Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected to Fake Adobe Flash updates and suspicious host files


  • This topic is locked This topic is locked
25 replies to this topic

#1 sparklynnprez

sparklynnprez

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 23 January 2015 - 03:19 PM

Hello,

 

I was concerned because my computer sometimes redirects to fake adobe flash download sites. I checked things out with AVG and malwarebytes and found nothing, so I posted in "Am I Infected" and we found some suspicious entries in the "hosts" log. My original thread is here.

 

This is my work computer - I was worried there was some kind of router issue, but I'm not really sure what's going on. I try to keep my coworkers from downloading malware to my best ability but they still do, so I don't know if this is from something I did or not. :S It is also odd that this is happening, as I recently had a new harddrive installed in this computer due to harddrive failure (about a month and a half ago, roughly). I also use adblock plus and WOT to prevent myself from clicking on anything harmful if at all possible.

 

Sometimes I use my work computer to pay bills if I forgot at home (usually during lunch! I promise!) -- should I cancel my credit cards?

 

Summary of what we already used:

 

-AVG (free, no viruses detected )

-Malwarebytes (with chameleon, no malware detected)

-ADwCleaner - some items deleted

-Minitoolbox, just checking for hosts, items detected. 

 

I have followed all the prep instructions so here they are:

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by AcerPC (administrator) on SSVNORMANDYSR1 on 23-01-2015 14:14:43
Running from C:\Users\AcerPC\Desktop
Loaded Profiles: AcerPC (Available profiles: AcerPC)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dropbox, Inc.) C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Camera\Camera.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-01] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1094781392-2095679774-3273041629-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22058080 2014-10-01] (Skype Technologies S.A.)
Startup: C:\Users\AcerPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1094781392-2095679774-3273041629-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1094781392-2095679774-3273041629-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1094781392-2095679774-3273041629-1001 -> {54C4C0A3-D418-44DA-A42B-4F5BEA64CF4E} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-12-05]
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-12-03]
CHR Extension: (Google Docs) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]
CHR Extension: (Google Drive) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-03]
CHR Extension: (WOT) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-12-03]
CHR Extension: (YouTube) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]
CHR Extension: (Adblock Plus) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-03]
CHR Extension: (Google Search) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]
CHR Extension: (CPDD-Floral) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eleaanohmbjpeldodmjmdiilebpgcalg [2014-12-03]
CHR Extension: (Google Sheets) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-12-03]
CHR Extension: (Google Wallet) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-12-03]
CHR Extension: (Gmail) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-01] (ELAN Microelectronics Corp.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2015-01-05] (RaMMicHaeL)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [347176 2013-08-13] (Acer Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-12-03] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-18] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-22] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 14:14 - 2015-01-23 14:14 - 00024818 _____ () C:\Users\AcerPC\Desktop\FRST.txt
2015-01-23 14:14 - 2015-01-23 14:14 - 00000000 ____D () C:\FRST
2015-01-23 13:46 - 2015-01-23 13:46 - 00000000 ___SH () C:\DkHyperbootSync
2015-01-23 13:09 - 2015-01-23 13:09 - 02126848 _____ (Farbar) C:\Users\AcerPC\Desktop\FRST64.exe
2015-01-23 12:49 - 2015-01-23 12:49 - 00001364 _____ () C:\Users\AcerPC\Desktop\Result.txt
2015-01-23 12:48 - 2015-01-23 12:48 - 00401920 _____ (Farbar) C:\Users\AcerPC\Desktop\MiniToolBox.exe
2015-01-22 16:32 - 2015-01-22 16:32 - 00075000 _____ () C:\Users\AcerPC\Downloads\PGRDeclarationsPage.html
2015-01-22 16:11 - 2015-01-22 17:31 - 00000000 ____D () C:\AdwCleaner
2015-01-22 16:10 - 2015-01-22 16:10 - 02186752 _____ () C:\Users\AcerPC\Downloads\AdwCleaner.exe
2015-01-22 16:10 - 2015-01-22 16:10 - 02186752 _____ () C:\Users\AcerPC\Desktop\AdwCleaner (1).exe
2015-01-22 14:41 - 2015-01-22 08:42 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\AcerPC\Desktop\TDSSKiller.exe
2015-01-22 14:40 - 2015-01-22 14:40 - 04176437 _____ () C:\Users\AcerPC\Downloads\tdsskiller.zip
2015-01-22 14:40 - 2015-01-22 08:42 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\AcerPC\Downloads\TDSSKiller.exe
2015-01-15 16:18 - 2015-01-15 16:18 - 00000000 ____D () C:\KMUPDcache
2015-01-14 15:23 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:23 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:23 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 15:23 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 15:23 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 15:23 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 15:23 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:23 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 15:23 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 15:23 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 15:23 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 15:23 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 15:23 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 15:23 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 15:23 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 15:23 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 15:23 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 15:23 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 15:23 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 15:23 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 15:23 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 15:23 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 15:23 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 15:23 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 10:44 - 2015-01-12 10:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-01-12 10:44 - 2015-01-12 10:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-01-09 14:43 - 2015-01-15 16:18 - 00000000 ____D () C:\Program Files\KONICA MINOLTA
2015-01-09 14:41 - 2007-11-16 07:57 - 00017408 _____ () C:\Windows\system32\KOBJKA_L.DLL
2015-01-09 14:41 - 2007-11-08 11:15 - 00015360 _____ () C:\Windows\system32\KOBJKJ_L.DLL
2015-01-09 10:30 - 2015-01-09 14:48 - 00000000 ____D () C:\Users\AcerPC\Downloads\biz 20 driver
2015-01-09 10:29 - 2015-01-09 14:41 - 00000000 ____D () C:\Users\AcerPC\Downloads\color driver
2015-01-08 12:49 - 2014-11-14 14:12 - 00000000 ____D () C:\Users\AcerPC\Downloads\KM_UniversalDriver_PS_v2.60.0.0_x86
2015-01-08 11:17 - 2015-01-08 11:20 - 70956112 _____ () C:\Users\AcerPC\Downloads\KM_UniversalDriver_PS_v2.60.0.0_x86.zip
2015-01-06 11:04 - 2015-01-06 11:07 - 00000000 ____D () C:\Users\AcerPC\Downloads\Translation
2015-01-05 09:46 - 2015-01-05 09:46 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 14:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-23 13:53 - 2014-10-29 11:25 - 01678900 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 13:44 - 2014-11-19 14:39 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00438f8e6ccbf.job
2015-01-23 13:44 - 2014-11-05 14:26 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 13:09 - 2014-02-28 08:00 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 12:48 - 2014-11-18 12:13 - 00000000 ____D () C:\Users\AcerPC\AppData\Roaming\Skype
2015-01-23 10:18 - 2014-12-03 14:40 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-23 10:15 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-23 10:13 - 2014-12-03 14:33 - 00000000 ____D () C:\Users\AcerPC\AppData\Roaming\Dropbox
2015-01-23 10:13 - 2014-12-03 13:36 - 00000000 ___RD () C:\Users\AcerPC\Dropbox
2015-01-23 10:13 - 2014-11-19 14:39 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00438f82443a8.job
2015-01-23 10:13 - 2014-11-05 14:26 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 17:32 - 2014-02-28 07:52 - 00068474 _____ () C:\Windows\PFRO.log
2015-01-22 17:32 - 2013-08-22 08:46 - 00021293 _____ () C:\Windows\setupact.log
2015-01-22 17:32 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 17:31 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-22 13:42 - 2014-12-03 14:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 13:31 - 2014-12-03 14:37 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-22 10:48 - 2014-10-29 13:36 - 00000000 ____D () C:\Users\AcerPC\AppData\Local\Pokki
2015-01-21 18:15 - 2014-12-05 15:58 - 00000000 ____D () C:\Users\AcerPC\AppData\Local\Microsoft Help
2015-01-21 17:57 - 2014-10-29 16:12 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1094781392-2095679774-3273041629-1001
2015-01-21 15:46 - 2014-11-05 14:26 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-19 18:51 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-16 15:13 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-15 17:41 - 2014-11-05 14:27 - 00000000 ____D () C:\Users\AcerPC\AppData\Local\Adobe
2015-01-15 15:24 - 2014-12-05 16:10 - 00000000 ____D () C:\Users\AcerPC\AppData\Local\Deployment
2015-01-14 17:49 - 2014-12-10 12:49 - 00010340 _____ () C:\Users\AcerPC\Downloads\bills spreadsheet.xlsx
2015-01-13 00:40 - 2014-10-29 13:36 - 00000000 ____D () C:\Users\AcerPC\AppData\Roaming\Adobe
2015-01-12 16:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-12 10:44 - 2014-12-03 14:43 - 00000945 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-12 10:44 - 2014-12-03 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-06 10:29 - 2014-10-30 07:19 - 00002299 _____ () C:\Users\AcerPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-01-05 18:08 - 2013-08-22 09:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 18:08 - 2013-08-22 09:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 18:02 - 2014-12-03 14:38 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 18:02 - 2014-12-03 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 18:02 - 2014-12-03 14:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 10:51 - 2014-12-03 14:37 - 00000000 ____D () C:\Users\AcerPC\AppData\Roaming\Apple Computer
2015-01-05 09:49 - 2014-12-03 14:34 - 00000000 ____D () C:\Users\AcerPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-05 09:49 - 2014-12-03 13:36 - 00001036 _____ () C:\Users\AcerPC\Desktop\Dropbox.lnk
 
==================== Files in the root of some directories =======
2014-10-29 12:04 - 2014-10-29 12:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-29 16:20 - 2014-10-29 16:20 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some content of TEMP:
====================
C:\Users\AcerPC\AppData\Local\Temp\AcerDocsSetup.exe
C:\Users\AcerPC\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\AcerPC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsdntti.dll
C:\Users\AcerPC\AppData\Local\Temp\InstallPlugin.exe
C:\Users\AcerPC\AppData\Local\Temp\oct1122.tmp.exe
C:\Users\AcerPC\AppData\Local\Temp\oct19EA.tmp.exe
C:\Users\AcerPC\AppData\Local\Temp\oct9986.tmp.exe
C:\Users\AcerPC\AppData\Local\Temp\ose00000.exe
C:\Users\AcerPC\AppData\Local\Temp\Quarantine.exe
C:\Users\AcerPC\AppData\Local\Temp\sqlite3.dll
C:\Users\AcerPC\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-20 12:58
 
==================== End Of Log ============================

 

Minitoolbox log of hosts (with the problems we found in my "Am I Infected" thread)

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by AcerPC (administrator) on 23-01-2015 at 12:49:43
Running from "C:\Users\AcerPC\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================
 
 
0.0.0.0 0.0.0.0 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
0.0.0.0 cdn.bisrv.com
0.0.0.0 cdn.cdndp.com
0.0.0.0 cdn.download.sweetpacks.com
0.0.0.0 cdn.dpdownload.com
0.0.0.0 cdn.visualbee.net
 
 
 
**** End of log ****
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 23 January 2015 - 04:01 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 sparklynnprez

sparklynnprez
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 23 January 2015 - 04:07 PM

Thanks so much for helping me! Here is the TDSSKiller log. It did not find anything. 

