 1.6.0_32
Run by owner at 17:38:22 on 2014-12-13
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2814.1271 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_15_0_0_246_Plugin.exe -update plugin
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: >>> DIAL <<< - c:\windows\numb.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AFB5B7D6-B3F5-41CB-A40F-6E9B31194BA2} : DHCPNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB}\34963736F61363330383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB}\4646D2772747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB}\75946494 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB}\C4D494D275962756C6563737 : DHCPNameServer = 65.32.5.74 65.32.5.75 192.168.1.1
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB}\E454457454142523 : DHCPNameServer = 192.168.1.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\xpewgyh1.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_246.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-10-2 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-10-2 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2012-8-21 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-8-21 423784]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-16 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-21 70384]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-16 91496]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-12-11 50344]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-8-16 66424]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-12-12 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-12-12 969016]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2012-9-6 80472]
R3 clwvd;HP Webcam Splitter;c:\windows\system32\drivers\clwvd.sys [2010-7-30 29168]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-8-21 228408]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-5-20 59904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-12-12 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-12-12 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-12-12 51928]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-29 116064]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-9-10 18432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-21 1343400]
S4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2012-8-16 397176]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2012-8-16 384888]
S4 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-26 2673064]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="f:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-12-13 18:54:55    --------    d-----w-    c:\programdata\Logs
2014-12-13 17:43:38    --------    d-----w-    c:\users\owner\appdata\roaming\Nuance
2014-12-12 06:29:02    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-12 06:28:28    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-12-12 06:28:28    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-12-12 06:28:28    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-12-12 06:28:27    --------    d-----w-    c:\programdata\Malwarebytes
2014-12-12 06:28:27    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-12-12 02:56:11    7023536    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-12-12 02:56:05    8941456    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{241b459f-54df-4b13-9c64-237d83bd90ee}\mpengine.dll
2014-12-12 02:52:20    43152    ----a-w-    c:\windows\avastSS.scr
2014-12-12 01:26:23    --------    d-----w-    c:\program files\Market Samurai
2014-12-11 06:34:51    --------    d-----w-    c:\program files\WinHTTrack
2014-12-06 20:57:08    --------    d-----w-    c:\program files\runphp
2014-12-06 20:54:54    --------    d-----w-    c:\users\owner\appdata\roaming\Microsoft Corporation
2014-12-06 20:54:11    --------    d-----w-    c:\program files\IIS
2014-12-06 20:53:09    --------    d-----w-    c:\program files\IIS Express
2014-12-06 20:51:47    --------    d-----w-    c:\program files\Microsoft SQL Server
2014-12-06 05:32:07    --------    d-----w-    c:\program files\LongTailPro
2014-12-06 03:56:25    --------    d-----w-    c:\programdata\Submit Suite
2014-12-06 03:56:25    --------    d-----w-    c:\program files\Submit Suite
2014-12-02 03:44:35    --------    d-----w-    c:\users\owner\appdata\local\Thwaites_SEO
2014-12-01 21:03:29    --------    d-----w-    c:\users\owner\appdata\roaming\com.longtailpro.LongTailPro
2014-11-29 18:53:45    --------    d-----w-    c:\users\owner\appdata\roaming\Traffic Travis v4
.
==================== Find3M  ====================
.
2014-12-12 02:52:56    787800    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-12-12 02:52:25    91496    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-12-12 02:52:24    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-12-12 02:52:24    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-12-12 02:52:24    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-12-12 02:52:24    206248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-12-12 02:52:23    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-12-09 21:02:16    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 21:02:16    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 17:39:54.76 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 18 December 2014 - 06:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559744 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jimjimrob

jimjimrob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 20 December 2014 - 08:40 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 1.6.0_32
Run by owner at 20:19:52 on 2014-12-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2814.1347 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: >>> DIAL <<< - c:\windows\numb.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AFB5B7D6-B3F5-41CB-A40F-6E9B31194BA2} : DHCPNameServer = 172.26.38.1 172.26.38.2
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB}\34963736F61363330383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB}\4646D2772747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB}\75946494 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB}\C4D494D275962756C6563737 : DHCPNameServer = 65.32.5.74 65.32.5.75 192.168.1.1
TCP: Interfaces\{FB450B30-7B1F-46AE-B82E-2D09FA803FAB}\E454457454142523 : DHCPNameServer = 192.168.1.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\xpewgyh1.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_235.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-10-2 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-10-2 206248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2012-8-21 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-8-21 423784]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-16 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-21 70384]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-16 91496]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-12-11 50344]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-8-16 66424]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-12-12 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-12-12 969016]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2012-9-6 80472]
R3 clwvd;HP Webcam Splitter;c:\windows\system32\drivers\clwvd.sys [2010-7-30 29168]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-8-21 228408]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-5-20 59904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-12-12 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-12-12 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-12-12 51928]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2014-12-19 108032]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2014-12-19 9216]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-29 116064]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-9-10 18432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-21 1343400]
S4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2012-8-16 397176]
S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2012-8-16 384888]
S4 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-26 2673064]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="f:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-12-20 20:04:22    69632    ----a-w-    c:\windows\system32\smss.exe
2014-12-20 20:04:22    640512    ----a-w-    c:\windows\system32\advapi32.dll
2014-12-20 20:04:22    619520    ----a-w-    c:\windows\system32\tdh.dll
2014-12-20 20:04:22    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2014-12-20 20:04:22    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2014-12-20 20:04:22    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2014-12-20 20:04:22    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2014-12-20 20:03:57    240496    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-12-20 20:03:57    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2014-12-20 20:03:57    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2014-12-20 20:03:56    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-12-20 20:03:56    231424    ----a-w-    c:\windows\system32\mswsock.dll
2014-12-20 20:03:39    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-12-20 20:01:23    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-20 19:58:32    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-12-19 20:14:42    --------    d-----w-    c:\users\owner\appdata\local\Autodesk
2014-12-19 20:12:29    --------    d-----w-    c:\users\owner\appdata\roaming\Autodesk
2014-12-19 05:14:06    --------    d-----w-    c:\program files\WinPcap
2014-12-19 05:11:40    --------    d-----w-    c:\programdata\Freemake
2014-12-19 05:11:13    --------    d-----w-    c:\program files\Freemake
2014-12-18 23:39:35    --------    d-----w-    c:\users\owner\appdata\local\KutoolsforExcel
2014-12-17 17:09:28    --------    d-----w-    c:\program files\ElectraSoft
2014-12-17 17:08:50    --------    d-----w-    C:\32be
2014-12-17 15:54:08    --------    d-----w-    c:\users\owner\appdata\roaming\Maxprog
2014-12-17 15:53:45    --------    d-----w-    c:\program files\eMail Verifier
2014-12-17 00:15:58    --------    d-----w-    c:\users\owner\appdata\roaming\AtomPark
2014-12-16 18:27:06    --------    d-----w-    c:\users\owner\appdata\local\EasyAd_Company
2014-12-13 18:54:55    --------    d-----w-    c:\programdata\Logs
2014-12-13 17:43:38    --------    d-----w-    c:\users\owner\appdata\roaming\Nuance
2014-12-12 06:29:02    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-12 06:28:28    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-12-12 06:28:28    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-12-12 06:28:28    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-12-12 06:28:27    --------    d-----w-    c:\programdata\Malwarebytes
2014-12-12 06:28:27    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-12-12 02:56:11    7023536    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-12-12 02:56:05    8941456    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{241b459f-54df-4b13-9c64-237d83bd90ee}\mpengine.dll
2014-12-12 02:52:20    43152    ----a-w-    c:\windows\avastSS.scr
2014-12-11 06:34:51    --------    d-----w-    c:\program files\WinHTTrack
2014-12-06 20:57:08    --------    d-----w-    c:\program files\runphp
2014-12-06 20:54:54    --------    d-----w-    c:\users\owner\appdata\roaming\Microsoft Corporation
2014-12-06 20:54:11    --------    d-----w-    c:\program files\IIS
2014-12-06 20:53:09    --------    d-----w-    c:\program files\IIS Express
2014-12-06 20:51:47    --------    d-----w-    c:\program files\Microsoft SQL Server
2014-12-06 03:56:25    --------    d-----w-    c:\programdata\Submit Suite
2014-12-06 03:56:25    --------    d-----w-    c:\program files\Submit Suite
2014-12-02 03:44:35    --------    d-----w-    c:\users\owner\appdata\local\Thwaites_SEO
2014-12-01 21:03:29    --------    d-----w-    c:\users\owner\appdata\roaming\com.longtailpro.LongTailPro
2014-11-29 18:53:45    --------    d-----w-    c:\users\owner\appdata\roaming\Traffic Travis v4
.
==================== Find3M  ====================
.
2014-12-20 20:01:23    906240    ----a-w-    c:\windows\system32\FntCache.dll
2014-12-20 19:03:08    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-20 19:03:08    701616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-12-12 02:52:56    787800    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-12-12 02:52:25    91496    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-12-12 02:52:24    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-12-12 02:52:24    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-12-12 02:52:24    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-12-12 02:52:24    206248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-12-12 02:52:23    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
.
============= FINISH: 20:22:17.48 ===============
 

Attached Files


Edited by jimjimrob, 20 December 2014 - 08:41 PM.


#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:34 PM

Posted 22 December 2014 - 11:29 AM

Hello jimjimrob, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


Best Regards,
oneof4.


#5 jimjimrob

jimjimrob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 22 December 2014 - 02:17 PM


 