 

I also want to warn you that this is my work computer -- I will be leaving here in about 3 hours (6 my time) and won't be able to reply again until Monday morning. I will let you know before I leave and follow every step you give me until then!

 

15:03:47.0688 0x188c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
15:03:47.0688 0x188c  UEFI system
15:03:50.0410 0x188c  ============================================================
15:03:50.0410 0x188c  Current date / time: 2015/01/23 15:03:50.0410
15:03:50.0410 0x188c  SystemInfo:
15:03:50.0410 0x188c  
15:03:50.0410 0x188c  OS Version: 6.3.9600 ServicePack: 0.0
15:03:50.0410 0x188c  Product type: Workstation
15:03:50.0410 0x188c  ComputerName: SSVNORMANDYSR1
15:03:50.0410 0x188c  UserName: AcerPC
15:03:50.0411 0x188c  Windows directory: C:\Windows
15:03:50.0411 0x188c  System windows directory: C:\Windows
15:03:50.0411 0x188c  Running under WOW64
15:03:50.0411 0x188c  Processor architecture: Intel x64
15:03:50.0411 0x188c  Number of processors: 4
15:03:50.0411 0x188c  Page size: 0x1000
15:03:50.0411 0x188c  Boot type: Normal boot
15:03:50.0411 0x188c  ============================================================
15:03:50.0785 0x188c  KLMD registered as C:\Windows\system32\drivers\78194769.sys
15:03:51.0942 0x188c  System UUID: {0E016C2F-7874-BAF5-1A83-ACFBF7873374}
15:03:52.0707 0x188c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:03:52.0785 0x188c  Drive \Device\Harddisk1\DR1 - Size: 0x5976F6000 ( 22.37 Gb ), SectorSize: 0x200, Cylinders: 0xB67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:03:52.0801 0x188c  Drive \Device\Harddisk2\DR2 - Size: 0xE8DED00000 ( 931.48 Gb ), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:03:52.0864 0x188c  ============================================================
15:03:52.0864 0x188c  \Device\Harddisk0\DR0:
15:03:52.0864 0x188c  GPT partitions:
15:03:52.0864 0x188c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {DA395E7C-A774-4C0F-9D03-5C5339EDFDFA}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x12C000
15:03:52.0864 0x188c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {B24E4149-70FF-4D54-9742-7B6375571DB5}, Name: EFI system partition, StartLBA 0x12C800, BlocksNum 0x96000
15:03:52.0864 0x188c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {CB6A70DC-E649-4399-B5E7-9470B48939AF}, Name: Microsoft reserved partition, StartLBA 0x1C2800, BlocksNum 0x40000
15:03:52.0864 0x188c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A265170C-FAAF-44BF-BBAC-FC11509C87C4}, Name: Basic data partition, StartLBA 0x202800, BlocksNum 0x37E82800
15:03:52.0864 0x188c  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {0528C776-BBE6-4752-A71E-99A7D8A5F5A1}, Name: Basic data partition, StartLBA 0x38085000, BlocksNum 0x2301000
15:03:52.0864 0x188c  MBR partitions:
15:03:52.0864 0x188c  \Device\Harddisk1\DR1:
15:03:52.0864 0x188c  GPT partitions:
15:03:52.0864 0x188c  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {B8CB5058-C187-4719-BAF0-379CA2D4C97E}, UniqueGUID: {4613EE39-4727-4347-8134-173F590F716F}, Name: HFS, StartLBA 0x800, BlocksNum 0x2CBA800
15:03:52.0864 0x188c  MBR partitions:
15:03:52.0864 0x188c  \Device\Harddisk2\DR2:
15:03:52.0895 0x188c  MBR partitions:
15:03:52.0895 0x188c  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
15:03:52.0895 0x188c  ============================================================
15:03:53.0072 0x188c  C: <-> \Device\Harddisk0\DR0\Partition4
15:03:53.0119 0x188c  D: <-> \Device\Harddisk2\DR2\Partition1
15:03:53.0119 0x188c  ============================================================
15:03:53.0119 0x188c  Initialize success
15:03:53.0119 0x188c  ============================================================
15:04:20.0786 0x091c  ============================================================
15:04:20.0786 0x091c  Scan started
15:04:20.0786 0x091c  Mode: Manual; SigCheck; TDLFS; 
15:04:20.0786 0x091c  ============================================================
15:04:20.0786 0x091c  KSN ping started
15:04:23.0210 0x091c  KSN ping finished: true
15:04:24.0746 0x091c  ================ Scan system memory ========================
15:04:24.0746 0x091c  System memory - ok
15:04:24.0747 0x091c  ================ Scan services =============================
15:04:24.0924 0x091c  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
15:04:24.0971 0x091c  1394ohci - ok
15:04:25.0005 0x091c  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
15:04:25.0021 0x091c  3ware - ok
15:04:25.0069 0x091c  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:04:25.0095 0x091c  ACPI - ok
15:04:25.0116 0x091c  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
15:04:25.0128 0x091c  acpiex - ok
15:04:25.0151 0x091c  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
15:04:25.0164 0x091c  acpipagr - ok
15:04:25.0169 0x091c  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
15:04:25.0185 0x091c  AcpiPmi - ok
15:04:25.0189 0x091c  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
15:04:25.0203 0x091c  acpitime - ok
15:04:25.0435 0x091c  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:04:25.0455 0x091c  AdobeARMservice - ok
15:04:25.0501 0x091c  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
15:04:25.0534 0x091c  ADP80XX - ok
15:04:25.0578 0x091c  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:04:25.0597 0x091c  AeLookupSvc - ok
15:04:25.0748 0x091c  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\Windows\system32\drivers\afd.sys
15:04:25.0779 0x091c  AFD - ok
15:04:25.0883 0x091c  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:04:25.0894 0x091c  agp440 - ok
15:04:25.0934 0x091c  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
15:04:25.0996 0x091c  ahcache - ok
15:04:26.0023 0x091c  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\Windows\System32\alg.exe
15:04:26.0053 0x091c  ALG - ok
15:04:26.0122 0x091c  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
15:04:26.0150 0x091c  AmdK8 - ok
15:04:26.0175 0x091c  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
15:04:26.0200 0x091c  AmdPPM - ok
15:04:26.0228 0x091c  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:04:26.0240 0x091c  amdsata - ok
15:04:26.0275 0x091c  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:04:26.0296 0x091c  amdsbs - ok
15:04:26.0301 0x091c  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:04:26.0315 0x091c  amdxata - ok
15:04:26.0322 0x091c  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\Windows\system32\drivers\appid.sys
15:04:26.0345 0x091c  AppID - ok
15:04:26.0428 0x091c  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:04:26.0465 0x091c  AppIDSvc - ok
15:04:26.0512 0x091c  [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo         C:\Windows\System32\appinfo.dll
15:04:26.0528 0x091c  Appinfo - ok
15:04:26.0550 0x091c  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:04:26.0558 0x091c  Apple Mobile Device - ok
15:04:26.0609 0x091c  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
15:04:26.0631 0x091c  AppReadiness - ok
15:04:26.0873 0x091c  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
15:04:26.0930 0x091c  AppXSvc - ok
15:04:26.0953 0x091c  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:04:26.0967 0x091c  arcsas - ok
15:04:27.0007 0x091c  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:04:27.0020 0x091c  atapi - ok
15:04:27.0275 0x091c  [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
15:04:27.0414 0x091c  athr - ok
15:04:27.0473 0x091c  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
15:04:27.0512 0x091c  AudioEndpointBuilder - ok
15:04:27.0562 0x091c  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:04:27.0611 0x091c  Audiosrv - ok
15:04:27.0658 0x091c  [ 4EB2E8EE8BA47B58E08B67139C31CB41, 196F759A2BC3E978C3FDB1E37E0D40D56D43CB0004D5333E787CD4727A46F06C ] Avgboota        C:\Windows\system32\DRIVERS\avgboota.sys
15:04:27.0672 0x091c  Avgboota - ok
15:04:27.0717 0x091c  [ 54FE1CAFA3B3029B282E6A05EA672031, E972B8A22322FF06903A1E3AB20585E02A21C3A6EA9A75C172231494A08D14D1 ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
15:04:27.0737 0x091c  Avgdiska - ok
15:04:28.0015 0x091c  [ 225B28E9303D375314C744AE181DF95F, 6BC8F19F6B4D901661022CD8F4EA90A8F1895B6B3BD1225B3708E2CBDCAB8D50 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
15:04:28.0149 0x091c  AVGIDSAgent - ok
15:04:28.0195 0x091c  [ A3124AC9C0AF30ABD000A7CB5779C101, 1719EE6986FC29EE4EA383B2DAF4CAF9C1E70A1F547F75F8D51EDA027D3E5236 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:04:28.0210 0x091c  AVGIDSDriver - ok
15:04:28.0224 0x091c  [ 68070AEEE757ACC6EC5BC291B1E8EA1A, 8A4902CE6F4696F33CD6CF98F96FDA7895B99A676916F3137CF34192AF3C25A4 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
15:04:28.0237 0x091c  AVGIDSHA - ok
15:04:28.0258 0x091c  [ 7C9E8FD2BFCE60BDF9B5944C0BE47C87, 0F51507BAECDEF7B6F553066621A03832FF070EC6837A8E304AABA1227F779BF ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
15:04:28.0274 0x091c  Avgldx64 - ok
15:04:28.0288 0x091c  [ 734DCC05A7F327FDCE43A18BA011FD4E, E5245314E60D86911A6A9FC1FE4A0C0D0284D972CE642C28B9B1A43D1553AFA5 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
15:04:28.0305 0x091c  Avgloga - ok
15:04:28.0322 0x091c  [ B4D589C734D796B5B76E0A0E5DA50397, CACAB2C0D01583CEB55C62334A4E9BB46A2E399BE9B7EDC988AEC785DF1FCC1C ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
15:04:28.0334 0x091c  Avgmfx64 - ok
15:04:28.0341 0x091c  [ 3CE824D46BA1871713ABF147E6BAD556, B4D8AFC388BE06D6E3C5CDC865F80FF101E731E1D2B221FFC6C1E28487E1B3CD ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
15:04:28.0352 0x091c  Avgrkx64 - ok
15:04:28.0443 0x091c  [ 68430AD3FB0FADBFA5D1677617D1E1F5, CF732DD21B472653AB0A4063455F2E7608F3075C255B9882D18CB52026B6C972 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
15:04:28.0452 0x091c  avgtp - ok
15:04:28.0502 0x091c  [ 2B38C7E964FA19A298D04CA177FF8B6F, B233B6AD03217AD72A8F4253FDCF182E6007B5D28178F38BDCACBC16BD69D0CB ] avgwd           C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
15:04:28.0521 0x091c  avgwd - ok
15:04:28.0626 0x091c  [ DFB6F6E34ACDB4F55AF6B2DCBFB3225E, 02EEBB109B951BD54DBE3D31B459AAFC0F9E751E4F202C8A0AC66474777B2B1F ] Avgwfpa         C:\Windows\system32\DRIVERS\avgwfpa.sys
15:04:28.0657 0x091c  Avgwfpa - ok
15:04:28.0676 0x091c  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:04:28.0696 0x091c  AxInstSV - ok
15:04:28.0762 0x091c  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:04:28.0794 0x091c  b06bdrv - ok
15:04:28.0813 0x091c  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
15:04:28.0836 0x091c  BasicDisplay - ok
15:04:28.0903 0x091c  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
15:04:28.0926 0x091c  BasicRender - ok
15:04:28.0957 0x091c  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
15:04:28.0966 0x091c  bcmfn2 - ok
15:04:29.0049 0x091c  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:04:29.0089 0x091c  BDESVC - ok
15:04:29.0109 0x091c  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
15:04:29.0124 0x091c  Beep - ok
15:04:29.0267 0x091c  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE             C:\Windows\System32\bfe.dll
15:04:29.0299 0x091c  BFE - ok
15:04:29.0546 0x091c  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\Windows\System32\qmgr.dll
15:04:29.0609 0x091c  BITS - ok
15:04:29.0856 0x091c  [ 4D87518BA68C308299441337C55F5427, AE46F847EE605213A3AE9BEFE5EB0B7B8D877340EA1A6CF9EF5683A02ECFE399 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
15:04:29.0927 0x091c  Bluetooth Device Monitor - ok
15:04:30.0079 0x091c  [ 19786E2114E2FCB4EAA30808E9D4FB9A, FCBD15EA7CB0B22DA9ABFACF95DE877042201C85EBC219F5204E12F76E8DBC09 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
15:04:30.0136 0x091c  Bluetooth OBEX Service - ok
15:04:30.0239 0x091c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:04:30.0264 0x091c  Bonjour Service - ok
15:04:30.0284 0x091c  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:04:30.0328 0x091c  bowser - ok
15:04:30.0386 0x091c  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
15:04:30.0428 0x091c  BrokerInfrastructure - ok
15:04:30.0504 0x091c  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\Windows\System32\browser.dll
15:04:30.0521 0x091c  Browser - ok
15:04:30.0580 0x091c  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
15:04:30.0593 0x091c  BthAvrcpTg - ok
15:04:30.0709 0x091c  [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
15:04:30.0748 0x091c  BthEnum - ok
15:04:30.0803 0x091c  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
15:04:30.0825 0x091c  BthHFEnum - ok
15:04:30.0831 0x091c  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
15:04:30.0845 0x091c  bthhfhid - ok
15:04:30.0967 0x091c  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\Windows\System32\drivers\BthLEEnum.sys
15:04:30.0991 0x091c  BthLEEnum - ok
15:04:31.0019 0x091c  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
15:04:31.0033 0x091c  BTHMODEM - ok
15:04:31.0155 0x091c  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\Windows\System32\drivers\bthpan.sys
15:04:31.0175 0x091c  BthPan - ok
15:04:31.0298 0x091c  [ 97B9076611291AE4C4C107BC915BD026, 0A77873AAF1ADB76CAB98A84D2242781E34E2699632E45EB92ED7DB20B2BE0C1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
15:04:31.0348 0x091c  BTHPORT - ok
15:04:31.0375 0x091c  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\Windows\system32\bthserv.dll
15:04:31.0391 0x091c  bthserv - ok
15:04:31.0589 0x091c  [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
15:04:31.0621 0x091c  BTHUSB - ok
15:04:31.0652 0x091c  [ 4428C299BE7B9841ECFA82044B69FA6A, F8AB607D6CACBF2DDE3C392F9756B9F32CB99664A75F3140365CB916450660EC ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
15:04:31.0672 0x091c  btmaux - ok
15:04:31.0761 0x091c  [ 7B31A8A9DC95B3634D896FD0F2814F19, 8FD5FBC61968F4BB8C2BAD0D432D5B86DCFED38CCF6F559F9EFB71AADD25474F ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
15:04:31.0810 0x091c  btmhsf - ok
15:04:31.0826 0x091c  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:04:31.0843 0x091c  cdfs - ok
15:04:31.0896 0x091c  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
15:04:31.0913 0x091c  cdrom - ok
15:04:31.0947 0x091c  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:04:31.0967 0x091c  CertPropSvc - ok
15:04:31.0996 0x091c  [ 27468DB367ABCFE855796775DB949AC1, F2DFC8CFBFCDC94798A5ADAAC96001927F9CE316751D42651C3AF1E52F1DC7EF ] cfwids          C:\Windows\system32\drivers\cfwids.sys
15:04:32.0008 0x091c  cfwids - ok
15:04:32.0052 0x091c  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
15:04:32.0085 0x091c  circlass - ok
15:04:32.0139 0x091c  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
15:04:32.0170 0x091c  CLFS - ok
15:04:32.0218 0x091c  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
15:04:32.0271 0x091c  CmBatt - ok
15:04:32.0365 0x091c  [ 4E1207CE16E615B0B7A70DC889F4500E, 1778D5AC0AF5F5DD1551192F4CDBCCB9878995155CF337EBB03460A6FD5C6B78 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:04:32.0397 0x091c  CNG - ok
15:04:32.0418 0x091c  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
15:04:32.0431 0x091c  CompositeBus - ok
15:04:32.0435 0x091c  COMSysApp - ok
15:04:32.0445 0x091c  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
15:04:32.0471 0x091c  condrv - ok
15:04:32.0761 0x091c  [ 585B94ED9EBE1FA9A30734BB2129C612, 6D2F31DB3902D5E7DA55B190D8D7EEDC85CFEF5C7A86020942E91358283ACC70 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:04:32.0798 0x091c  cphs - ok
15:04:32.0923 0x091c  cpuz136 - ok
15:04:33.0009 0x091c  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:04:33.0044 0x091c  CryptSvc - ok
15:04:33.0130 0x091c  [ 5D83CD2CC1C37F36F44F61793587489B, 4DE2A4CB415B842E60288E7938E28B5FA631767A885EE38707512CA6E04F2D9A ] DACoreService   C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
15:04:33.0148 0x091c  DACoreService - ok
15:04:33.0176 0x091c  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\Windows\system32\drivers\dam.sys
15:04:33.0195 0x091c  dam - ok
15:04:33.0331 0x091c  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:04:33.0364 0x091c  DcomLaunch - ok
15:04:33.0469 0x091c  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:04:33.0498 0x091c  defragsvc - ok
15:04:33.0622 0x091c  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\Windows\system32\das.dll
15:04:33.0645 0x091c  DeviceAssociationService - ok
15:04:33.0720 0x091c  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
15:04:33.0760 0x091c  DeviceInstall - ok
15:04:33.0784 0x091c  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
15:04:33.0811 0x091c  Dfsc - ok
15:04:33.0933 0x091c  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:04:33.0971 0x091c  Dhcp - ok
15:04:34.0006 0x091c  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
15:04:34.0029 0x091c  disk - ok
15:04:34.0066 0x091c  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
15:04:34.0080 0x091c  dmvsc - ok
15:04:34.0135 0x091c  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:04:34.0155 0x091c  Dnscache - ok
15:04:34.0206 0x091c  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\Windows\System32\dot3svc.dll
15:04:34.0228 0x091c  dot3svc - ok
15:04:34.0255 0x091c  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\Windows\system32\dps.dll
15:04:34.0280 0x091c  DPS - ok
15:04:34.0390 0x091c  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:04:34.0420 0x091c  drmkaud - ok
15:04:34.0480 0x091c  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
15:04:34.0518 0x091c  DsmSvc - ok
15:04:34.0654 0x091c  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:04:34.0711 0x091c  DXGKrnl - ok
15:04:34.0735 0x091c  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\Windows\System32\eapsvc.dll
15:04:34.0752 0x091c  Eaphost - ok
15:04:34.0982 0x091c  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:04:35.0091 0x091c  ebdrv - ok
15:04:35.0133 0x091c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\Windows\System32\lsass.exe
15:04:35.0150 0x091c  EFS - ok
15:04:35.0185 0x091c  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
15:04:35.0204 0x091c  EhStorClass - ok
15:04:35.0248 0x091c  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
15:04:35.0265 0x091c  EhStorTcgDrv - ok
15:04:35.0352 0x091c  [ B5B5FC68BFB3F01267E54B236660E610, 103F90343B207AFB9151CDA71E70884FEB56E8596754D2AB8B3F46C045642F10 ] ePowerSvc       C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
15:04:35.0380 0x091c  ePowerSvc - ok
15:04:35.0412 0x091c  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
15:04:35.0423 0x091c  ErrDev - ok
15:04:35.0474 0x091c  [ 55DAD1890FAB504F546952BE83E1A3C7, B5A71033F113404125C4EEF4FF2CF8274AB7FB878B2F2F9E8168093CFDDDA6FA ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
15:04:35.0491 0x091c  ETD - ok
15:04:35.0532 0x091c  [ BBBC59715AA9EFD1BAE7B048AACC0B24, ABB9061C62545D5408E114EA3CF79EC7EEC2A1FB8A385E931F3FB02E73EA9571 ] ETDService      C:\Program Files\Elantech\ETDService.exe
15:04:35.0543 0x091c  ETDService - ok
15:04:35.0590 0x091c  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\Windows\system32\es.dll