I understand, and do appreciate any help you can give. Thank you. It will not allow me to paste Addition.txt into my post.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by owner (administrator) on OWNER-PC on 22-12-2014 13:53:59
Running from C:\Users\owner\Desktop
Loaded Profile: owner (Available profiles: owner & Guest)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) F:\Program Files\Opera\26.0.1656.60\opera.exe
() F:\Program Files\Opera\26.0.1656.60\opera_crashreporter.exe
(Opera Software) F:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) F:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) F:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) F:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) F:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) F:\Program Files\Opera\26.0.1656.60\opera.exe
(Opera Software) F:\Program Files\Opera\26.0.1656.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-10-08] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1821388762-2776303338-3111082552-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1821388762-2776303338-3111082552-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\xpewgyh1.default
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\xpewgyh1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-21]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-06]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-27]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-06]
CHR Extension: (Honey) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-12-12]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-06]
CHR Extension: (MozBar) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2014-11-26]
CHR Extension: (Google Wallet) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-11] (AVAST Software)
S4 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [397176 2012-08-16] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384888 2012-08-16] (BlueStack Systems, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed]
S2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-11] ()
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [66424 2012-08-16] (BlueStack Systems)
R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [29168 2010-07-30] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-09-10] (Apple Inc.) [File not signed]
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\owner\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 13:53 - 2014-12-22 13:54 - 00012120 _____ () C:\Users\owner\Desktop\FRST.txt
2014-12-22 13:53 - 2014-12-22 13:54 - 00000000 ____D () C:\FRST
2014-12-22 13:52 - 2014-12-22 13:52 - 01114112 _____ (Farbar) C:\Users\owner\Desktop\FRST.exe
2014-12-21 23:07 - 2014-12-21 23:07 - 00000000 ____D () C:\Users\owner\AppData\Local\Ofi Labs
2014-12-21 19:27 - 2014-12-21 19:27 - 00077144 _____ () C:\Users\owner\Downloads\wp-ultimate-silo-1.6.3.zip
2014-12-21 17:00 - 2014-12-21 17:00 - 00946438 _____ () C:\Users\owner\Downloads\Divi_2_4_1.zip
2014-12-20 22:48 - 2014-12-20 22:48 - 00000843 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LongTailPro.lnk
2014-12-20 22:48 - 2014-12-20 22:48 - 00000831 _____ () C:\Users\Public\Desktop\LongTailPro.lnk
2014-12-20 22:48 - 2014-12-20 22:48 - 00000000 ____D () C:\Program Files\LongTailPro
2014-12-20 20:39 - 2014-12-20 20:39 - 00002321 _____ () C:\Users\owner\Desktop\attach.zip
2014-12-20 16:28 - 2014-12-22 13:47 - 00001176 _____ () C:\Windows\setupact.log
2014-12-20 16:28 - 2014-12-20 16:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-20 15:04 - 2014-12-20 15:04 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-12-20 15:04 - 2014-12-20 15:04 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-12-20 15:04 - 2014-12-20 15:04 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-12-20 15:04 - 2014-12-20 15:04 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-12-20 15:04 - 2014-12-20 15:04 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-12-20 15:04 - 2014-12-20 15:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-12-20 15:04 - 2014-12-20 15:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-12-20 15:03 - 2014-12-20 15:03 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-12-20 15:03 - 2014-12-20 15:03 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-12-20 15:03 - 2014-12-20 15:03 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-12-20 15:03 - 2014-12-20 15:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-12-20 15:03 - 2014-12-20 15:03 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-12-20 15:03 - 2014-12-20 15:03 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-12-20 15:02 - 2014-12-20 15:02 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-12-20 15:02 - 2014-12-20 15:02 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-12-20 15:02 - 2014-12-20 15:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-12-20 15:01 - 2014-12-20 15:01 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-12-20 14:58 - 2014-12-20 14:58 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-12-20 14:50 - 2014-12-20 15:25 - 00008394 _____ () C:\Windows\IE11_main.log
2014-12-19 15:14 - 2014-12-19 15:14 - 00000000 ____D () C:\Users\owner\AppData\Local\Autodesk
2014-12-19 15:13 - 2014-12-19 15:13 - 00001625 _____ () C:\Users\Public\Desktop\Pixlr .lnk
2014-12-19 15:13 - 2014-12-19 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-12-19 15:12 - 2014-12-19 15:12 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Autodesk
2014-12-19 15:12 - 2014-12-19 15:12 - 00000000 ____D () C:\ProgramData\Autodesk
2014-12-19 15:09 - 2014-12-19 15:10 - 35841688 _____ () C:\Users\owner\Downloads\Autodesk_Pixlr_v1.0.3.0_Win32.exe
2014-12-19 00:14 - 2014-12-19 00:14 - 00000000 ____D () C:\Program Files\WinPcap
2014-12-19 00:11 - 2014-12-19 11:40 - 00000000 ____D () C:\Users\owner\Documents\Freemake
2014-12-19 00:11 - 2014-12-19 00:14 - 00000000 ____D () C:\ProgramData\Freemake
2014-12-19 00:11 - 2014-12-19 00:11 - 00001254 _____ () C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2014-12-19 00:11 - 2014-12-19 00:11 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-12-19 00:11 - 2014-12-19 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-12-19 00:11 - 2014-12-19 00:11 - 00000000 ____D () C:\Program Files\Freemake
2014-12-19 00:08 - 2014-12-19 00:08 - 01270856 _____ (Ellora Assets Corporation ) C:\Users\owner\Downloads\FreemakeVideoDownloaderSetup.exe
2014-12-18 21:53 - 2014-12-18 21:53 - 00000679 _____ () C:\Users\owner\Desktop\WEBSITE bleep - Shortcut.lnk
2014-12-18 18:39 - 2014-12-18 18:39 - 00000000 ____D () C:\Users\owner\AppData\Local\KutoolsforExcel
2014-12-17 18:37 - 2014-12-21 20:03 - 00000000 ____D () C:\Users\owner\Desktop\securedresources
2014-12-17 12:09 - 2014-12-17 12:14 - 00000000 ____D () C:\Program Files\ElectraSoft
2014-12-17 12:09 - 2014-12-17 12:09 - 00001823 _____ () C:\Users\owner\Desktop\32bit Email Broadcaster.lnk
2014-12-17 12:09 - 2014-12-17 12:09 - 00001823 _____ () C:\Users\Guest\Desktop\32bit Email Broadcaster.lnk
2014-12-17 12:09 - 2014-12-17 12:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\32bit Email Broadcaster
2014-12-17 12:09 - 2014-12-17 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\32bit Email Broadcaster
2014-12-17 12:08 - 2014-12-17 12:08 - 00000000 ____D () C:\32be
2014-12-17 12:06 - 2014-12-17 12:06 - 03145976 _____ (ElectraSoft) C:\Users\owner\Downloads\32besx.exe
2014-12-17 10:54 - 2014-12-17 12:08 - 00000000 ____D () C:\Users\owner\Documents\Maxprog
2014-12-17 10:54 - 2014-12-17 12:08 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Maxprog
2014-12-17 10:54 - 2014-12-17 10:54 - 00000049 ____H () C:\Users\owner\AppData\Roaming\eMail Verifier.ini
2014-12-17 10:53 - 2014-12-17 10:56 - 00000000 ____D () C:\Program Files\eMail Verifier
2014-12-17 10:53 - 2014-12-17 10:53 - 00001827 _____ () C:\Users\owner\Desktop\eMail Verifier.lnk
2014-12-17 10:49 - 2014-12-17 10:49 - 02932048 _____ (Max Programming LLC ) C:\Users\owner\Downloads\eMailVerifier_setup.exe
2014-12-17 01:06 - 2014-12-17 01:07 - 23361292 _____ () C:\Users\owner\Downloads\Wordpress Visual Composer +  Extensions Pack.zip
2014-12-16 21:58 - 2014-12-16 21:59 - 46616332 _____ () C:\Users\owner\Downloads\Mega OmniNiches.zip
2014-12-16 19:32 - 2014-12-16 20:08 - 00000464 _____ () C:\Users\owner\Desktop\12-16-PROXY.txt
2014-12-16 19:15 - 2014-12-16 19:15 - 00000000 ____D () C:\Users\owner\AppData\Roaming\AtomPark
2014-12-16 19:14 - 2014-12-16 19:14 - 09651336 _____ (AtomPark Software Inc. ) C:\Users\owner\Downloads\AtomicMailVerifier_812_setup.exe
2014-12-16 19:09 - 2014-12-20 10:42 - 00001386 _____ () C:\Users\owner\Desktop\Market Samurai - Shortcut.lnk
2014-12-16 19:03 - 2014-12-16 19:03 - 00000000 ____D () C:\Users\owner\Downloads\Market Samurai
2014-12-16 19:01 - 2014-12-16 19:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-16 19:01 - 2014-12-16 19:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-16 19:01 - 2014-12-16 19:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-16 18:58 - 2014-12-16 18:58 - 17711760 _____ (Adobe Systems Inc.) C:\Users\owner\Downloads\AdobeAIRInstaller(1).exe
2014-12-16 18:29 - 2014-12-16 18:29 - 04771832 _____ () C:\Users\owner\Downloads\Market Samurai.zip
2014-12-16 13:27 - 2014-12-16 13:27 - 00000000 ____D () C:\Users\owner\AppData\Local\EasyAd_Company
2014-12-13 19:58 - 2014-12-22 12:38 - 00000000 ____D () C:\Users\owner\Downloads\scrapebox_upd
2014-12-13 19:52 - 2014-12-13 19:55 - 18791352 _____ () C:\Users\owner\Downloads\scrapebox_upd.zip
2014-12-13 17:40 - 2014-12-20 20:39 - 00006085 _____ () C:\Users\owner\Desktop\attach.txt
2014-12-13 17:40 - 2014-12-20 20:22 - 00014359 _____ () C:\Users\owner\Desktop\dds.txt
2014-12-13 17:35 - 2014-12-13 17:36 - 00688992 ____R (Swearware) C:\Users\owner\Desktop\dds.com
2014-12-13 12:43 - 2014-12-13 12:43 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Nuance
2014-12-12 22:59 - 2014-12-20 16:11 - 00000000 ____D () C:\Windows\Minidump
2014-12-12 01:29 - 2014-12-22 13:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-12 01:28 - 2014-12-12 01:28 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-12 01:28 - 2014-12-12 01:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-12 01:28 - 2014-12-12 01:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-12 01:28 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-12 01:28 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-12 01:28 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-12 01:26 - 2014-12-12 01:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-11 22:59 - 2014-12-11 22:59 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-12-11 22:59 - 2014-12-11 22:59 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-12-11 22:57 - 2014-12-11 22:57 - 00001373 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-11 22:57 - 2014-12-11 22:57 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVAST Software
2014-12-11 22:57 - 2014-12-11 22:57 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-12-11 22:57 - 2014-12-11 22:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-12-11 22:57 - 2014-12-11 22:57 - 00000000 _____ () C:\Users\Guest\AppData\Local\QSwitch.txt
2014-12-11 22:57 - 2014-12-11 22:57 - 00000000 _____ () C:\Users\Guest\AppData\Local\DSwitch.txt
2014-12-11 22:57 - 2014-12-11 22:57 - 00000000 _____ () C:\Users\Guest\AppData\Local\AtStart.txt
2014-12-11 22:56 - 2014-12-11 22:57 - 00000000 ____D () C:\Users\Guest
2014-12-11 22:56 - 2014-12-11 22:56 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-12-11 22:56 - 2014-12-11 22:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-12-11 22:56 - 2014-11-01 13:08 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-12-11 22:56 - 2009-07-13 23:42 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-11 22:56 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-11 21:52 - 2014-12-11 21:52 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-11 21:52 - 2014-12-11 21:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-11 21:52 - 2014-12-11 21:52 - 00002005 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-11 01:35 - 2014-12-11 01:35 - 00000953 _____ () C:\Users\owner\Desktop\HTTrack Website Copier.lnk
2014-12-11 01:34 - 2014-12-11 01:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2014-12-11 01:34 - 2014-12-11 01:35 - 00000000 ____D () C:\Program Files\WinHTTrack
2014-12-11 01:32 - 2014-12-11 01:33 - 04151768 _____ (HTTrack ) C:\Users\owner\Downloads\httrack-3.48.19.exe
2014-12-09 18:44 - 2014-12-09 18:45 - 00000000 ____D () C:\Users\owner\Downloads\scrapebox - Copy
2014-12-09 13:31 - 2014-12-09 13:31 - 03560694 _____ () C:\Users\owner\Downloads\Authority_Engage_and_Traffic_Engage.zip
2014-12-07 00:58 - 2014-12-07 00:58 - 00001389 _____ () C:\Users\owner\Desktop\2014 ELEGANT THEMES - Shortcut.lnk
2014-12-06 15:57 - 2014-12-06 15:57 - 00000000 ____D () C:\Program Files\runphp
2014-12-06 15:55 - 2014-12-06 15:55 - 00000000 ____D () C:\Users\owner\Documents\My Web Sites
2014-12-06 15:55 - 2014-12-06 15:55 - 00000000 ____D () C:\Users\owner\Documents\IISExpress
2014-12-06 15:54 - 2014-12-06 15:54 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft Corporation
2014-12-06 15:54 - 2014-12-06 15:54 - 00000000 ____D () C:\Program Files\IIS
2014-12-06 15:53 - 2014-12-06 15:53 - 00000000 ____D () C:\Program Files\IIS Express
2014-12-06 15:51 - 2014-12-06 15:51 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-06 15:51 - 2014-12-06 15:51 - 00000000 ____D () C:\Program Files\Microsoft SDKs
2014-12-06 15:46 - 2014-12-06 15:46 - 00116384 _____ (Microsoft Corporation) C:\Users\owner\Downloads\WebMatrixWeb.exe
2014-12-06 00:14 - 2014-12-06 00:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-05 23:01 - 2014-12-05 23:01 - 01535336 _____ (Fastlink2 ) C:\Users\owner\Downloads\articlesubmittersetup.exe
2014-12-05 23:01 - 2014-12-05 23:01 - 00001191 _____ () C:\Users\owner\Desktop\Article Submitter.lnk
2014-12-05 22:56 - 2014-12-05 23:01 - 00000000 ____D () C:\ProgramData\Submit Suite
2014-12-05 22:56 - 2014-12-05 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Submit Suite
2014-12-05 22:56 - 2014-12-05 23:01 - 00000000 ____D () C:\Program Files\Submit Suite
2014-12-05 22:56 - 2014-12-05 22:56 - 00001191 _____ () C:\Users\owner\Desktop\Website Submitter.lnk
2014-12-05 22:55 - 2014-12-05 22:55 - 02124592 _____ (Fastlink2 ) C:\Users\owner\Downloads\websitesubmittersetup.exe
2014-12-05 22:51 - 2014-12-05 22:51 - 00000108 _____ () C:\Users\owner\AppData\Roaming\GWMC-I92M
2014-12-01 22:44 - 2014-12-01 22:44 - 00000000 ____D () C:\Users\owner\AppData\Local\Thwaites_SEO
2014-12-01 22:36 - 2014-12-01 22:36 - 01620992 _____ () C:\Users\owner\Downloads\Magic Web Finder Trail.msi
2014-12-01 16:03 - 2014-12-20 22:48 - 00000236 _____ () C:\Users\owner\AppData\Roaming\RO39-2M3Q
2014-12-01 16:03 - 2014-12-20 22:48 - 00000000 ____D () C:\Users\owner\AppData\Roaming\com.longtailpro.LongTailPro
2014-12-01 16:03 - 2014-12-01 16:03 - 00000088 _____ () C:\Users\owner\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2014-12-01 16:03 - 2014-12-01 16:03 - 00000088 _____ () C:\Users\owner\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2014-12-01 16:02 - 2014-12-01 16:02 - 03940743 _____ () C:\Users\owner\Downloads\LongTailProTrial.zip
2014-12-01 15:43 - 2014-12-01 15:43 - 00098304 _____ () C:\Users\owner\fbchathistory.dat
2014-11-29 13:53 - 2014-12-06 13:51 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Traffic Travis v4
2014-11-29 13:53 - 2014-11-30 17:59 - 00000993 _____ () C:\Users\owner\Desktop\Traffic Travis v4.lnk
2014-11-29 13:53 - 2014-11-29 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Traffic Travis v4
2014-11-29 13:51 - 2014-11-29 13:52 - 15132600 _____ (Affilorama Ltd. ) C:\Users\owner\Downloads\traffic_travis_v4.exe
2014-11-26 13:20 - 2014-11-26 13:20 - 00000000 ____D () C:\Users\owner\Documents\Virtual Machines
2014-11-26 13:18 - 2014-11-26 13:20 - 00000000 ____D () C:\Users\owner\AppData\Roaming\VMware
2014-11-26 13:18 - 2014-11-26 13:18 - 00000000 ____D () C:\ProgramData\VMware

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 13:53 - 2013-02-05 11:25 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 13:52 - 2013-02-08 23:06 - 00000000 ____D () C:\Users\owner\Downloads\scrapebox
2014-12-22 13:02 - 2014-11-04 19:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 12:53 - 2013-02-05 11:25 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 12:12 - 2009-07-13 23:34 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 12:12 - 2009-07-13 23:34 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 10:16 - 2012-08-21 11:05 - 01136804 _____ () C:\Windows\WindowsUpdate.log
2014-12-20 23:50 - 2012-08-21 09:50 - 00000000 ____D () C:\ProgramData\Temp
2014-12-20 19:55 - 2010-11-20 16:01 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 19:51 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 19:51 - 2009-07-13 23:33 - 00412432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-20 19:50 - 2010-11-20 16:48 - 00269276 _____ () C:\Windows\PFRO.log
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\el-GR
2014-12-20 19:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-20 14:57 - 2014-11-03 20:02 - 00007600 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg
2014-12-20 14:08 - 2012-08-21 19:57 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Mozilla
2014-12-20 14:08 - 2012-08-21 19:57 - 00000000 ____D () C:\Users\owner\AppData\Local\Mozilla
2014-12-20 14:03 - 2012-09-01 13:40 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
2014-12-20 14:03 - 2012-08-21 10:27 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-20 14:03 - 2012-08-21 10:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 10:16 - 2014-09-19 18:38 - 00000000 ____D () C:\Users\owner\Desktop\TRANSFER WEBSITE
2014-12-18 23:30 - 2013-08-18 19:43 - 00000000 ____D () C:\Users\owner\AppData\Roaming\MediaMonkey
2014-12-17 00:23 - 2014-10-29 22:24 - 00000000 ____D () C:\Users\owner\Desktop\MMJ
2014-12-16 19:01 - 2012-08-21 10:31 - 00000000 ____D () C:\Program Files\Adobe
2014-12-15 11:41 - 2012-08-21 08:13 - 00000000 ____D () C:\Users\owner
2014-12-12 16:59 - 2013-02-05 11:28 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 02:00 - 2014-10-17 22:51 - 00000000 ____D () C:\Windows\pss
2014-12-11 22:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-11 21:52 - 2014-10-16 11:33 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-11 21:52 - 2014-10-16 11:32 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-11 21:52 - 2014-10-02 10:36 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-11 21:52 - 2014-10-02 10:36 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-11 21:52 - 2012-08-21 10:40 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-11 21:52 - 2012-08-21 10:40 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-11 21:52 - 2012-08-21 10:40 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-11 21:52 - 2012-08-21 10:40 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-11 20:32 - 2012-08-21 19:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-08 12:16 - 2014-10-29 01:53 - 00127082 _____ () C:\Users\owner\.ranktracker.properties
2014-12-08 12:16 - 2014-10-28 23:57 - 00000000 ____D () C:\Users\owner\.ranktracker
2014-11-30 16:03 - 2014-11-01 13:09 - 00000000 ____D () C:\Users\owner\AppData\Roaming\MarketSamurai
2014-11-29 17:36 - 2013-08-18 19:54 - 00000000 ____D () C:\Users\owner\Incomplete
2014-11-29 17:35 - 2013-08-18 19:54 - 00000000 ____D () C:\Users\owner\AppData\Roaming\MP3Rocket

Files to move or delete:
====================
C:\Users\owner\fbchathistory.dat


Some content of TEMP:
====================
C:\Users\owner\AppData\Local\Temp\AcDeltree.exe
C:\Users\owner\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
C:\Users\owner\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-07 11:22

==================== End Of Log ============================

 

 

ADDITION.TXT


Edited by jimjimrob, 22 December 2014 - 02:19 PM.


#6 jimjimrob

jimjimrob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 22 December 2014 - 02:22 PM


Attached Files



#7 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:34 PM

Posted 22 December 2014 - 04:11 PM

Hello, :)

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also, update me on how your system is performing after running the fix.

Attached Files


Best Regards,
oneof4.


#8 jimjimrob

jimjimrob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 22 December 2014 - 09:54 PM

Yes it does seem very much improved. Restarted and  is running much faster now, and not using near as much resoutces running the same amount of programs. I thank you so much.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-12-2014 01
Ran by owner at 2014-12-22 21:45:13 Run:1
Running from C:\Users\owner\Desktop
Loaded Profile: owner (Available profiles: owner & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKU\S-1-5-21-1821388762-2776303338-3111082552-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U3 mbr; \??\C:\Users\owner\AppData\Local\Temp\mbr.sys [X]
C:\Users\owner\fbchathistory.dat
C:\Users\owner\AppData\Local\Temp\AcDeltree.exe
C:\Users\owner\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
C:\Users\owner\AppData\Local\Temp\ose00000.exe
CustomCLSID: HKU\S-1-5-21-1821388762-2776303338-3111082552-1000_Classes\CLSID\{0cd9bb16-26d8-5d25-7cba-0bd409d4f1e94}\InprocServer32 -> 0xA4796D5A85F4CF012F13527E51F6CF01030000004003000000000000 No File
CustomCLSID: HKU\S-1-5-21-1821388762-2776303338-3111082552-1000_Classes\CLSID\{479c5890-6ef0-71b9-d548-591f23c285af0}\InprocServer32 -> 0x4576616C457870697265644669726564605960 No File
CustomCLSID: HKU\S-1-5-21-1821388762-2776303338-3111082552-1000_Classes\CLSID\{6bf448c2-69e3-3193-f551-b21065ffff0a5}\InprocServer32 -> No File Path
AlternateDataStreams: C:\ProgramData\Temp:F8AF2BB9

*****************

HKU\S-1-5-21-1821388762-2776303338-3111082552-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
mbr => Service deleted successfully.
C:\Users\owner\fbchathistory.dat => Moved successfully.
C:\Users\owner\AppData\Local\Temp\AcDeltree.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\ose00000.exe => Moved successfully.
"HKU\S-1-5-21-1821388762-2776303338-3111082552-1000_Classes\CLSID\{0cd9bb16-26d8-5d25-7cba-0bd409d4f1e94}" => Key deleted successfully.
"HKU\S-1-5-21-1821388762-2776303338-3111082552-1000_Classes\CLSID\{479c5890-6ef0-71b9-d548-591f23c285af0}" => Key deleted successfully.
"HKU\S-1-5-21-1821388762-2776303338-3111082552-1000_Classes\CLSID\{6bf448c2-69e3-3193-f551-b21065ffff0a5}" => Key deleted successfully.
C:\ProgramData\Temp => ":F8AF2BB9" ADS removed successfully.

==== End of Fixlog 21:45:15 ====



#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:34 PM

Posted 23 December 2014 - 09:28 AM

Hey, :)
 
That's GREAT news!!!
 
Let's run the following to make sure there's nothing hiding from us:
 
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

 


Best Regards,
oneof4.


#10 jimjimrob

jimjimrob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 23 December 2014 - 02:51 PM

It Found nothing. Again thank you for the help. here is the log anyway.

 

 

 