15:04:35.0615 0x091c  EventSystem - ok
15:04:35.0941 0x091c  [ 55588867D59BADA2F62E58618CE32B03, F7FAF420103272151194A475D6C8EF4449AFCED787AA3DF7C461370D828E522F ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:04:35.0975 0x091c  EvtEng - ok
15:04:36.0006 0x091c  [ 026E1BEC0A831AC29A333A8864F875F3, 7967D4CF59200E615AF5A476819AC922E30407C0A34C5D8C331137A9B91EC619 ] excfs           C:\Windows\system32\DRIVERS\excfs.sys
15:04:36.0018 0x091c  excfs - ok
15:04:36.0070 0x091c  [ 9F8173925D64DAF001562334AF9585C8, A82B9B5368EBFC2AB54BEAF3CA0AC737A1A0488CEC25822C09582829B6143E0B ] excsd           C:\Windows\system32\DRIVERS\excsd.sys
15:04:36.0080 0x091c  excsd - ok
15:04:36.0120 0x091c  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:04:36.0143 0x091c  exfat - ok
15:04:36.0176 0x091c  [ 35DE76AB7BD1BCE6C9F0218AFEF77A0D, BEC531B9D7985C0B1900458E8F1F107FD8105D4EA0C6EE0CB94158474337E282 ] ExpressCache    C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
15:04:36.0188 0x091c  ExpressCache - ok
15:04:36.0199 0x091c  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:04:36.0219 0x091c  fastfat - ok
15:04:36.0279 0x091c  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\Windows\system32\fxssvc.exe
15:04:36.0342 0x091c  Fax - ok
15:04:36.0406 0x091c  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
15:04:36.0430 0x091c  fdc - ok
15:04:36.0450 0x091c  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\Windows\system32\fdPHost.dll
15:04:36.0487 0x091c  fdPHost - ok
15:04:36.0512 0x091c  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\Windows\system32\fdrespub.dll
15:04:36.0530 0x091c  FDResPub - ok
15:04:36.0579 0x091c  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\Windows\system32\fhsvc.dll
15:04:36.0594 0x091c  fhsvc - ok
15:04:36.0642 0x091c  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:04:36.0653 0x091c  FileInfo - ok
15:04:36.0682 0x091c  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:04:36.0699 0x091c  Filetrace - ok
15:04:36.0740 0x091c  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
15:04:36.0779 0x091c  flpydisk - ok
15:04:36.0849 0x091c  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:04:36.0880 0x091c  FltMgr - ok
15:04:36.0993 0x091c  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\Windows\system32\FntCache.dll
15:04:37.0106 0x091c  FontCache - ok
15:04:37.0401 0x091c  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:04:37.0436 0x091c  FontCache3.0.0.0 - ok
15:04:37.0472 0x091c  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:04:37.0485 0x091c  FsDepends - ok
15:04:37.0511 0x091c  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:04:37.0521 0x091c  Fs_Rec - ok
15:04:37.0565 0x091c  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:04:37.0595 0x091c  fvevol - ok
15:04:37.0631 0x091c  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
15:04:37.0643 0x091c  FxPPM - ok
15:04:37.0649 0x091c  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:04:37.0660 0x091c  gagp30kx - ok
15:04:37.0699 0x091c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:04:37.0711 0x091c  GEARAspiWDM - ok
15:04:37.0740 0x091c  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
15:04:37.0752 0x091c  gencounter - ok
15:04:37.0794 0x091c  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
15:04:37.0810 0x091c  GPIOClx0101 - ok
15:04:37.0874 0x091c  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:04:37.0956 0x091c  gpsvc - ok
15:04:38.0096 0x091c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:04:38.0110 0x091c  gupdate - ok
15:04:38.0122 0x091c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:04:38.0130 0x091c  gupdatem - ok
15:04:38.0365 0x091c  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:04:38.0442 0x091c  HdAudAddService - ok
15:04:38.0500 0x091c  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
15:04:38.0527 0x091c  HDAudBus - ok
15:04:38.0548 0x091c  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
15:04:38.0560 0x091c  HidBatt - ok
15:04:38.0589 0x091c  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
15:04:38.0603 0x091c  HidBth - ok
15:04:38.0608 0x091c  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
15:04:38.0621 0x091c  hidi2c - ok
15:04:38.0627 0x091c  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
15:04:38.0640 0x091c  HidIr - ok
15:04:38.0734 0x091c  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\Windows\system32\hidserv.dll
15:04:38.0747 0x091c  hidserv - ok
15:04:38.0838 0x091c  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
15:04:38.0901 0x091c  HidUsb - ok
15:04:38.0973 0x091c  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:04:38.0992 0x091c  hkmsvc - ok
15:04:39.0046 0x091c  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:04:39.0066 0x091c  HomeGroupListener - ok
15:04:39.0136 0x091c  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:04:39.0160 0x091c  HomeGroupProvider - ok
15:04:39.0198 0x091c  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:04:39.0211 0x091c  HpSAMD - ok
15:04:39.0314 0x091c  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:04:39.0361 0x091c  HTTP - ok
15:04:39.0380 0x091c  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:04:39.0390 0x091c  hwpolicy - ok
15:04:39.0438 0x091c  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
15:04:39.0451 0x091c  hyperkbd - ok
15:04:39.0456 0x091c  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
15:04:39.0470 0x091c  HyperVideo - ok
15:04:39.0479 0x091c  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
15:04:39.0495 0x091c  i8042prt - ok
15:04:39.0501 0x091c  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
15:04:39.0515 0x091c  iaLPSSi_GPIO - ok
15:04:39.0536 0x091c  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
15:04:39.0552 0x091c  iaLPSSi_I2C - ok
15:04:39.0669 0x091c  [ 60F6526DB3297C7324957EF3143F88FF, F0D4AF7E66CD42793C5137B4F5E66AFCE13253C3FF8D397921EA23CD04D49763 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
15:04:39.0697 0x091c  iaStorA - ok
15:04:39.0733 0x091c  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
15:04:39.0764 0x091c  iaStorAV - ok
15:04:39.0828 0x091c  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:04:39.0854 0x091c  iaStorV - ok
15:04:39.0905 0x091c  [ CAAC69A001E1A5878D2F050F57F93DA4, 0A4263501F2C1C9E4B3764A2EF27607DF07810A10A2F23F3E389EA3E1E1ACA8A ] ibtusb          C:\Windows\system32\DRIVERS\ibtusb.sys
15:04:39.0923 0x091c  ibtusb - ok
15:04:39.0933 0x091c  IEEtwCollectorService - ok
15:04:40.0172 0x091c  [ 7A5A61997B5404C8EDDFCC62378164DC, C2BCA8A2AA2DFCCF3489FC7F0F366ABBDC8606CFC6397CD7B17C8CD4A28DD17F ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:04:40.0354 0x091c  igfx - ok
15:04:40.0489 0x091c  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:04:40.0537 0x091c  IKEEXT - ok
15:04:40.0578 0x091c  [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
15:04:40.0591 0x091c  intaud_WaveExtensible - ok
15:04:40.0824 0x091c  [ E39307AB89491751020D5FBD9E080926, A78A0ECF3DA005A76B0895FA0EEE3EC66AA9518307E1FFC59162D2E5308189E2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:04:40.0941 0x091c  IntcAzAudAddService - ok
15:04:41.0038 0x091c  [ D6A22510D795928E8840619900D672B4, 296F232B0A6D42840A745E4706D2815F6D2E4279DBD90112CBFBFF8833B724AF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:04:41.0063 0x091c  IntcDAud - ok
15:04:41.0155 0x091c  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:04:41.0201 0x091c  Intel® Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
15:04:43.0881 0x091c  Detect skipped due to KSN trusted
15:04:43.0881 0x091c  Intel® Capability Licensing Service Interface - ok
15:04:43.0987 0x091c  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
15:04:44.0099 0x091c  Intel® Capability Licensing Service TCP IP Interface - ok
15:04:44.0184 0x091c  [ 441D5FAF24CC2EC115B654A55C52F0AF, 5BF5299DAD9A7076C43D68C70E02AEC8DBFD89C1AFDF7CD6AB95550EE25EEB36 ] Intel® Wireless Bluetooth® 4.0 Radio Management C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
15:04:44.0201 0x091c  Intel® Wireless Bluetooth® 4.0 Radio Management - ok
15:04:44.0220 0x091c  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:04:44.0237 0x091c  intelide - ok
15:04:44.0267 0x091c  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
15:04:44.0282 0x091c  intelpep - ok
15:04:44.0323 0x091c  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
15:04:44.0347 0x091c  intelppm - ok
15:04:44.0367 0x091c  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:04:44.0392 0x091c  IpFilterDriver - ok
15:04:44.0533 0x091c  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:04:44.0603 0x091c  iphlpsvc - ok
15:04:44.0642 0x091c  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
15:04:44.0657 0x091c  IPMIDRV - ok
15:04:44.0708 0x091c  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:04:44.0726 0x091c  IPNAT - ok
15:04:44.0792 0x091c  [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:04:44.0831 0x091c  iPod Service - ok
15:04:44.0879 0x091c  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:04:44.0892 0x091c  IRENUM - ok
15:04:44.0945 0x091c  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:04:44.0955 0x091c  isapnp - ok
15:04:45.0044 0x091c  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
15:04:45.0063 0x091c  iScsiPrt - ok
15:04:45.0090 0x091c  [ 1ECC1A421B0AEBF9A6934451FBFD7848, 1A8DDEC42831C12760CF27FA02EDD06D5CCE25A606E2DECB7D8487B5961B11AC ] ISCT            C:\Windows\System32\drivers\ISCTD64.sys