13:46:18.0669 0x1434  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
13:46:40.0598 0x1434  ============================================================
13:46:40.0598 0x1434  Current date / time: 2014/12/23 13:46:40.0598
13:46:40.0598 0x1434  SystemInfo:
13:46:40.0598 0x1434  
13:46:40.0598 0x1434  OS Version: 6.1.7601 ServicePack: 1.0
13:46:40.0598 0x1434  Product type: Workstation
13:46:40.0598 0x1434  ComputerName: OWNER-PC
13:46:40.0598 0x1434  UserName: owner
13:46:40.0598 0x1434  Windows directory: C:\Windows
13:46:40.0598 0x1434  System windows directory: C:\Windows
13:46:40.0598 0x1434  Processor architecture: Intel x86
13:46:40.0598 0x1434  Number of processors: 2
13:46:40.0598 0x1434  Page size: 0x1000
13:46:40.0598 0x1434  Boot type: Normal boot
13:46:40.0598 0x1434  ============================================================
13:46:43.0720 0x1434  KLMD registered as C:\Windows\system32\drivers\13342765.sys
13:46:45.0126 0x1434  System UUID: {CD183038-62F3-3044-58F8-6120278F0065}
13:46:48.0310 0x1434  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:46:48.0362 0x1434  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:46:48.0392 0x1434  ============================================================
13:46:48.0392 0x1434  \Device\Harddisk0\DR0:
13:46:48.0412 0x1434  MBR partitions:
13:46:48.0412 0x1434  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:46:48.0412 0x1434  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
13:46:48.0412 0x1434  \Device\Harddisk1\DR1:
13:46:48.0412 0x1434  MBR partitions:
13:46:48.0412 0x1434  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:46:48.0412 0x1434  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
13:46:48.0412 0x1434  ============================================================
13:46:48.0504 0x1434  C: <-> \Device\Harddisk0\DR0\Partition2
13:46:48.0544 0x1434  E: <-> \Device\Harddisk1\DR1\Partition1
13:46:48.0594 0x1434  F: <-> \Device\Harddisk1\DR1\Partition2
13:46:48.0594 0x1434  ============================================================
13:46:48.0594 0x1434  Initialize success
13:46:48.0594 0x1434  ============================================================
13:47:14.0916 0x17dc  ============================================================
13:47:14.0916 0x17dc  Scan started
13:47:14.0916 0x17dc  Mode: Manual;
13:47:14.0916 0x17dc  ============================================================
13:47:14.0916 0x17dc  KSN ping started
13:47:29.0283 0x17dc  KSN ping finished: true
13:47:32.0076 0x17dc  ================ Scan system memory ========================
13:47:32.0076 0x17dc  System memory - ok
13:47:32.0076 0x17dc  ================ Scan services =============================
13:47:32.0310 0x17dc  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:47:32.0325 0x17dc  1394ohci - ok
13:47:32.0403 0x17dc  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:47:32.0419 0x17dc  ACPI - ok
13:47:32.0434 0x17dc  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:47:32.0450 0x17dc  AcpiPmi - ok
13:47:32.0528 0x17dc  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A, F419E159D3E428A3929A1A983142E7B0783D3F104EE9587585418E51011E4B8F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:47:32.0544 0x17dc  AdobeARMservice - ok
13:47:32.0637 0x17dc  [ 4E48A7DF7ECACB38C686B2BEBAA687A3, D4DEE6BD464855B24A6D40BC6A9279B2041099615C6A319D869DA113AD896EA3 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:47:32.0653 0x17dc  AdobeFlashPlayerUpdateSvc - ok
13:47:32.0715 0x17dc  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:47:32.0715 0x17dc  adp94xx - ok
13:47:32.0762 0x17dc  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:47:32.0762 0x17dc  adpahci - ok
13:47:32.0793 0x17dc  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:47:32.0793 0x17dc  adpu320 - ok
13:47:32.0824 0x17dc  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:47:32.0840 0x17dc  AeLookupSvc - ok
13:47:32.0887 0x17dc  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
13:47:32.0918 0x17dc  AFD - ok
13:47:32.0980 0x17dc  [ 7E10E3BB9B258AD8A9300F91214D67B9, CE5FAD7BF78234B64EAADF64DB23F3C342AADB9C5E3B0168E57863F494F30318 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
13:47:33.0012 0x17dc  AgereSoftModem - ok
13:47:33.0058 0x17dc  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
13:47:33.0058 0x17dc  agp440 - ok
13:47:33.0090 0x17dc  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:47:33.0090 0x17dc  aic78xx - ok
13:47:33.0152 0x17dc  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
13:47:33.0152 0x17dc  ALG - ok
13:47:33.0168 0x17dc  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:47:33.0183 0x17dc  aliide - ok
13:47:33.0246 0x17dc  [ B19505648F033393E907E2E419FDE8B3, BEF76AAD61FE0CA1F2B91C491FD94DE1BE67E776BBB7972D57ADFBE0333E9615 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:47:33.0246 0x17dc  AMD External Events Utility - ok
13:47:33.0292 0x17dc  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:47:33.0292 0x17dc  amdagp - ok
13:47:33.0324 0x17dc  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:47:33.0324 0x17dc  amdide - ok
13:47:33.0370 0x17dc  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:47:33.0386 0x17dc  AmdK8 - ok
13:47:33.0417 0x17dc  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:47:33.0417 0x17dc  AmdPPM - ok
13:47:33.0464 0x17dc  [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:47:33.0480 0x17dc  amdsata - ok
13:47:33.0511 0x17dc  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:47:33.0526 0x17dc  amdsbs - ok
13:47:33.0558 0x17dc  [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:47:33.0573 0x17dc  amdxata - ok
13:47:33.0604 0x17dc  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
13:47:33.0620 0x17dc  AppID - ok
13:47:33.0667 0x17dc  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:47:33.0682 0x17dc  AppIDSvc - ok
13:47:33.0698 0x17dc  [ FB1959012294D6AD43E5304DF65E3C26, CFE906B07FF71A178CF9C254B056C6F5A303DDC511F0E4E1E75808F1D5326495 ] Appinfo         C:\Windows\System32\appinfo.dll
13:47:33.0714 0x17dc  Appinfo - ok
13:47:33.0807 0x17dc  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:47:33.0807 0x17dc  Apple Mobile Device - ok
13:47:33.0885 0x17dc  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:47:33.0901 0x17dc  AppMgmt - ok
13:47:33.0963 0x17dc  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
13:47:33.0963 0x17dc  arc - ok
13:47:33.0994 0x17dc  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:47:33.0994 0x17dc  arcsas - ok
13:47:34.0104 0x17dc  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:47:34.0119 0x17dc  aspnet_state - ok
13:47:34.0260 0x17dc  [ 9D23DE88C3B18BA87CD4587177CA6CEA, 46DBB867FC73E30320852F744F38B66906DD5B96C4EBB03F504CF33E867A8470 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
13:47:34.0260 0x17dc  aswHwid - ok
13:47:34.0322 0x17dc  [ 73A9014A9C4B19AA093DA05ED4246E27, F03C8433EB00229490BCD293CC97EF72452E156212D56C24BBA95C8E1B207D1A ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:47:34.0322 0x17dc  aswMonFlt - ok
13:47:34.0353 0x17dc  [ DE8D7912469E4BC5FAED78D9D1076888, 8545139B7A7D0B672A0225686BFB03EBEA6E7202D93B772CB2F74CA9E4D7F81D ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
13:47:34.0353 0x17dc  aswRdr - ok
13:47:34.0400 0x17dc  [ 6544697080421E62E97AAFBD0A8AA391, BB3F492BF828A147B82FDD1FC9EB9867D96DE0481554A59745D41C6BAB551700 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:47:34.0416 0x17dc  aswRvrt - ok
13:47:34.0509 0x17dc  [ E73CBE3420ECFA8FF7D0467E170E335D, B994342C92AE9167908B8CA3D03DC278E919C7073512461AFFD4C25E8D2D8D66 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:47:34.0540 0x17dc  aswSnx - ok
13:47:34.0634 0x17dc  [ 1624D5AD126B8AFE2B2E85E5B8364EB6, AB97A74C1CA9921F7753D98516D7E11750D5D3ACD143C83273B0B295625440A0 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:47:34.0681 0x17dc  aswSP - ok
13:47:34.0712 0x17dc  [ 401E663D9CBAFB580FF37A1A44AC84D9, EFF1DA23A1F316B0FA03467F6C04B83EA39D8484A1A7EDF5FCFF20F1CF8DC2E2 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
13:47:34.0728 0x17dc  aswStm - ok
13:47:34.0759 0x17dc  [ 0EFBC2962B156E8AC267F96D4D93EF06, 8A69672CE8B68A0A683D583287473BFAB7CF8B9771C22E398607CF2A151C7124 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:47:34.0774 0x17dc  aswVmm - ok
13:47:34.0806 0x17dc  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:47:34.0806 0x17dc  AsyncMac - ok
13:47:34.0821 0x17dc  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:47:34.0821 0x17dc  atapi - ok
13:47:34.0930 0x17dc  [ 76BAB0C824E2D05B940C4DD40A9B08BF, 237C60123F5AFF06C20757E2791C0CA383DE094DB634C239E375639B1B923844 ] athr            C:\Windows\system32\DRIVERS\athr.sys
13:47:34.0993 0x17dc  athr - ok
13:47:35.0274 0x17dc  [ 04F09923A393E4E0E8453A8F78361E73, B5C0B9D1195B87AF823887AD9355CD2B4C4F4DDF34103891EE48EA86F0F544E7 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:47:35.0539 0x17dc  atikmdag - ok
13:47:35.0710 0x17dc  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:47:35.0757 0x17dc  AudioEndpointBuilder - ok
13:47:35.0804 0x17dc  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:47:35.0820 0x17dc  Audiosrv - ok
13:47:35.0882 0x17dc  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:47:35.0898 0x17dc  avast! Antivirus - ok
13:47:35.0944 0x17dc  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:47:35.0944 0x17dc  AxInstSV - ok
13:47:35.0991 0x17dc  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
13:47:36.0007 0x17dc  b06bdrv - ok
13:47:36.0054 0x17dc  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
13:47:36.0054 0x17dc  b57nd60x - ok
13:47:36.0100 0x17dc  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
13:47:36.0100 0x17dc  BDESVC - ok
13:47:36.0132 0x17dc  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:47:36.0132 0x17dc  Beep - ok
13:47:36.0178 0x17dc  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
13:47:36.0194 0x17dc  BFE - ok
13:47:36.0256 0x17dc  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
13:47:36.0272 0x17dc  BITS - ok
13:47:36.0319 0x17dc  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:47:36.0319 0x17dc  blbdrive - ok
13:47:36.0412 0x17dc  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:47:36.0428 0x17dc  Bonjour Service - ok
13:47:36.0475 0x17dc  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:47:36.0475 0x17dc  bowser - ok
13:47:36.0506 0x17dc  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:47:36.0506 0x17dc  BrFiltLo - ok
13:47:36.0522 0x17dc  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:47:36.0537 0x17dc  BrFiltUp - ok
13:47:36.0553 0x17dc  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
13:47:36.0568 0x17dc  Browser - ok
13:47:36.0615 0x17dc  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:47:36.0615 0x17dc  Brserid - ok
13:47:36.0646 0x17dc  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:47:36.0646 0x17dc  BrSerWdm - ok
13:47:36.0662 0x17dc  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:47:36.0662 0x17dc  BrUsbMdm - ok
13:47:36.0678 0x17dc  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:47:36.0678 0x17dc  BrUsbSer - ok
13:47:36.0834 0x17dc  [ 9D7BF8AB181DA27E2C13F701FCD5BD2F, 10EC68CA7DF602630853D77CD15252CFB48A1BCC37221E6AF0CC3580C39AB38A ] BstHdAndroidSvc C:\Program Files\BlueStacks\HD-Service.exe
13:47:36.0865 0x17dc  BstHdAndroidSvc - ok
13:47:36.0927 0x17dc  [ 75D81FE30E0FE8CDCCA6A63C760035B0, AA5903FAF22302E7CBF1F21B0574500E39831A19510CD20228095E80ED2D8762 ] BstHdDrv        C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys
13:47:36.0943 0x17dc  BstHdDrv - ok
13:47:36.0990 0x17dc  [ 15C160D8419F9FE74161B88B6A8EB799, AFA2E8848A4271A1FDCC89EA7E5FC06BC4FFA162AC88C18C0E888AD3042956D0 ] BstHdLogRotatorSvc C:\Program Files\BlueStacks\HD-LogRotatorService.exe
13:47:37.0005 0x17dc  BstHdLogRotatorSvc - ok
13:47:37.0036 0x17dc  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:47:37.0036 0x17dc  BTHMODEM - ok
13:47:37.0099 0x17dc  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
13:47:37.0114 0x17dc  bthserv - ok
13:47:37.0161 0x17dc  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:47:37.0161 0x17dc  cdfs - ok
13:47:37.0208 0x17dc  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:47:37.0208 0x17dc  cdrom - ok
13:47:37.0255 0x17dc  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:47:37.0270 0x17dc  CertPropSvc - ok
13:47:37.0302 0x17dc  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:47:37.0302 0x17dc  circlass - ok
13:47:37.0333 0x17dc  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
13:47:37.0333 0x17dc  CLFS - ok
13:47:37.0411 0x17dc  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:47:37.0426 0x17dc  clr_optimization_v2.0.50727_32 - ok
13:47:37.0489 0x17dc  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:47:37.0536 0x17dc  clr_optimization_v4.0.30319_32 - ok
13:47:37.0582 0x17dc  [ FA930A2F1425F6407E1FA9A3EAB43D0D, 2011E8EF46F67765EBF5209495E8965B0E14A8009D624164C53AE2D39DA3EF14 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
13:47:37.0582 0x17dc  clwvd - ok
13:47:37.0614 0x17dc  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:47:37.0614 0x17dc  CmBatt - ok
13:47:37.0645 0x17dc  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:47:37.0645 0x17dc  cmdide - ok
13:47:37.0723 0x17dc  [ 247B4CE2DAB1160CD422D532D5241E1F, CFE04DBE48B23B084C3F4C3D0F483B26F322E4693176D8739A412BE5D8BE597E ] CNG             C:\Windows\system32\Drivers\cng.sys
13:47:37.0723 0x17dc  CNG - ok
13:47:37.0816 0x17dc  [ F9A79C5B27037821112C50A9C8FB367A, D9990AE1A0CA767E54C9D3FD2C6EA2A068DFD5A270102E915F71648A0C59097B ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
13:47:37.0832 0x17dc  Com4QLBEx - ok
13:47:37.0848 0x17dc  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:47:37.0848 0x17dc  Compbatt - ok
13:47:37.0894 0x17dc  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:47:37.0894 0x17dc  CompositeBus - ok
13:47:37.0926 0x17dc  COMSysApp - ok
13:47:37.0941 0x17dc  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:47:37.0957 0x17dc  crcdisk - ok
13:47:38.0004 0x17dc  [ 06E771AA596B8761107AB57E99F128D7, 877B990BCBD32B732471AC0DDDD87629F7B073F97BCAC844F11FAB205A9F8719 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:47:38.0019 0x17dc  CryptSvc - ok
13:47:38.0066 0x17dc  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
13:47:38.0082 0x17dc  CSC - ok
13:47:38.0128 0x17dc  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
13:47:38.0144 0x17dc  CscService - ok
13:47:38.0238 0x17dc  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:47:38.0253 0x17dc  DcomLaunch - ok
13:47:38.0300 0x17dc  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
13:47:38.0300 0x17dc  defragsvc - ok
13:47:38.0347 0x17dc  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:47:38.0362 0x17dc  DfsC - ok
13:47:38.0425 0x17dc  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:47:38.0440 0x17dc  Dhcp - ok
13:47:38.0472 0x17dc  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
13:47:38.0472 0x17dc  discache - ok
13:47:38.0518 0x17dc  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
13:47:38.0518 0x17dc  Disk - ok
13:47:38.0550 0x17dc  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
13:47:38.0565 0x17dc  dmvsc - ok
13:47:38.0596 0x17dc  [ 2FE30D71919C51131405797620E0A714, 16060DDC32EF95EB6E37B91D50A96AB53CB0DEBB3DFDCB31975D16361092ABA5 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:47:38.0612 0x17dc  Dnscache - ok
13:47:38.0643 0x17dc  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:47:38.0643 0x17dc  dot3svc - ok
13:47:38.0690 0x17dc  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
13:47:38.0690 0x17dc  DPS - ok
13:47:38.0721 0x17dc  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:47:38.0721 0x17dc  drmkaud - ok
13:47:38.0768 0x17dc  [ 23F5D28378A160352BA8F817BD8C71CB, 11BF7B7E6276C28EFF74B8AF89B493CBB89B394D2A091708EDA15DA5C342FF19 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:47:38.0799 0x17dc  DXGKrnl - ok
13:47:38.0830 0x17dc  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
13:47:38.0846 0x17dc  EapHost - ok
13:47:38.0986 0x17dc  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
13:47:39.0080 0x17dc  ebdrv - ok
13:47:39.0127 0x17dc  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS             C:\Windows\System32\lsass.exe
13:47:39.0127 0x17dc  EFS - ok
13:47:39.0252 0x17dc  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:47:39.0267 0x17dc  ehRecvr - ok
13:47:39.0298 0x17dc  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
13:47:39.0298 0x17dc  ehSched - ok
13:47:39.0345 0x17dc  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:47:39.0361 0x17dc  elxstor - ok
13:47:39.0423 0x17dc  [ 70C764BFE0EC4B1B242E9626D3564443, F5019EAB779A4428D4662EB0B222E3DAE953CC702FBEDFC344D8EAD32A9C182B ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
13:47:39.0423 0x17dc  enecir - ok
13:47:39.0470 0x17dc  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:47:39.0470 0x17dc  ErrDev - ok
13:47:39.0532 0x17dc  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
13:47:39.0548 0x17dc  EventSystem - ok
13:47:39.0579 0x17dc  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:47:39.0595 0x17dc  exfat - ok
13:47:39.0610 0x17dc  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:47:39.0610 0x17dc  fastfat - ok
13:47:39.0657 0x17dc  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
13:47:39.0673 0x17dc  Fax - ok
13:47:39.0704 0x17dc  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
13:47:39.0704 0x17dc  fdc - ok
13:47:39.0735 0x17dc  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
13:47:39.0735 0x17dc  fdPHost - ok
13:47:39.0751 0x17dc  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:47:39.0751 0x17dc  FDResPub - ok
13:47:39.0766 0x17dc  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:47:39.0782 0x17dc  FileInfo - ok
13:47:39.0798 0x17dc  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:47:39.0798 0x17dc  Filetrace - ok
13:47:39.0829 0x17dc  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:47:39.0844 0x17dc  flpydisk - ok
13:47:39.0860 0x17dc  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:47:39.0876 0x17dc  FltMgr - ok
13:47:39.0938 0x17dc  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
13:47:39.0969 0x17dc  FontCache - ok
13:47:40.0063 0x17dc  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:47:40.0078 0x17dc  FontCache3.0.0.0 - ok
13:47:40.0203 0x17dc  [ 01D875EF64B187F8C0775E2616AD56A4, F287E5F5D85BF2E10F5D6E124574FC7B294443F38B54EF20614B9589459BADC2 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
13:47:40.0219 0x17dc  Freemake Improver - ok
13:47:40.0281 0x17dc  [ BDF9B38E0331115B3D94157BAF368408, 9F01AB78441B04027D3C662503EAF0B20F6DC9F16A5AD82B000294454B2B12B3 ] FreemakeVideoCapture C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
13:47:40.0281 0x17dc  FreemakeVideoCapture - ok
13:47:40.0344 0x17dc  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:47:40.0359 0x17dc  FsDepends - ok
13:47:40.0390 0x17dc  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:47:40.0390 0x17dc  Fs_Rec - ok
13:47:40.0453 0x17dc  [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:47:40.0453 0x17dc  fvevol - ok
13:47:40.0484 0x17dc  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:47:40.0484 0x17dc  gagp30kx - ok
13:47:40.0515 0x17dc  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:47:40.0515 0x17dc  GEARAspiWDM - ok
13:47:40.0593 0x17dc  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:47:40.0640 0x17dc  gpsvc - ok
13:47:40.0734 0x17dc  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
13:47:40.0749 0x17dc  gupdate - ok
13:47:40.0765 0x17dc  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:47:40.0780 0x17dc  gupdatem - ok
13:47:40.0827 0x17dc  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:47:40.0827 0x17dc  hcw85cir - ok
13:47:40.0890 0x17dc  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:47:40.0905 0x17dc  HdAudAddService - ok
13:47:40.0936 0x17dc  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:47:40.0952 0x17dc  HDAudBus - ok
13:47:40.0968 0x17dc  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:47:40.0968 0x17dc  HidBatt - ok
13:47:40.0983 0x17dc  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:47:40.0983 0x17dc  HidBth - ok
13:47:40.0999 0x17dc  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:47:40.0999 0x17dc  HidIr - ok
13:47:41.0046 0x17dc  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
13:47:41.0061 0x17dc  hidserv - ok
13:47:41.0108 0x17dc  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:47:41.0108 0x17dc  HidUsb - ok
13:47:41.0155 0x17dc  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:47:41.0170 0x17dc  hkmsvc - ok
13:47:41.0202 0x17dc  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:47:41.0217 0x17dc  HomeGroupListener - ok
13:47:41.0248 0x17dc  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:47:41.0264 0x17dc  HomeGroupProvider - ok
13:47:41.0311 0x17dc  [ 1210960FF8928950D2A786895B0C424A, 22C8785E024CFDD3A43FAEAAA96B8332C37E9B6C765AB7AFBCD3DAA2DC9EFFC7 ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
13:47:41.0311 0x17dc  HpqKbFiltr - ok
13:47:41.0373 0x17dc  [ FDF273A845F1FFCCEADF363AAF47582F, 9BB99346A977225EF77261CD3CF4219A238EB06FFE2DB91D00A0037BDCFECEF1 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
13:47:41.0389 0x17dc  hpqwmiex - ok
13:47:41.0420 0x17dc  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:47:41.0436 0x17dc  HpSAMD - ok
13:47:41.0498 0x17dc  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:47:41.0560 0x17dc  HTTP - ok
13:47:41.0576 0x17dc  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:47:41.0576 0x17dc  hwpolicy - ok
13:47:41.0623 0x17dc  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:47:41.0638 0x17dc  i8042prt - ok
13:47:41.0670 0x17dc  [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:47:41.0701 0x17dc  iaStorV - ok
13:47:41.0810 0x17dc  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:47:41.0841 0x17dc  idsvc - ok
13:47:41.0872 0x17dc  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:47:41.0888 0x17dc  iirsp - ok
13:47:41.0982 0x17dc  [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:47:42.0013 0x17dc  IKEEXT - ok
13:47:42.0044 0x17dc  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:47:42.0044 0x17dc  intelide - ok
13:47:42.0091 0x17dc  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\drivers\intelppm.sys
13:47:42.0091 0x17dc  intelppm - ok
13:47:42.0138 0x17dc  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:47:42.0153 0x17dc  IPBusEnum - ok
13:47:42.0184 0x17dc  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:47:42.0184 0x17dc  IpFilterDriver - ok
13:47:42.0247 0x17dc  [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:47:42.0262 0x17dc  iphlpsvc - ok
13:47:42.0309 0x17dc  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:47:42.0309 0x17dc  IPMIDRV - ok
13:47:42.0340 0x17dc  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:47:42.0356 0x17dc  IPNAT - ok
13:47:42.0496 0x17dc  [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:47:42.0512 0x17dc  iPod Service - ok
13:47:42.0543 0x17dc  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:47:42.0543 0x17dc  IRENUM - ok
13:47:42.0574 0x17dc  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:47:42.0590 0x17dc  isapnp - ok
13:47:42.0606 0x17dc  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:47:42.0621 0x17dc  iScsiPrt - ok
13:47:42.0684 0x17dc  [ 8C17DEB1995E593853373C30485E7368, EBD4CE3CF6CD2E020EF9F8290EE644AA2379DA98A0E73288782C5A10A3D89565 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
13:47:42.0715 0x17dc  JMCR - ok
13:47:42.0746 0x17dc  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:47:42.0746 0x17dc  kbdclass - ok
13:47:42.0777 0x17dc  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:47:42.0793 0x17dc  kbdhid - ok
13:47:42.0808 0x17dc  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso          C:\Windows\system32\lsass.exe
13:47:42.0808 0x17dc  KeyIso - ok
13:47:42.0840 0x17dc  [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:47:42.0840 0x17dc  KSecDD - ok
13:47:42.0902 0x17dc  [ D30159AC9237519FBC62C6EC247D2D46, 10BDE041C95D0CCD3591ED497002043FEC3A5F732D7AE311FBA457E0FE16CE4B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:47:42.0918 0x17dc  KSecPkg - ok
13:47:42.0964 0x17dc  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:47:42.0996 0x17dc  KtmRm - ok
13:47:43.0042 0x17dc  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:47:43.0058 0x17dc  LanmanServer - ok
13:47:43.0105 0x17dc  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:47:43.0120 0x17dc  LanmanWorkstation - ok
13:47:43.0198 0x17dc  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:47:43.0198 0x17dc  lltdio - ok
13:47:43.0276 0x17dc  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:47:43.0308 0x17dc  lltdsvc - ok
13:47:43.0339 0x17dc  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:47:43.0339 0x17dc  lmhosts - ok
13:47:43.0370 0x17dc  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:47:43.0386 0x17dc  LSI_FC - ok
13:47:43.0417 0x17dc  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:47:43.0417 0x17dc  LSI_SAS - ok
13:47:43.0432 0x17dc  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:47:43.0432 0x17dc  LSI_SAS2 - ok
13:47:43.0448 0x17dc  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:47:43.0448 0x17dc  LSI_SCSI - ok
13:47:43.0479 0x17dc  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:47:43.0479 0x17dc  luafv - ok
13:47:43.0526 0x17dc  [ A3F4391DFDF2F9E9FE4EAD193265A5AD, A60A1A345622F4758181FB0B6EE784B0B718105FEE7B0F6FEDE5AD59FE448EE1 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:47:43.0542 0x17dc  MBAMProtector - ok
13:47:43.0713 0x17dc  [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
13:47:43.0760 0x17dc  MBAMScheduler - ok
13:47:43.0822 0x17dc  [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
13:47:43.0869 0x17dc  MBAMService - ok
13:47:43.0963 0x17dc  [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
13:47:43.0978 0x17dc  MBAMSwissArmy - ok
13:47:44.0010 0x17dc  [ 312CD3307F600E7CD340B79B3DCB3A01, 861A6DFC53C69743129DAAFE73DECDE8D842475503E8D713E7CE5D22AC8D1370 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
13:47:44.0010 0x17dc  MBAMWebAccessControl - ok
13:47:44.0056 0x17dc  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:47:44.0088 0x17dc  Mcx2Svc - ok
13:47:44.0134 0x17dc  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:47:44.0134 0x17dc  megasas - ok
13:47:44.0181 0x17dc  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:47:44.0197 0x17dc  MegaSR - ok
13:47:44.0275 0x17dc  [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:47:44.0290 0x17dc  Microsoft Office Groove Audit Service - ok
13:47:44.0337 0x17dc  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
13:47:44.0353 0x17dc  MMCSS - ok
13:47:44.0384 0x17dc  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
13:47:44.0384 0x17dc  Modem - ok
13:47:44.0415 0x17dc  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:47:44.0415 0x17dc  monitor - ok
13:47:44.0446 0x17dc  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:47:44.0446 0x17dc  mouclass - ok
13:47:44.0478 0x17dc  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:47:44.0478 0x17dc  mouhid - ok
13:47:44.0493 0x17dc  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:47:44.0509 0x17dc  mountmgr - ok
13:47:44.0571 0x17dc  [ D1CB0BC1CBA61639FE7162C5476A22C0, 80469683BD18CE0B6E9D9BD3613A63896F3D50A783EFDC15CEA28560C151C6B9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:47:44.0587 0x17dc  MozillaMaintenance - ok
13:47:44.0634 0x17dc  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:47:44.0634 0x17dc  mpio - ok
13:47:44.0665 0x17dc  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:47:44.0665 0x17dc  mpsdrv - ok
13:47:44.0712 0x17dc  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:47:44.0743 0x17dc  MpsSvc - ok
13:47:44.0774 0x17dc  [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:47:44.0774 0x17dc  MRxDAV - ok
13:47:44.0836 0x17dc  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:47:44.0852 0x17dc  mrxsmb - ok
13:47:44.0899 0x17dc  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:47:44.0899 0x17dc  mrxsmb10 - ok
13:47:44.0930 0x17dc  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:47:44.0930 0x17dc  mrxsmb20 - ok
13:47:44.0961 0x17dc  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:47:44.0961 0x17dc  msahci - ok
13:47:45.0039 0x17dc  [ 7A0BD2093B09FBDC555CE707A26756AB, B6F061173919B9A3DE72B3DB2C09CB30562AEAEC1CCEFFAB5C9CC484023B587F ] MsDepSvc        C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
13:47:45.0055 0x17dc  MsDepSvc - ok
13:47:45.0086 0x17dc  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:47:45.0102 0x17dc  msdsm - ok
13:47:45.0133 0x17dc  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
13:47:45.0148 0x17dc  MSDTC - ok
13:47:45.0195 0x17dc  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:47:45.0195 0x17dc  Msfs - ok
13:47:45.0226 0x17dc  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:47:45.0226 0x17dc  mshidkmdf - ok
13:47:45.0226 0x17dc  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:47:45.0242 0x17dc  msisadrv - ok
13:47:45.0273 0x17dc  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:47:45.0289 0x17dc  MSiSCSI - ok
13:47:45.0289 0x17dc  msiserver - ok
13:47:45.0320 0x17dc  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:47:45.0320 0x17dc  MSKSSRV - ok
13:47:45.0336 0x17dc  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:47:45.0336 0x17dc  MSPCLOCK - ok
13:47:45.0351 0x17dc  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:47:45.0367 0x17dc  MSPQM - ok
13:47:45.0382 0x17dc  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:47:45.0398 0x17dc  MsRPC - ok
13:47:45.0414 0x17dc  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:47:45.0414 0x17dc  mssmbios - ok
13:47:45.0429 0x17dc  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:47:45.0429 0x17dc  MSTEE - ok