15:04:45.0099 0x091c  ISCT - ok
15:04:45.0122 0x091c  [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus          C:\Windows\System32\drivers\iwdbus.sys
15:04:45.0130 0x091c  iwdbus - ok
15:04:45.0257 0x091c  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
15:04:45.0270 0x091c  jhi_service - ok
15:04:45.0330 0x091c  [ 45369E037410609D769852A1CE46A184, 752BE7BB167E602CD89D52E3A4382AF7C75033306E31884EC55872EF7A0A3EE2 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
15:04:45.0369 0x091c  k57nd60a - ok
15:04:45.0389 0x091c  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
15:04:45.0411 0x091c  kbdclass - ok
15:04:45.0439 0x091c  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
15:04:45.0457 0x091c  kbdhid - ok
15:04:45.0482 0x091c  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
15:04:45.0499 0x091c  kdnic - ok
15:04:45.0529 0x091c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\Windows\system32\lsass.exe
15:04:45.0550 0x091c  KeyIso - ok
15:04:45.0577 0x091c  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:04:45.0595 0x091c  KSecDD - ok
15:04:45.0645 0x091c  [ 6D2EE96150E35B9EA49F2B481DE0369A, AC5915219FD81D89E444F6E86D71F7C495108FC35E7BD683321FC7006161AFE1 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:04:45.0661 0x091c  KSecPkg - ok
15:04:45.0683 0x091c  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:04:45.0696 0x091c  ksthunk - ok
15:04:45.0765 0x091c  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:04:45.0794 0x091c  KtmRm - ok
15:04:45.0855 0x091c  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:04:45.0883 0x091c  LanmanServer - ok
15:04:45.0920 0x091c  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:04:45.0941 0x091c  LanmanWorkstation - ok
15:04:46.0099 0x091c  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
15:04:46.0142 0x091c  lfsvc - ok
15:04:46.0184 0x091c  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:04:46.0198 0x091c  lltdio - ok
15:04:46.0249 0x091c  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:04:46.0270 0x091c  lltdsvc - ok
15:04:46.0324 0x091c  [ 4ACC60B4CBC911F3F34A1D66213BBBF5, C09A87ACAE0D41FD425BAF076FFE9B601DB89BB66199E5BD72FC59C6A8E449DB ] LMDriver        C:\Windows\System32\drivers\LMDriver.sys
15:04:46.0331 0x091c  LMDriver - ok
15:04:46.0343 0x091c  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:04:46.0356 0x091c  lmhosts - ok
15:04:46.0426 0x091c  [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:04:46.0453 0x091c  LMS - ok
15:04:46.0478 0x091c  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:04:46.0491 0x091c  LSI_SAS - ok
15:04:46.0548 0x091c  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:04:46.0562 0x091c  LSI_SAS2 - ok
15:04:46.0569 0x091c  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
15:04:46.0583 0x091c  LSI_SAS3 - ok
15:04:46.0590 0x091c  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
15:04:46.0603 0x091c  LSI_SSS - ok
15:04:46.0661 0x091c  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\Windows\System32\lsm.dll
15:04:46.0707 0x091c  LSM - ok
15:04:46.0755 0x091c  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:04:46.0770 0x091c  luafv - ok
15:04:46.0801 0x091c  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
15:04:46.0814 0x091c  MBAMSwissArmy - ok
15:04:46.0851 0x091c  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
15:04:46.0867 0x091c  megasas - ok
15:04:46.0941 0x091c  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
15:04:47.0003 0x091c  megasr - ok
15:04:47.0038 0x091c  [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
15:04:47.0059 0x091c  MEIx64 - ok
15:04:47.0132 0x091c  [ D0574EF9490EBD32DFA14D3C16195DE2, 7F5623562E74BD09717103247CE9155F07092BC633B5647ED3C99A95283413B4 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
15:04:47.0151 0x091c  mfeapfk - ok
15:04:47.0177 0x091c  [ 7B6A4509A2444F5F0689B2579E245177, 95A3A3560E253B7459F1B7C9E4E21008C725BA1A2C5F4E5FBAD1AB383058E2F6 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
15:04:47.0200 0x091c  mfeavfk - ok
15:04:47.0218 0x091c  [ DD19F44DE0F742B2E89FB6489A2F7197, B6BF5236181492B9996471469E18C3A11ECD6224BE740BA312771E1A7D4AD6BD ] mfeelamk        C:\Windows\system32\drivers\mfeelamk.sys
15:04:47.0232 0x091c  mfeelamk - ok
15:04:47.0267 0x091c  [ E7C6587AC8FB0BABEF6AB1733AFA8FEC, 1624B8D9C9431A2030B8C8CFAA90F56A9EE4039D2426A521C4102A68D2F8E3CD ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:04:47.0281 0x091c  mfefire - ok
15:04:47.0400 0x091c  [ 92AD9892D534CA58E020375C94E0307E, 3062625853C759852C5172040C69840315676A01A62EECFC53F55E6379DB190C ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
15:04:47.0423 0x091c  mfefirek - ok
15:04:47.0574 0x091c  [ B6622A5B197D021647AE20E0D4C229B9, 15D64928FDB207C183A69E7CFB90BFFBF25F1AB14059EDEFDF021F323025F4E8 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
15:04:47.0673 0x091c  mfehidk - ok
15:04:47.0718 0x091c  [ 64BAFB4E5377056CDD71531097D69F6E, 28B434C1DB9AD930C5A32584C51FE1B3A4526952EBC953DAE775701E270C76C5 ] mfevtp          C:\Windows\system32\mfevtps.exe
15:04:47.0730 0x091c  mfevtp - ok
15:04:47.0768 0x091c  [ A58F979117A424CDB33C21396887800F, E857E74BB08E49AEDC7EE21C9FDA36053113E04F8D29B9DBC3A2A3F0667915C6 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
15:04:47.0787 0x091c  mfewfpk - ok
15:04:47.0827 0x091c  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\Windows\system32\mmcss.dll
15:04:47.0842 0x091c  MMCSS - ok
15:04:47.0863 0x091c  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
15:04:47.0877 0x091c  Modem - ok
15:04:47.0893 0x091c  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
15:04:47.0926 0x091c  monitor - ok
15:04:47.0956 0x091c  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
15:04:47.0990 0x091c  mouclass - ok
15:04:48.0036 0x091c  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\Windows\System32\drivers\mouhid.sys
15:04:48.0058 0x091c  mouhid - ok
15:04:48.0086 0x091c  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:04:48.0099 0x091c  mountmgr - ok
15:04:48.0160 0x091c  [ A5F6ADC56FA516594E99C328A7E7FD54, 6FB011B00B8AB085F3083E967B89BBFCA1AC7677407E9E72AD582CCC8212D136 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:04:48.0173 0x091c  MozillaMaintenance - ok
15:04:48.0239 0x091c  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:04:48.0255 0x091c  mpsdrv - ok
15:04:48.0318 0x091c  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:04:48.0355 0x091c  MpsSvc - ok
15:04:48.0423 0x091c  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:04:48.0479 0x091c  MRxDAV - ok
15:04:48.0550 0x091c  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:04:48.0586 0x091c  mrxsmb - ok
15:04:48.0656 0x091c  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:04:48.0690 0x091c  mrxsmb10 - ok
15:04:48.0739 0x091c  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:04:48.0757 0x091c  mrxsmb20 - ok
15:04:48.0789 0x091c  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
15:04:48.0807 0x091c  MsBridge - ok
15:04:48.0864 0x091c  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\Windows\System32\msdtc.exe
15:04:48.0895 0x091c  MSDTC - ok
15:04:48.0940 0x091c  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:04:48.0962 0x091c  Msfs - ok
15:04:48.0977 0x091c  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
15:04:48.0992 0x091c  msgpiowin32 - ok
15:04:49.0008 0x091c  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:04:49.0021 0x091c  mshidkmdf - ok
15:04:49.0042 0x091c  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
15:04:49.0053 0x091c  mshidumdf - ok
15:04:49.0118 0x091c  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:04:49.0148 0x091c  msisadrv - ok
15:04:49.0186 0x091c  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:04:49.0204 0x091c  MSiSCSI - ok
15:04:49.0211 0x091c  msiserver - ok
15:04:49.0234 0x091c  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:04:49.0248 0x091c  MSKSSRV - ok
15:04:49.0350 0x091c  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
15:04:49.0390 0x091c  MsLldp - ok
15:04:49.0423 0x091c  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:04:49.0436 0x091c  MSPCLOCK - ok
15:04:49.0440 0x091c  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:04:49.0452 0x091c  MSPQM - ok
15:04:49.0490 0x091c  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:04:49.0513 0x091c  MsRPC - ok
15:04:49.0572 0x091c  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
15:04:49.0591 0x091c  mssmbios - ok
15:04:49.0606 0x091c  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:04:49.0661 0x091c  MSTEE - ok
15:04:49.0666 0x091c  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
15:04:49.0678 0x091c  MTConfig - ok
15:04:49.0692 0x091c  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\Windows\system32\Drivers\mup.sys
15:04:49.0706 0x091c  Mup - ok
15:04:49.0722 0x091c  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
15:04:49.0733 0x091c  mvumis - ok
15:04:49.0761 0x091c  [ FCDCFEDAF3C1D61DE11FA0DE9453699C, 4E79F1040E62B0DEE00F3035DBFE5241A459FE4C1A46337FF13A25FF8C5A64A5 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:04:49.0779 0x091c  MyWiFiDHCPDNS - ok
15:04:49.0808 0x091c  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\Windows\system32\qagentRT.dll
15:04:49.0833 0x091c  napagent - ok
15:04:49.0886 0x091c  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:04:49.0911 0x091c  NativeWifiP - ok
15:04:50.0038 0x091c  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
15:04:50.0080 0x091c  NAUpdate - ok