13:47:45.0460 0x17dc  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:47:45.0460 0x17dc  MTConfig - ok
13:47:45.0476 0x17dc  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:47:45.0492 0x17dc  Mup - ok
13:47:45.0523 0x17dc  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
13:47:45.0538 0x17dc  napagent - ok
13:47:45.0585 0x17dc  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:47:45.0585 0x17dc  NativeWifiP - ok
13:47:45.0648 0x17dc  [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:47:45.0679 0x17dc  NDIS - ok
13:47:45.0710 0x17dc  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:47:45.0710 0x17dc  NdisCap - ok
13:47:45.0741 0x17dc  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:47:45.0741 0x17dc  NdisTapi - ok
13:47:45.0772 0x17dc  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:47:45.0772 0x17dc  Ndisuio - ok
13:47:45.0804 0x17dc  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:47:45.0804 0x17dc  NdisWan - ok
13:47:45.0835 0x17dc  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:47:45.0835 0x17dc  NDProxy - ok
13:47:45.0897 0x17dc  [ 1352E1648213551923A0A822E441553C, F9BCA299249D8E1ADF88F54554F72428E267E39911143F4C99DFF562F0EE4E70 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
13:47:45.0897 0x17dc  Netaapl - ok
13:47:45.0944 0x17dc  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:47:45.0944 0x17dc  NetBIOS - ok
13:47:45.0975 0x17dc  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:47:45.0975 0x17dc  NetBT - ok
13:47:45.0991 0x17dc  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon        C:\Windows\system32\lsass.exe
13:47:46.0006 0x17dc  Netlogon - ok
13:47:46.0053 0x17dc  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
13:47:46.0053 0x17dc  Netman - ok
13:47:46.0100 0x17dc  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:47:46.0116 0x17dc  NetMsmqActivator - ok
13:47:46.0131 0x17dc  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:47:46.0131 0x17dc  NetPipeActivator - ok
13:47:46.0178 0x17dc  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
13:47:46.0194 0x17dc  netprofm - ok
13:47:46.0225 0x17dc  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:47:46.0240 0x17dc  NetTcpActivator - ok
13:47:46.0240 0x17dc  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:47:46.0256 0x17dc  NetTcpPortSharing - ok
13:47:46.0287 0x17dc  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:47:46.0287 0x17dc  nfrd960 - ok
13:47:46.0318 0x17dc  [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:47:46.0334 0x17dc  NlaSvc - ok
13:47:46.0381 0x17dc  [ B48DC6ABCD3AEFF8618350CCBDC6B09A, 824D8B03E061DDD0D33EF9F03C669B13E7B6E339684009BD44D69178C45E2DE1 ] npf             C:\Windows\system32\drivers\npf.sys
13:47:46.0396 0x17dc  npf - ok
13:47:46.0412 0x17dc  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:47:46.0412 0x17dc  Npfs - ok
13:47:46.0443 0x17dc  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
13:47:46.0443 0x17dc  nsi - ok
13:47:46.0474 0x17dc  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:47:46.0474 0x17dc  nsiproxy - ok
13:47:46.0568 0x17dc  [ 33C3093D09017CFE2E219F2472BFF6EB, DE46C7A53C3606F036DED1EE8A81B79CAF3171A7E97DA2F71712E2DA046A262E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:47:46.0646 0x17dc  Ntfs - ok
13:47:46.0677 0x17dc  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
13:47:46.0677 0x17dc  Null - ok
13:47:46.0693 0x17dc  [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:47:46.0708 0x17dc  nvraid - ok
13:47:46.0724 0x17dc  [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:47:46.0740 0x17dc  nvstor - ok
13:47:46.0755 0x17dc  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:47:46.0771 0x17dc  nv_agp - ok
13:47:46.0880 0x17dc  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:47:46.0896 0x17dc  odserv - ok
13:47:46.0927 0x17dc  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:47:46.0927 0x17dc  ohci1394 - ok
13:47:46.0974 0x17dc  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:47:46.0974 0x17dc  ose - ok
13:47:47.0036 0x17dc  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:47:47.0052 0x17dc  p2pimsvc - ok
13:47:47.0098 0x17dc  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:47:47.0114 0x17dc  p2psvc - ok
13:47:47.0145 0x17dc  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
13:47:47.0161 0x17dc  Parport - ok
13:47:47.0208 0x17dc  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:47:47.0223 0x17dc  partmgr - ok
13:47:47.0239 0x17dc  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
13:47:47.0254 0x17dc  Parvdm - ok
13:47:47.0270 0x17dc  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:47:47.0286 0x17dc  PcaSvc - ok
13:47:47.0301 0x17dc  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
13:47:47.0317 0x17dc  pci - ok
13:47:47.0317 0x17dc  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:47:47.0317 0x17dc  pciide - ok
13:47:47.0332 0x17dc  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:47:47.0348 0x17dc  pcmcia - ok
13:47:47.0364 0x17dc  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:47:47.0364 0x17dc  pcw - ok
13:47:47.0410 0x17dc  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:47:47.0426 0x17dc  PEAUTH - ok
13:47:47.0520 0x17dc  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:47:47.0582 0x17dc  PeerDistSvc - ok
13:47:47.0676 0x17dc  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
13:47:47.0722 0x17dc  pla - ok
13:47:47.0816 0x17dc  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:47:47.0847 0x17dc  PlugPlay - ok
13:47:47.0878 0x17dc  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:47:47.0878 0x17dc  PNRPAutoReg - ok
13:47:47.0910 0x17dc  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:47:47.0925 0x17dc  PNRPsvc - ok
13:47:47.0972 0x17dc  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:47:47.0988 0x17dc  PolicyAgent - ok
13:47:48.0034 0x17dc  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
13:47:48.0034 0x17dc  Power - ok
13:47:48.0097 0x17dc  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:47:48.0112 0x17dc  PptpMiniport - ok
13:47:48.0128 0x17dc  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
13:47:48.0144 0x17dc  Processor - ok
13:47:48.0206 0x17dc  [ 43CA4CCC22D52FB58E8988F0198851D0, DF67BD70D9D82677AE61244B4E54677A5008A7F5EB531DF2A7E7D33F1658EA78 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:47:48.0222 0x17dc  ProfSvc - ok
13:47:48.0237 0x17dc  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
13:47:48.0237 0x17dc  ProtectedStorage - ok
13:47:48.0284 0x17dc  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:47:48.0284 0x17dc  Psched - ok
13:47:48.0378 0x17dc  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:47:48.0424 0x17dc  ql2300 - ok
13:47:48.0456 0x17dc  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:47:48.0456 0x17dc  ql40xx - ok
13:47:48.0502 0x17dc  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
13:47:48.0518 0x17dc  QWAVE - ok
13:47:48.0565 0x17dc  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:47:48.0565 0x17dc  QWAVEdrv - ok
13:47:48.0580 0x17dc  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:47:48.0580 0x17dc  RasAcd - ok
13:47:48.0612 0x17dc  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:47:48.0627 0x17dc  RasAgileVpn - ok
13:47:48.0643 0x17dc  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
13:47:48.0658 0x17dc  RasAuto - ok
13:47:48.0674 0x17dc  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:47:48.0674 0x17dc  Rasl2tp - ok
13:47:48.0705 0x17dc  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
13:47:48.0721 0x17dc  RasMan - ok
13:47:48.0752 0x17dc  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:47:48.0752 0x17dc  RasPppoe - ok
13:47:48.0799 0x17dc  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:47:48.0814 0x17dc  RasSstp - ok
13:47:48.0846 0x17dc  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:47:48.0861 0x17dc  rdbss - ok
13:47:48.0877 0x17dc  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:47:48.0877 0x17dc  rdpbus - ok
13:47:48.0892 0x17dc  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:47:48.0892 0x17dc  RDPCDD - ok
13:47:48.0924 0x17dc  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:47:48.0924 0x17dc  RDPDR - ok
13:47:48.0955 0x17dc  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:47:48.0970 0x17dc  RDPENCDD - ok
13:47:49.0002 0x17dc  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:47:49.0002 0x17dc  RDPREFMP - ok
13:47:49.0048 0x17dc  [ 68A0387F58E226DEEE23D9715955572A, F95BB1D2BB3E79AF47B1C715BB5E3003EEF888AAA963F46F4A2FE8AFBD4F37A4 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:47:49.0048 0x17dc  RdpVideoMiniport - ok
13:47:49.0095 0x17dc  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:47:49.0111 0x17dc  RDPWD - ok
13:47:49.0158 0x17dc  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:47:49.0158 0x17dc  rdyboost - ok
13:47:49.0204 0x17dc  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:47:49.0204 0x17dc  RemoteAccess - ok
13:47:49.0251 0x17dc  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:47:49.0267 0x17dc  RemoteRegistry - ok
13:47:49.0360 0x17dc  [ B60F58F175DE20A6739194E85B035178, 6E66D6041AF0B69896E4556F9FF3A3AA70CF4B09FFBE68E14E60313C5E3FFDDB ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
13:47:49.0376 0x17dc  rpcapd - ok
13:47:49.0423 0x17dc  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:47:49.0423 0x17dc  RpcEptMapper - ok
13:47:49.0454 0x17dc  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
13:47:49.0470 0x17dc  RpcLocator - ok
13:47:49.0485 0x17dc  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
13:47:49.0501 0x17dc  RpcSs - ok
13:47:49.0548 0x17dc  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:47:49.0563 0x17dc  rspndr - ok
13:47:49.0626 0x17dc  [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
13:47:49.0641 0x17dc  RTL8167 - ok
13:47:49.0688 0x17dc  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:47:49.0688 0x17dc  s3cap - ok
13:47:49.0704 0x17dc  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs           C:\Windows\system32\lsass.exe
13:47:49.0719 0x17dc  SamSs - ok
13:47:49.0735 0x17dc  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:47:49.0750 0x17dc  sbp2port - ok
13:47:49.0782 0x17dc  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:47:49.0782 0x17dc  SCardSvr - ok
13:47:49.0797 0x17dc  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:47:49.0813 0x17dc  scfilter - ok
13:47:49.0860 0x17dc  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
13:47:49.0891 0x17dc  Schedule - ok
13:47:49.0906 0x17dc  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:47:49.0922 0x17dc  SCPolicySvc - ok
13:47:49.0938 0x17dc  [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
13:47:49.0953 0x17dc  sdbus - ok
13:47:49.0984 0x17dc  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:47:50.0000 0x17dc  SDRSVC - ok
13:47:50.0031 0x17dc  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:47:50.0047 0x17dc  secdrv - ok
13:47:50.0062 0x17dc  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
13:47:50.0078 0x17dc  seclogon - ok
13:47:50.0094 0x17dc  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
13:47:50.0109 0x17dc  SENS - ok
13:47:50.0140 0x17dc  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:47:50.0156 0x17dc  SensrSvc - ok
13:47:50.0172 0x17dc  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:47:50.0172 0x17dc  Serenum - ok
13:47:50.0203 0x17dc  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
13:47:50.0203 0x17dc  Serial - ok
13:47:50.0234 0x17dc  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:47:50.0234 0x17dc  sermouse - ok
13:47:50.0281 0x17dc  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:47:50.0281 0x17dc  SessionEnv - ok
13:47:50.0328 0x17dc  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:47:50.0328 0x17dc  sffdisk - ok
13:47:50.0359 0x17dc  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:47:50.0359 0x17dc  sffp_mmc - ok
13:47:50.0374 0x17dc  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:47:50.0374 0x17dc  sffp_sd - ok
13:47:50.0390 0x17dc  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:47:50.0390 0x17dc  sfloppy - ok
13:47:50.0468 0x17dc  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:47:50.0499 0x17dc  SharedAccess - ok
13:47:50.0546 0x17dc  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:47:50.0577 0x17dc  ShellHWDetection - ok
13:47:50.0608 0x17dc  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:47:50.0624 0x17dc  sisagp - ok
13:47:50.0655 0x17dc  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:47:50.0655 0x17dc  SiSRaid2 - ok
13:47:50.0686 0x17dc  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:47:50.0686 0x17dc  SiSRaid4 - ok
13:47:50.0718 0x17dc  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:47:50.0718 0x17dc  Smb - ok
13:47:50.0780 0x17dc  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:47:50.0796 0x17dc  SNMPTRAP - ok
13:47:50.0842 0x17dc  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:47:50.0842 0x17dc  spldr - ok
13:47:50.0874 0x17dc  [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler         C:\Windows\System32\spoolsv.exe
13:47:50.0889 0x17dc  Spooler - ok
13:47:51.0076 0x17dc  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
13:47:51.0186 0x17dc  sppsvc - ok
13:47:51.0232 0x17dc  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:47:51.0264 0x17dc  sppuinotify - ok
13:47:51.0342 0x17dc  [ 112127C3B2E64D7680CC39CD0A39DD7E, ABE8B868CFE0EF4DAF886517047DBFD5A9C964983FAA499AC086CCD45BA46366 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:47:51.0357 0x17dc  srv - ok
13:47:51.0404 0x17dc  [ E5DD784A4EE5EBC72A86C677C988FCDB, 5D54C9AF291F8047DD66C31671F279A5D7EE8BCB5E55640F5F976E16211F59DD ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:47:51.0420 0x17dc  srv2 - ok
13:47:51.0451 0x17dc  [ CDBE627E16CC9E98F343D73F8E81D258, 25A68A6F943FCBA79A0D97ABC5B2EAEEB65C268F1CB2DD445ABF7E2758DF2802 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:47:51.0451 0x17dc  srvnet - ok
13:47:51.0482 0x17dc  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:47:51.0498 0x17dc  SSDPSRV - ok
13:47:51.0529 0x17dc  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:47:51.0544 0x17dc  SstpSvc - ok
13:47:51.0560 0x17dc  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:47:51.0560 0x17dc  stexstor - ok
13:47:51.0622 0x17dc  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
13:47:51.0638 0x17dc  StiSvc - ok
13:47:51.0685 0x17dc  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:47:51.0685 0x17dc  storflt - ok
13:47:51.0716 0x17dc  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:47:51.0716 0x17dc  storvsc - ok
13:47:51.0763 0x17dc  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:47:51.0763 0x17dc  swenum - ok
13:47:51.0841 0x17dc  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
13:47:51.0872 0x17dc  swprv - ok
13:47:51.0903 0x17dc  [ F2AD8960812FD111E20E84659EF19D43, FAC91E940D3735738908447E58792C32E6F86427612114A624041B7213831105 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
13:47:51.0919 0x17dc  Synth3dVsc - ok
13:47:52.0044 0x17dc  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
13:47:52.0075 0x17dc  SysMain - ok
13:47:52.0106 0x17dc  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
13:47:52.0106 0x17dc  TabletInputService - ok
13:47:52.0168 0x17dc  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:47:52.0184 0x17dc  TapiSrv - ok
13:47:52.0215 0x17dc  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
13:47:52.0231 0x17dc  TBS - ok
13:47:52.0356 0x17dc  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:47:52.0402 0x17dc  Tcpip - ok
13:47:52.0543 0x17dc  [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:47:52.0605 0x17dc  TCPIP6 - ok
13:47:52.0652 0x17dc  [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:47:52.0652 0x17dc  tcpipreg - ok
13:47:52.0668 0x17dc  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:47:52.0683 0x17dc  TDPIPE - ok
13:47:52.0714 0x17dc  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:47:52.0714 0x17dc  TDTCP - ok
13:47:52.0730 0x17dc  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:47:52.0730 0x17dc  tdx - ok
13:47:52.0917 0x17dc  [ 2BBB318EA9F34FDC508CEA4AAB98D770, AA98BDB7677A452E38DB207E09A522C558F9E09DE43A57D24CD776C6248CC015 ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
13:47:53.0026 0x17dc  TeamViewer7 - ok
13:47:53.0073 0x17dc  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:47:53.0073 0x17dc  TermDD - ok
13:47:53.0104 0x17dc  [ 052306FD76793D5D5AB5D9891FD1ADBB, A590F01A42EC979664044B811E7C98F58D6A23AA025B5A1DD0E5F63BF70B2649 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
13:47:53.0120 0x17dc  terminpt - ok
13:47:53.0151 0x17dc  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
13:47:53.0182 0x17dc  TermService - ok
13:47:53.0214 0x17dc  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
13:47:53.0229 0x17dc  Themes - ok
13:47:53.0260 0x17dc  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
13:47:53.0276 0x17dc  THREADORDER - ok
13:47:53.0307 0x17dc  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
13:47:53.0338 0x17dc  TrkWks - ok
13:47:53.0416 0x17dc  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:47:53.0432 0x17dc  TrustedInstaller - ok
13:47:53.0463 0x17dc  [ 254BB140EEE3C59D6114C1A86B636877, EE09D62E90407A40278F2136F640DAB16A4E2BF57D4FB6E05F92CA9CC9CF57C0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:47:53.0463 0x17dc  tssecsrv - ok
13:47:53.0479 0x17dc  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:47:53.0479 0x17dc  TsUsbFlt - ok
13:47:53.0510 0x17dc  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:47:53.0526 0x17dc  TsUsbGD - ok
13:47:53.0541 0x17dc  [ 045ACB987C650D8186C6B4A692223860, C1CDDF7DABAE531C53290C7C70F35DD65751B399D269711865AD65F9E4E43B0B ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
13:47:53.0557 0x17dc  tsusbhub - ok
13:47:53.0604 0x17dc  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:47:53.0604 0x17dc  tunnel - ok
13:47:53.0635 0x17dc  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:47:53.0635 0x17dc  uagp35 - ok
13:47:53.0666 0x17dc  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:47:53.0682 0x17dc  udfs - ok
13:47:53.0713 0x17dc  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:47:53.0728 0x17dc  UI0Detect - ok
13:47:53.0775 0x17dc  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:47:53.0775 0x17dc  uliagpkx - ok
13:47:53.0822 0x17dc  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:47:53.0822 0x17dc  umbus - ok
13:47:53.0853 0x17dc  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:47:53.0853 0x17dc  UmPass - ok
13:47:53.0916 0x17dc  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:47:53.0916 0x17dc  UmRdpService - ok
13:47:53.0994 0x17dc  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
13:47:54.0009 0x17dc  upnphost - ok
13:47:54.0056 0x17dc  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
13:47:54.0072 0x17dc  USBAAPL - ok
13:47:54.0118 0x17dc  [ 1D9F2BD026E8E2D45033A4DF3F16B78C, 72603E0A614F382AF69972F0930FD168B805922599DB9A7410B20CB391A9B933 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:47:54.0118 0x17dc  usbaudio - ok
13:47:54.0150 0x17dc  [ 7E72E7D7E0757D59481D530FD2B0BFAE, 288CAC9F4AC09DEB2B30C6E3A6ACF8D62A75576F62F0EC159D5E1B257419E9DC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:47:54.0165 0x17dc  usbccgp - ok
13:47:54.0196 0x17dc  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:47:54.0196 0x17dc  usbcir - ok
13:47:54.0228 0x17dc  [ CFBCE999C057D78979A181C9C60F208E, D60698EAA8A085214D5945818B0863976CF116EBE523046C344AF4E9392FDF80 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:47:54.0228 0x17dc  usbehci - ok
13:47:54.0259 0x17dc  [ 9D22AAD9AC6A07C691A1113E5F860868, AC34D36DBB5649650FCD873A792CA1387AE841D4C46781C63C0D29834F9B58E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:47:54.0274 0x17dc  usbhub - ok
13:47:54.0290 0x17dc  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
13:47:54.0290 0x17dc  usbohci - ok
13:47:54.0321 0x17dc  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:47:54.0337 0x17dc  usbprint - ok
13:47:54.0384 0x17dc  [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:47:54.0399 0x17dc  usbscan - ok
13:47:54.0446 0x17dc  [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:47:54.0446 0x17dc  USBSTOR - ok
13:47:54.0462 0x17dc  [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:47:54.0462 0x17dc  usbuhci - ok
13:47:54.0493 0x17dc  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2, F9B72DE82078FDB5551D48988190F46EECA9B99655C591B7865FEA1AFB31F637 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:47:54.0508 0x17dc  usbvideo - ok
13:47:54.0540 0x17dc  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
13:47:54.0540 0x17dc  UxSms - ok
13:47:54.0555 0x17dc  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc        C:\Windows\system32\lsass.exe
13:47:54.0571 0x17dc  VaultSvc - ok
13:47:54.0602 0x17dc  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:47:54.0602 0x17dc  vdrvroot - ok
13:47:54.0649 0x17dc  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
13:47:54.0680 0x17dc  vds - ok
13:47:54.0711 0x17dc  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:47:54.0711 0x17dc  vga - ok
13:47:54.0727 0x17dc  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:47:54.0727 0x17dc  VgaSave - ok
13:47:54.0742 0x17dc  VGPU - ok
13:47:54.0774 0x17dc  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:47:54.0774 0x17dc  vhdmp - ok
13:47:54.0820 0x17dc  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:47:54.0820 0x17dc  viaagp - ok
13:47:54.0836 0x17dc  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:47:54.0836 0x17dc  ViaC7 - ok
13:47:54.0852 0x17dc  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:47:54.0852 0x17dc  viaide - ok
13:47:54.0898 0x17dc  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:47:54.0898 0x17dc  vmbus - ok
13:47:54.0914 0x17dc  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:47:54.0914 0x17dc  VMBusHID - ok
13:47:54.0930 0x17dc  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:47:54.0945 0x17dc  volmgr - ok
13:47:54.0961 0x17dc  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:47:54.0976 0x17dc  volmgrx - ok
13:47:54.0992 0x17dc  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:47:55.0008 0x17dc  volsnap - ok
13:47:55.0039 0x17dc  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:47:55.0039 0x17dc  vsmraid - ok
13:47:55.0132 0x17dc  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
13:47:55.0164 0x17dc  VSS - ok
13:47:55.0195 0x17dc  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:47:55.0195 0x17dc  vwifibus - ok
13:47:55.0242 0x17dc  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:47:55.0242 0x17dc  vwififlt - ok
13:47:55.0273 0x17dc  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
13:47:55.0288 0x17dc  W32Time - ok
13:47:55.0304 0x17dc  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:47:55.0304 0x17dc  WacomPen - ok
13:47:55.0335 0x17dc  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:47:55.0335 0x17dc  WANARP - ok
13:47:55.0335 0x17dc  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:47:55.0351 0x17dc  Wanarpv6 - ok
13:47:55.0476 0x17dc  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:47:55.0507 0x17dc  WatAdminSvc - ok
13:47:55.0600 0x17dc  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
13:47:55.0647 0x17dc  wbengine - ok
13:47:55.0678 0x17dc  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:47:55.0694 0x17dc  WbioSrvc - ok
13:47:55.0725 0x17dc  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:47:55.0741 0x17dc  wcncsvc - ok
13:47:55.0756 0x17dc  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:47:55.0756 0x17dc  WcsPlugInService - ok
13:47:55.0788 0x17dc  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
13:47:55.0803 0x17dc  Wd - ok
13:47:55.0819 0x17dc  [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:47:55.0834 0x17dc  Wdf01000 - ok
13:47:55.0866 0x17dc  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:47:55.0866 0x17dc  WdiServiceHost - ok
13:47:55.0881 0x17dc  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:47:55.0881 0x17dc  WdiSystemHost - ok
13:47:55.0928 0x17dc  [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient       C:\Windows\System32\webclnt.dll
13:47:55.0944 0x17dc  WebClient - ok
13:47:55.0975 0x17dc  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:47:55.0990 0x17dc  Wecsvc - ok
13:47:56.0006 0x17dc  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:47:56.0022 0x17dc  wercplsupport - ok
13:47:56.0053 0x17dc  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
13:47:56.0053 0x17dc  WerSvc - ok
13:47:56.0100 0x17dc  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:47:56.0100 0x17dc  WfpLwf - ok
13:47:56.0131 0x17dc  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:47:56.0146 0x17dc  WIMMount - ok
13:47:56.0256 0x17dc  [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:47:56.0271 0x17dc  WinDefend - ok
13:47:56.0287 0x17dc  WinHttpAutoProxySvc - ok
13:47:56.0365 0x17dc  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:47:56.0380 0x17dc  Winmgmt - ok
13:47:56.0505 0x17dc  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
13:47:56.0583 0x17dc  WinRM - ok
13:47:56.0646 0x17dc  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:47:56.0646 0x17dc  WinUsb - ok
13:47:56.0739 0x17dc  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:47:56.0802 0x17dc  Wlansvc - ok
13:47:56.0833 0x17dc  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:47:56.0833 0x17dc  WmiAcpi - ok
13:47:56.0880 0x17dc  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:47:56.0880 0x17dc  wmiApSrv - ok
13:47:57.0004 0x17dc  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:47:57.0036 0x17dc  WMPNetworkSvc - ok
13:47:57.0067 0x17dc  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:47:57.0082 0x17dc  WPCSvc - ok
13:47:57.0114 0x17dc  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:47:57.0129 0x17dc  WPDBusEnum - ok
13:47:57.0176 0x17dc  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:47:57.0176 0x17dc  ws2ifsl - ok
13:47:57.0207 0x17dc  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:47:57.0207 0x17dc  wscsvc - ok
13:47:57.0223 0x17dc  WSearch - ok
13:47:57.0332 0x17dc  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:47:57.0394 0x17dc  wuauserv - ok
13:47:57.0457 0x17dc  [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:47:57.0472 0x17dc  WudfPf - ok
13:47:57.0519 0x17dc  [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:47:57.0535 0x17dc  WUDFRd - ok
13:47:57.0550 0x17dc  [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:47:57.0566 0x17dc  wudfsvc - ok
13:47:57.0582 0x17dc  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:47:57.0597 0x17dc  WwanSvc - ok
13:47:57.0628 0x17dc  ================ Scan global ===============================
13:47:57.0675 0x17dc  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
13:47:57.0722 0x17dc  [ 48CB4FDBCAAEAC7BCE2F5941545FF071, B10D33F21A8DD82FF908AA6EB4134663C3A846F0EF990CA878AEE1C4B186811A ] C:\Windows\system32\winsrv.dll
13:47:57.0753 0x17dc  [ 48CB4FDBCAAEAC7BCE2F5941545FF071, B10D33F21A8DD82FF908AA6EB4134663C3A846F0EF990CA878AEE1C4B186811A ] C:\Windows\system32\winsrv.dll
13:47:57.0784 0x17dc  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
13:47:57.0847 0x17dc  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
13:47:57.0862 0x17dc  [ Global ] - ok
13:47:57.0862 0x17dc  ================ Scan MBR ==================================
13:47:57.0878 0x17dc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:47:58.0143 0x17dc  \Device\Harddisk0\DR0 - ok
13:47:58.0486 0x17dc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:47:59.0329 0x17dc  \Device\Harddisk1\DR1 - ok
13:47:59.0329 0x17dc  ================ Scan VBR ==================================
13:47:59.0329 0x17dc  [ E5B7E2EE2F48E880C30A8877EDDE2E9A ] \Device\Harddisk0\DR0\Partition1
13:47:59.0344 0x17dc  \Device\Harddisk0\DR0\Partition1 - ok
13:47:59.0344 0x17dc  [ 456A02A15FAB171BAE5D4286AC0E7A1C ] \Device\Harddisk0\DR0\Partition2
13:47:59.0360 0x17dc  \Device\Harddisk0\DR0\Partition2 - ok
13:47:59.0360 0x17dc  [ 237C60C104A9B3BD729177B4289C4498 ] \Device\Harddisk1\DR1\Partition1
13:47:59.0360 0x17dc  \Device\Harddisk1\DR1\Partition1 - ok
13:47:59.0360 0x17dc  [ E9A000DD2DDDA4A8330A32651FCF848D ] \Device\Harddisk1\DR1\Partition2
13:47:59.0376 0x17dc  \Device\Harddisk1\DR1\Partition2 - ok
13:47:59.0376 0x17dc  ================ Scan generic autorun ======================
13:47:59.0438 0x17dc  [ CEFFA4AAA8FEAD0DB83A19D5C38347B2, 018BDA1B579282E181DCB764A539B431403722AAE726CE05CCE9BB7FFBB393FE ] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
13:47:59.0438 0x17dc  QlbCtrl.exe - ok
13:47:59.0797 0x17dc  [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:47:59.0937 0x17dc  AvastUI.exe - ok
13:48:00.0093 0x17dc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:48:00.0156 0x17dc  Sidebar - ok
13:48:00.0202 0x17dc  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:48:00.0218 0x17dc  mctadmin - ok
13:48:00.0296 0x17dc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
13:48:00.0312 0x17dc  Sidebar - ok
13:48:00.0343 0x17dc  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
13:48:00.0358 0x17dc  mctadmin - ok
13:48:00.0358 0x17dc  Waiting for KSN requests completion. In queue: 81
13:48:01.0372 0x17dc  Waiting for KSN requests completion. In queue: 81
13:48:02.0386 0x17dc  Waiting for KSN requests completion. In queue: 81
13:48:04.0071 0x17dc  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
13:48:04.0243 0x17dc  Win FW state via NFP2: enabled
13:48:07.0176 0x17dc  ============================================================
13:48:07.0176 0x17dc  Scan finished
13:48:07.0176 0x17dc  ============================================================
13:48:07.0191 0x1688  Detected object count: 0
13:48:07.0191 0x1688  Actual detected object count: 0
 