15:04:50.0157 0x091c  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\Windows\System32\ncasvc.dll
15:04:50.0194 0x091c  NcaSvc - ok
15:04:50.0227 0x091c  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\Windows\System32\ncbservice.dll
15:04:50.0245 0x091c  NcbService - ok
15:04:50.0250 0x091c  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
15:04:50.0283 0x091c  NcdAutoSetup - ok
15:04:50.0344 0x091c  [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:04:50.0386 0x091c  NDIS - ok
15:04:50.0437 0x091c  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:04:50.0451 0x091c  NdisCap - ok
15:04:50.0512 0x091c  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
15:04:50.0526 0x091c  NdisImPlatform - ok
15:04:50.0550 0x091c  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:04:50.0573 0x091c  NdisTapi - ok
15:04:50.0598 0x091c  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:04:50.0610 0x091c  Ndisuio - ok
15:04:50.0626 0x091c  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
15:04:50.0640 0x091c  NdisVirtualBus - ok
15:04:50.0653 0x091c  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:04:50.0672 0x091c  NdisWan - ok
15:04:50.0697 0x091c  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
15:04:50.0718 0x091c  NdisWanLegacy - ok
15:04:50.0733 0x091c  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:04:50.0748 0x091c  NDProxy - ok
15:04:50.0764 0x091c  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
15:04:50.0782 0x091c  Ndu - ok
15:04:50.0809 0x091c  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:04:50.0824 0x091c  NetBIOS - ok
15:04:50.0872 0x091c  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:04:50.0899 0x091c  NetBT - ok
15:04:50.0944 0x091c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\Windows\system32\lsass.exe
15:04:50.0972 0x091c  Netlogon - ok
15:04:51.0066 0x091c  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\Windows\System32\netman.dll
15:04:51.0116 0x091c  Netman - ok
15:04:51.0137 0x091c  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\Windows\System32\netprofmsvc.dll
15:04:51.0166 0x091c  netprofm - ok
15:04:51.0212 0x091c  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:04:51.0228 0x091c  NetTcpPortSharing - ok
15:04:51.0252 0x091c  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\Windows\system32\DRIVERS\netvsc63.sys
15:04:51.0267 0x091c  netvsc - ok
15:04:51.0386 0x091c  [ B6EDB4D2BA55CA06FF679FA4B885B1F4, 3A5E509B52216DEFBEDE2CA35C77A2AB8114E41D702765F6712DD8D24B394826 ] NETwNb64        C:\Windows\system32\DRIVERS\NETwbw02.sys
15:04:51.0484 0x091c  NETwNb64 - ok
15:04:51.0802 0x091c  [ B636B4A8E59A73033B766EA7FD7C3B81, CAC8614DEE83623DE56C969C668A33366793779084B6A23F59ADC98392115F8C ] NETwNe64        C:\Windows\system32\DRIVERS\NETwew02.sys
15:04:51.0949 0x091c  NETwNe64 - ok
15:04:51.0997 0x091c  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:04:52.0021 0x091c  NlaSvc - ok
15:04:52.0048 0x091c  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:04:52.0061 0x091c  Npfs - ok
15:04:52.0070 0x091c  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
15:04:52.0083 0x091c  npsvctrig - ok
15:04:52.0158 0x091c  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\Windows\system32\nsisvc.dll
15:04:52.0172 0x091c  nsi - ok
15:04:52.0212 0x091c  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:04:52.0224 0x091c  nsiproxy - ok
15:04:52.0562 0x091c  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:04:52.0634 0x091c  Ntfs - ok
15:04:52.0675 0x091c  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
15:04:52.0688 0x091c  Null - ok
15:04:52.0705 0x091c  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:04:52.0719 0x091c  nvraid - ok
15:04:52.0740 0x091c  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:04:52.0760 0x091c  nvstor - ok
15:04:52.0782 0x091c  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:04:52.0794 0x091c  nv_agp - ok
15:04:52.0886 0x091c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:04:52.0900 0x091c  ose - ok
15:04:53.0347 0x091c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:04:53.0470 0x091c  osppsvc - ok
15:04:53.0546 0x091c  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:04:53.0591 0x091c  p2pimsvc - ok
15:04:53.0731 0x091c  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:04:53.0769 0x091c  p2psvc - ok
15:04:53.0835 0x091c  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\Windows\System32\drivers\parport.sys
15:04:53.0856 0x091c  Parport - ok
15:04:53.0875 0x091c  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:04:53.0886 0x091c  partmgr - ok
15:04:53.0935 0x091c  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:04:53.0961 0x091c  PcaSvc - ok
15:04:54.0041 0x091c  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
15:04:54.0071 0x091c  pci - ok
15:04:54.0113 0x091c  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:04:54.0123 0x091c  pciide - ok
15:04:54.0152 0x091c  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:04:54.0166 0x091c  pcmcia - ok
15:04:54.0198 0x091c  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:04:54.0211 0x091c  pcw - ok
15:04:54.0257 0x091c  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\Windows\system32\drivers\pdc.sys
15:04:54.0285 0x091c  pdc - ok
15:04:54.0396 0x091c  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:04:54.0449 0x091c  PEAUTH - ok
15:04:54.0613 0x091c  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:04:54.0639 0x091c  PerfHost - ok
15:04:54.0719 0x091c  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\Windows\system32\pla.dll
15:04:54.0771 0x091c  pla - ok
15:04:54.0818 0x091c  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:04:54.0833 0x091c  PlugPlay - ok
15:04:54.0861 0x091c  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:04:54.0875 0x091c  PNRPAutoReg - ok
15:04:54.0942 0x091c  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:04:54.0963 0x091c  PNRPsvc - ok
15:04:55.0008 0x091c  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:04:55.0032 0x091c  PolicyAgent - ok
15:04:55.0081 0x091c  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\Windows\system32\umpo.dll
15:04:55.0097 0x091c  Power - ok
15:04:55.0229 0x091c  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
15:04:55.0331 0x091c  PrintNotify - ok
15:04:55.0404 0x091c  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
15:04:55.0419 0x091c  Processor - ok
15:04:55.0481 0x091c  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:04:55.0499 0x091c  ProfSvc - ok
15:04:55.0525 0x091c  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:04:55.0541 0x091c  Psched - ok
15:04:55.0583 0x091c  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\Windows\system32\qwave.dll
15:04:55.0606 0x091c  QWAVE - ok
15:04:55.0623 0x091c  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:04:55.0639 0x091c  QWAVEdrv - ok
15:04:55.0679 0x091c  [ 6A52182919E25FB56D253D389F92CE98, AE6497D5CF324CB813248ADECB0F53E5CB3D6C326774E2257319E4CE7782C591 ] RadioShim       C:\Windows\System32\drivers\RadioShim.sys
15:04:55.0687 0x091c  RadioShim - ok
15:04:55.0701 0x091c  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:04:55.0720 0x091c  RasAcd - ok
15:04:55.0761 0x091c  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\Windows\System32\rasauto.dll
15:04:55.0779 0x091c  RasAuto - ok
15:04:55.0913 0x091c  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\Windows\System32\rasmans.dll
15:04:55.0965 0x091c  RasMan - ok
15:04:56.0005 0x091c  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:04:56.0022 0x091c  RasPppoe - ok
15:04:56.0086 0x091c  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:04:56.0110 0x091c  rdbss - ok
15:04:56.0138 0x091c  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
15:04:56.0150 0x091c  rdpbus - ok
15:04:56.0182 0x091c  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:04:56.0196 0x091c  RDPDR - ok
15:04:56.0234 0x091c  [ 9F08A6608F98B5407E7DDBCF306573EF, 92812F97CFDB2EC128BC48143DE215B7D012B15D3FB4D2199222AD8C31DA5016 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:04:56.0245 0x091c  RdpVideoMiniport - ok
15:04:56.0308 0x091c  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:04:56.0325 0x091c  rdyboost - ok
15:04:56.0439 0x091c  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
15:04:56.0502 0x091c  ReFS - ok
15:04:56.0620 0x091c  [ 5B1F724CBCA8E08DC9D4C158C9BC1C1C, D5B170CF4B5420213130E151AFBBD9B84C5F7E710F5F67066E07095DEC1BD4B9 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:04:56.0630 0x091c  RegSrvc - ok
15:04:56.0681 0x091c  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:04:56.0699 0x091c  RemoteAccess - ok
15:04:56.0729 0x091c  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:04:56.0763 0x091c  RemoteRegistry - ok
15:04:56.0819 0x091c  [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
15:04:56.0836 0x091c  RFCOMM - ok
15:04:56.0903 0x091c  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:04:56.0922 0x091c  RpcEptMapper - ok
15:04:56.0943 0x091c  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\Windows\system32\locator.exe
15:04:56.0956 0x091c  RpcLocator - ok
15:04:57.0126 0x091c  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\Windows\system32\rpcss.dll
15:04:57.0175 0x091c  RpcSs - ok
15:04:57.0233 0x091c  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:04:57.0262 0x091c  rspndr - ok
15:04:57.0346 0x091c  [ 9F2A38C1170594CF493283CE0B987B70, 1CE15815DD54227C3C8ED4B2E4FA09EB3EB91D55379DC286AAC7A6001850CA98 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
15:04:57.0403 0x091c  RTL8168 - ok