#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:34 PM

Posted 23 December 2014 - 03:39 PM

Okay, that's good too!

 

Let's run two more scans to check for left-overs, then we can probably call it good:

 

 

Malwarebytes' Anti-Malware

I see you have MBAM installed - I think this is a great program and would like you to run a quick scan at this time

  • Double-click mbam icon
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button. Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • After rebooting the computer, copy and paste the mbam.log in your next reply.

 

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

==========

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your currently installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to right-click on either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Best Regards,
oneof4.


#12 jimjimrob

jimjimrob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 23 December 2014 - 11:23 PM

Done. Sorry for the delay, I made the mistake of unplugging the LAN to use other laptop and let this run on wifi and it took over 4 hours.It seems there are some issues. Mostly false positives from my F: drive recycle  bin and such. There are a few that say trojan which were unfound in any other scans/programs. Attached is the malwarebytes log fist then the ESET log. I wont try to remove until I hear back.

 

MALWAREBYTES

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/23/2014
Scan Time: 6:19:21 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.23.09
Rootkit Database: v2014.12.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: owner

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 303782
Time Elapsed: 16 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

ESET

 

C:\FRST\Quarantine\C\Users\owner\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe.xBAD    a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\794955cd-7e21bbed    Java/Exploit.CVE-2012-1723.IK trojan
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\565a0542-281f8a0f    Java/Exploit.Agent.PJR trojan
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2e5fa4a6-7fa931e7    multiple threats
C:\Users\owner\Downloads\FreemakeVideoDownloaderSetup.exe    a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\owner\Downloads\mp3rocket.exe    Win32/MyPCBackup.A potentially unwanted application
C:\Windows\Installer\MSI7E6.tmp    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
F:\$Recycle.Bin\S-1-5-21-157120016-4057426049-3184877727-1000\$R1SD52Z.exe    a variant of Win32/Verti.G potentially unwanted application
F:\$Recycle.Bin\S-1-5-21-157120016-4057426049-3184877727-1000\$RE19ZO8.exe    a variant of Win32/Systweak.L potentially unwanted application
F:\$Recycle.Bin\S-1-5-21-157120016-4057426049-3184877727-1000\$RQ5154M.exe    a variant of Win32/Systweak.L potentially unwanted application
F:\$Recycle.Bin\S-1-5-21-157120016-4057426049-3184877727-1000\$RU83MEU.exe    a variant of Win32/Systweak.L potentially unwanted application
F:\$Recycle.Bin\S-1-5-21-157120016-4057426049-3184877727-1000\$RVGKI9S.dll    Win32/Wajam.A potentially unwanted application
F:\$Recycle.Bin\S-1-5-21-157120016-4057426049-3184877727-1000\$RXP3HZR.exe    a variant of Win32/Verti.G potentially unwanted application
F:\Program Files\Ask.com\GenericAskToolbar.dll    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\Program Files\Ask.com\precache.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\Program Files\Ask.com\SaUpdate.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\Program Files\Ask.com\Updater\Updater.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\Program Files\Ask.com\UpdateTask.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe    a variant of Win32/Systweak.L potentially unwanted application
F:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll    a variant of Win32/Systweak.N potentially unwanted application
F:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe    a variant of Win32/Systweak.L potentially unwanted application
F:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe    a variant of Win32/Systweak potentially unwanted application
F:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe    a variant of Win32/Systweak.L potentially unwanted application
F:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe    a variant of Win32/Systweak.L potentially unwanted application
F:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Cache\f_001239    a variant of Win32/Verti.G potentially unwanted application
F:\Users\owner\AppData\Local\Temp\nsgE311.tmp\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\Users\owner\AppData\Local\Temp\nsgE311.tmp\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\Users\owner\AppData\Local\Temp\nsgE311.tmp\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\Users\owner\AppData\Local\Temp\nshA678.tmp\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\Users\owner\AppData\Local\Temp\nshA678.tmp\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\Users\owner\AppData\Local\Temp\nshA678.tmp\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\Users\owner\AppData\Local\Temp\nshA678.tmp\SearchResults.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\Users\owner\AppData\Local\Temp\Phx4BDE.exe    Win32/Wajam.C potentially unwanted application
F:\Users\owner\AppData\Local\Temp\PhxE954.exe    a variant of Win32/Toolbar.Linkury.E potentially unwanted application
F:\Users\owner\AppData\Local\Temp\smartbar\Installer.msi    a variant of MSIL/Toolbar.Linkury.A potentially unwanted application
F:\Users\owner\AppData\Local\Temp\wajam_install.exe    Win32/Wajam.A potentially unwanted application
F:\Users\owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\Users\owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe    Win32/Bundled.Toolbar.Ask.H potentially unsafe application
F:\Users\owner\AppData\LocalLow\AskToolbar\setup.exe    Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\471fea3-562deb7b    multiple threats
F:\Users\owner\AppData\Roaming\OpenCandy\OpenCandy_DD447C5D070E4288AC178C11E4772E38\LatestDLMgr.exe    a variant of Win32/OpenCandy.A potentially unsafe application
F:\Users\owner\Documents\1TIMESHARE\WEBSITE\WINautomate\network.automations.automate.9.0.0.25.keygen-tsrh.zip    a variant of Win32/Keygen.AN potentially unsafe application
F:\Users\owner\Documents\1TIMESHARE\WEBSITE\WINautomate\Network_Automation_AutoMate_9.0.0.25.rar    a variant of Win32/Keygen.AN potentially unsafe application
F:\Users\owner\Documents\Downloads\Integrated_CT2776682.exe    Win32/Toolbar.Conduit.Y potentially unwanted application
F:\Users\owner\Documents\mp3rocket.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\Users\owner\Downloads\KeyFinderInstaller.exe    Win32/OpenCandy potentially unsafe application
F:\Users\owner\Downloads\mp3rocket(2).exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\Users\owner\Downloads\mp3rocket.exe    Win32/Somoto.F potentially unwanted application
F:\Users\owner\Downloads\winzip16-32(1).exe    a variant of Win32/Systweak.L potentially unwanted application
F:\Windows\Installer\1f01a32.msi    a variant of Win32/Systweak.L potentially unwanted application
F:\Windows\Installer\dff740f.msi    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
 



#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:34 PM

Posted 24 December 2014 - 10:29 AM

Well, let's run a couple of other scans that may eliminate some of what ESET discovered for us:

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

==========

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Best Regards,
oneof4.


#14 jimjimrob

jimjimrob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 24 December 2014 - 10:55 AM

Here is the AdwCleaner log. I'll run the other now. Thanks again.

The only thing I see is the registry key labeled as microsoft in HKLM\SOFTWARE. Is that incorrect?

 

 

# AdwCleaner v4.106 - Report created 24/12/2014 at 10:53:49
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : owner - OWNER-PC
# Running from : C:\Users\owner\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Folder Found : C:\Program Files\iMesh Applications
Folder Found : C:\ProgramData\apn
Folder Found : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B0-0409-0000-0000000FF1CE}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16448


-\\ Mozilla Firefox v34.0 (x86 en-US)


-\\ Google Chrome v39.0.2171.95

[C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://selltrendwesttimeshare.wordpress.com/?s={searchTerms}
[C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://sellworldmarktimeshare.wordpress.com/?s={searchTerms}

-\\ Opera v0.0.0.0

[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\owner\AppData\Roaming\Opera Software\Opera Stable\preferences] - Found [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe

*************************

AdwCleaner[R0].txt - [3409 octets] - [24/12/2014 10:53:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3469 octets] ##########
 


Edited by jimjimrob, 24 December 2014 - 11:07 AM.


#15 jimjimrob

jimjimrob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 24 December 2014 - 11:23 AM

I didn't delete anything from AdwClean but ran JRT anyway. Here is the log. It looks like it removed some.

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x86
Ran by owner on Wed 12/24/2014 at 11:13:24.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\APNSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\APNSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\asktoolbar_StubInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\asktoolbar_StubInstaller_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Program Files\imesh applications"



~~~ FireFox

Successfully deleted the following from C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\xpewgyh1.default\prefs.js

user_pref("extensions.seoquake.disable-baidu", true);
Emptied folder: C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\xpewgyh1.default\minidumps [23 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/24/2014 at 11:20:14.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users