15:04:57.0476 0x091c  [ 95C6FCB48AFEF9D8CCA17E7F2A022C75, 5D91E907A810E74EFEAC1288B18C09EEFDA55CEDDC60B7CE09953982FD43AA60 ] RTSPER          C:\Windows\system32\DRIVERS\RtsPer.sys
15:04:57.0514 0x091c  RTSPER - ok
15:04:57.0567 0x091c  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
15:04:57.0585 0x091c  s3cap - ok
15:04:57.0623 0x091c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\Windows\system32\lsass.exe
15:04:57.0635 0x091c  SamSs - ok
15:04:57.0668 0x091c  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:04:57.0683 0x091c  sbp2port - ok
15:04:57.0725 0x091c  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:04:57.0758 0x091c  SCardSvr - ok
15:04:57.0775 0x091c  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
15:04:57.0798 0x091c  ScDeviceEnum - ok
15:04:57.0833 0x091c  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:04:57.0867 0x091c  scfilter - ok
15:04:57.0966 0x091c  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\Windows\system32\schedsvc.dll
15:04:58.0025 0x091c  Schedule - ok
15:04:58.0093 0x091c  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:04:58.0113 0x091c  SCPolicySvc - ok
15:04:58.0214 0x091c  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
15:04:58.0232 0x091c  sdbus - ok
15:04:58.0308 0x091c  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
15:04:58.0320 0x091c  sdstor - ok
15:04:58.0354 0x091c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:04:58.0366 0x091c  secdrv - ok
15:04:58.0417 0x091c  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\Windows\system32\seclogon.dll
15:04:58.0452 0x091c  seclogon - ok
15:04:58.0489 0x091c  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\Windows\System32\sens.dll
15:04:58.0510 0x091c  SENS - ok
15:04:58.0551 0x091c  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:04:58.0571 0x091c  SensrSvc - ok
15:04:58.0595 0x091c  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
15:04:58.0612 0x091c  SerCx - ok
15:04:58.0681 0x091c  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
15:04:58.0695 0x091c  SerCx2 - ok
15:04:58.0718 0x091c  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\Windows\System32\drivers\serenum.sys
15:04:58.0732 0x091c  Serenum - ok
15:04:58.0789 0x091c  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
15:04:58.0807 0x091c  Serial - ok
15:04:58.0813 0x091c  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
15:04:58.0825 0x091c  sermouse - ok
15:04:58.0872 0x091c  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:04:58.0894 0x091c  SessionEnv - ok
15:04:58.0937 0x091c  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
15:04:58.0950 0x091c  sfloppy - ok
15:04:59.0022 0x091c  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:04:59.0078 0x091c  SharedAccess - ok
15:04:59.0215 0x091c  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:04:59.0284 0x091c  ShellHWDetection - ok
15:04:59.0319 0x091c  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:04:59.0341 0x091c  SiSRaid2 - ok
15:04:59.0350 0x091c  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:04:59.0368 0x091c  SiSRaid4 - ok
15:04:59.0458 0x091c  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\Windows\System32\smphost.dll
15:04:59.0483 0x091c  smphost - ok
15:04:59.0509 0x091c  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:04:59.0527 0x091c  SNMPTRAP - ok
15:04:59.0571 0x091c  [ 742E9D059ABEC5B2C4D2AEDEE8B6D130, 59E66EED8E50858E3AF337C4CC2B87111571ADDBBF02937DB983A2B67F2B7B5F ] Soluto          C:\Windows\system32\Drivers\Soluto.sys
15:04:59.0582 0x091c  Soluto - ok
15:04:59.0637 0x091c  [ E99DC2DEB1B357C7670D36DEE4ABB8AE, 65A5E245343DDA50772F39DE213E393DFDD73ACD566AE4D8AFF12BAE5B38F520 ] SolutoLauncherService C:\Program Files\Soluto\SolutoLauncherService.exe
15:04:59.0651 0x091c  SolutoLauncherService - ok
15:04:59.0709 0x091c  [ 9EBB8E4F7FF206A8B8C06B904B399BB6, 905FA4D3BEFAD2509EFADB27F3F043CBA0A231C18640672D5E8DB05B2BCBFF53 ] SolutoService   C:\Program Files\Soluto\SolutoService.exe
15:04:59.0731 0x091c  SolutoService - ok
15:04:59.0797 0x091c  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\Windows\system32\drivers\spaceport.sys
15:04:59.0823 0x091c  spaceport - ok
15:04:59.0878 0x091c  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
15:04:59.0891 0x091c  SpbCx - ok
15:05:00.0035 0x091c  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler         C:\Windows\System32\spoolsv.exe
15:05:00.0069 0x091c  Spooler - ok
15:05:00.0583 0x091c  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
15:05:00.0782 0x091c  sppsvc - ok
15:05:00.0903 0x091c  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:05:00.0945 0x091c  srv - ok
15:05:01.0031 0x091c  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:05:01.0057 0x091c  srv2 - ok
15:05:01.0092 0x091c  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:05:01.0238 0x091c  srvnet - ok
15:05:01.0293 0x091c  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:05:01.0317 0x091c  SSDPSRV - ok
15:05:01.0371 0x091c  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:05:01.0417 0x091c  SstpSvc - ok
15:05:01.0476 0x091c  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:05:01.0489 0x091c  stexstor - ok
15:05:01.0642 0x091c  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\Windows\System32\wiaservc.dll
15:05:01.0683 0x091c  stisvc - ok
15:05:01.0713 0x091c  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
15:05:01.0726 0x091c  storahci - ok
15:05:01.0752 0x091c  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
15:05:01.0763 0x091c  storflt - ok
15:05:01.0817 0x091c  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
15:05:01.0828 0x091c  stornvme - ok
15:05:01.0865 0x091c  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\Windows\system32\storsvc.dll
15:05:01.0879 0x091c  StorSvc - ok
15:05:01.0927 0x091c  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:05:01.0939 0x091c  storvsc - ok
15:05:01.0958 0x091c  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\Windows\system32\svsvc.dll
15:05:01.0977 0x091c  svsvc - ok
15:05:01.0990 0x091c  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\Windows\System32\drivers\swenum.sys
15:05:02.0001 0x091c  swenum - ok
15:05:02.0242 0x091c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:05:02.0272 0x091c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
15:05:04.0913 0x091c  Detect skipped due to KSN trusted
15:05:04.0915 0x091c  SwitchBoard - ok
15:05:05.0090 0x091c  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\Windows\System32\swprv.dll
15:05:05.0150 0x091c  swprv - ok
15:05:05.0317 0x091c  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\Windows\system32\sysmain.dll
15:05:05.0364 0x091c  SysMain - ok
15:05:05.0427 0x091c  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
15:05:05.0446 0x091c  SystemEventsBroker - ok
15:05:05.0507 0x091c  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\Windows\System32\TabSvc.dll
15:05:05.0524 0x091c  TabletInputService - ok
15:05:05.0554 0x091c  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:05:05.0575 0x091c  TapiSrv - ok
15:05:05.0872 0x091c  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:05:05.0957 0x091c  Tcpip - ok
15:05:06.0049 0x091c  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:05:06.0132 0x091c  TCPIP6 - ok
15:05:06.0196 0x091c  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:05:06.0211 0x091c  tcpipreg - ok
15:05:06.0268 0x091c  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:05:06.0283 0x091c  tdx - ok
15:05:06.0323 0x091c  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
15:05:06.0336 0x091c  terminpt - ok
15:05:06.0471 0x091c  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\Windows\System32\termsrv.dll
15:05:06.0515 0x091c  TermService - ok
15:05:06.0546 0x091c  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\Windows\system32\themeservice.dll
15:05:06.0573 0x091c  Themes - ok
15:05:06.0600 0x091c  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\Windows\system32\mmcss.dll
15:05:06.0619 0x091c  THREADORDER - ok
15:05:06.0643 0x091c  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
15:05:06.0669 0x091c  TimeBroker - ok
15:05:06.0756 0x091c  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\Windows\system32\drivers\tpm.sys
15:05:06.0781 0x091c  TPM - ok
15:05:06.0840 0x091c  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\Windows\System32\trkwks.dll
15:05:06.0862 0x091c  TrkWks - ok
15:05:06.0969 0x091c  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:05:06.0986 0x091c  TrustedInstaller - ok
15:05:07.0013 0x091c  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:05:07.0027 0x091c  TsUsbFlt - ok
15:05:07.0034 0x091c  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
15:05:07.0046 0x091c  TsUsbGD - ok
15:05:07.0091 0x091c  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:05:07.0114 0x091c  tunnel - ok
15:05:07.0128 0x091c  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:05:07.0142 0x091c  uagp35 - ok
15:05:07.0167 0x091c  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
15:05:07.0182 0x091c  UASPStor - ok
15:05:07.0232 0x091c  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
15:05:07.0249 0x091c  UCX01000 - ok
15:05:07.0351 0x091c  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:05:07.0396 0x091c  udfs - ok
15:05:07.0415 0x091c  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
15:05:07.0425 0x091c  UEFI - ok
15:05:07.0464 0x091c  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:05:07.0486 0x091c  UI0Detect - ok
15:05:07.0524 0x091c  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:05:07.0536 0x091c  uliagpkx - ok
15:05:07.0565 0x091c  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
15:05:07.0581 0x091c  umbus - ok
15:05:07.0603 0x091c  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
15:05:07.0620 0x091c  UmPass - ok
15:05:07.0723 0x091c  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:05:07.0780 0x091c  UmRdpService - ok
15:05:07.0894 0x091c  [ 79E4991779D10F9475CA390473723554, 6DAC3543C4FB599CF8893FF59D99A8FC50757ED17CCF6CB3D25AC194A5F95625 ] Unchecky        C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
15:05:07.0909 0x091c  Unchecky - ok
15:05:08.0052 0x091c  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\Windows\System32\upnphost.dll
15:05:08.0080 0x091c  upnphost - ok
15:05:08.0156 0x091c  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
15:05:08.0189 0x091c  usbccgp - ok
15:05:08.0248 0x091c  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
15:05:08.0272 0x091c  usbcir - ok
15:05:08.0317 0x091c  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
15:05:08.0339 0x091c  usbehci - ok
15:05:08.0409 0x091c  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
15:05:08.0438 0x091c  usbhub - ok
15:05:08.0476 0x091c  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
15:05:08.0524 0x091c  USBHUB3 - ok
15:05:08.0605 0x091c  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
15:05:08.0618 0x091c  usbohci - ok
15:05:08.0636 0x091c  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
15:05:08.0649 0x091c  usbprint - ok
15:05:08.0719 0x091c  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
15:05:08.0735 0x091c  USBSTOR - ok
15:05:08.0764 0x091c  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
15:05:08.0780 0x091c  usbuhci - ok
15:05:08.0838 0x091c  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:05:08.0857 0x091c  usbvideo - ok
15:05:08.0919 0x091c  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
15:05:08.0945 0x091c  USBXHCI - ok
15:05:09.0101 0x091c  [ 64F917E6990F28B119E3AA5A7995AD66, EFE8A3A04B0ED2BFAEA942E3918C5AE9B28E1C3964DE0CEDBE9B07C6E9607602 ] USecuAppSvc     C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe
15:05:09.0138 0x091c  USecuAppSvc - ok
15:05:09.0173 0x091c  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:05:09.0194 0x091c  VaultSvc - ok
15:05:09.0215 0x091c  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:05:09.0226 0x091c  vdrvroot - ok
15:05:09.0383 0x091c  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\Windows\System32\vds.exe
15:05:09.0448 0x091c  vds - ok
15:05:09.0506 0x091c  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
15:05:09.0524 0x091c  VerifierExt - ok
15:05:09.0769 0x091c  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
15:05:09.0989 0x091c  vhdmp - ok
15:05:10.0020 0x091c  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:05:10.0031 0x091c  viaide - ok
15:05:10.0049 0x091c  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:05:10.0061 0x091c  vmbus - ok
15:05:10.0066 0x091c  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
15:05:10.0077 0x091c  VMBusHID - ok
15:05:10.0142 0x091c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
15:05:10.0168 0x091c  vmicguestinterface - ok
15:05:10.0185 0x091c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
15:05:10.0212 0x091c  vmicheartbeat - ok
15:05:10.0229 0x091c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
15:05:10.0253 0x091c  vmickvpexchange - ok
15:05:10.0273 0x091c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\Windows\System32\ICSvc.dll
15:05:10.0297 0x091c  vmicrdv - ok
15:05:10.0375 0x091c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
15:05:10.0399 0x091c  vmicshutdown - ok
15:05:10.0474 0x091c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\Windows\System32\ICSvc.dll
15:05:10.0502 0x091c  vmictimesync - ok
15:05:10.0523 0x091c  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\Windows\System32\ICSvc.dll
15:05:10.0547 0x091c  vmicvss - ok
15:05:10.0587 0x091c  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:05:10.0600 0x091c  volmgr - ok
15:05:10.0618 0x091c  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:05:10.0640 0x091c  volmgrx - ok
15:05:10.0707 0x091c  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:05:10.0730 0x091c  volsnap - ok
15:05:10.0798 0x091c  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\Windows\System32\drivers\vpci.sys
15:05:10.0813 0x091c  vpci - ok
15:05:10.0838 0x091c  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:05:10.0852 0x091c  vsmraid - ok
15:05:11.0029 0x091c  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\Windows\system32\vssvc.exe
15:05:11.0121 0x091c  VSS - ok
15:05:11.0214 0x091c  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
15:05:11.0234 0x091c  VSTXRAID - ok
15:05:11.0323 0x091c  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:05:11.0352 0x091c  vwifibus - ok
15:05:11.0415 0x091c  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:05:11.0439 0x091c  vwififlt - ok
15:05:11.0481 0x091c  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:05:11.0500 0x091c  vwifimp - ok
15:05:11.0577 0x091c  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\Windows\system32\w32time.dll
15:05:11.0606 0x091c  W32Time - ok
15:05:11.0666 0x091c  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
15:05:11.0684 0x091c  WacomPen - ok
15:05:11.0779 0x091c  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\Windows\system32\wbengine.exe
15:05:11.0841 0x091c  wbengine - ok
15:05:11.0910 0x091c  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:05:11.0934 0x091c  WbioSrvc - ok
15:05:11.0987 0x091c  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
15:05:12.0011 0x091c  Wcmsvc - ok
15:05:12.0132 0x091c  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:05:12.0167 0x091c  wcncsvc - ok
15:05:12.0218 0x091c  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:05:12.0234 0x091c  WcsPlugInService - ok
15:05:12.0271 0x091c  [ 0359607177E5E9F6041136CC0A5CB0B6, 16687BE2639648CF46E8768BA1798030472C525612C629BF134D053240E2195B ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
15:05:12.0283 0x091c  WdBoot - ok
15:05:12.0328 0x091c  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\System32\drivers\wdcsam64.sys
15:05:12.0344 0x091c  WDC_SAM - ok
15:05:12.0505 0x091c  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:05:12.0594 0x091c  Wdf01000 - ok
15:05:12.0644 0x091c  [ DE8D12B4C3F55FA2C5E9774314F6C58A, C3E835DC066A94E1431BCDC90D7EA27AAC6F82826F4A5527B37D865241D7A366 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
15:05:12.0661 0x091c  WdFilter - ok
15:05:12.0691 0x091c  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:05:12.0712 0x091c  WdiServiceHost - ok
15:05:12.0717 0x091c  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:05:12.0737 0x091c  WdiSystemHost - ok
15:05:12.0769 0x091c  [ 4AD874CDC812EC156265E451B6B09DAB, 6E3E05B8301841425E9BB0D54B35EF386B78EEB307B5A6153FD1F366D30F23FA ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
15:05:12.0786 0x091c  WdNisDrv - ok
15:05:12.0814 0x091c  WdNisSvc - ok
15:05:12.0888 0x091c  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\Windows\System32\webclnt.dll
15:05:12.0928 0x091c  WebClient - ok
15:05:13.0004 0x091c  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:05:13.0050 0x091c  Wecsvc - ok
15:05:13.0072 0x091c  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
15:05:13.0109 0x091c  WEPHOSTSVC - ok
15:05:13.0162 0x091c  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:05:13.0192 0x091c  wercplsupport - ok
15:05:13.0253 0x091c  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:05:13.0278 0x091c  WerSvc - ok
15:05:13.0324 0x091c  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
15:05:13.0339 0x091c  WFPLWFS - ok
15:05:13.0351 0x091c  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\Windows\System32\wiarpc.dll
15:05:13.0366 0x091c  WiaRpc - ok
15:05:13.0390 0x091c  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:05:13.0402 0x091c  WIMMount - ok
15:05:13.0407 0x091c  WinDefend - ok
15:05:13.0510 0x091c  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
15:05:13.0549 0x091c  WinHttpAutoProxySvc - ok
15:05:13.0689 0x091c  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:05:13.0710 0x091c  Winmgmt - ok
15:05:13.0831 0x091c  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:05:13.0914 0x091c  WinRM - ok
15:05:14.0081 0x091c  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\Windows\System32\wlansvc.dll
15:05:14.0154 0x091c  WlanSvc - ok
15:05:14.0352 0x091c  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
15:05:14.0449 0x091c  wlidsvc - ok
15:05:14.0471 0x091c  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
15:05:14.0494 0x091c  WmiAcpi - ok
15:05:14.0548 0x091c  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:05:14.0565 0x091c  wmiApSrv - ok
15:05:14.0585 0x091c  WMPNetworkSvc - ok
15:05:14.0635 0x091c  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
15:05:14.0649 0x091c  Wof - ok
15:05:14.0795 0x091c  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
15:05:14.0871 0x091c  workfolderssvc - ok
15:05:14.0924 0x091c  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
15:05:14.0937 0x091c  wpcfltr - ok
15:05:14.0982 0x091c  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:05:15.0009 0x091c  WPCSvc - ok
15:05:15.0051 0x091c  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:05:15.0073 0x091c  WPDBusEnum - ok
15:05:15.0097 0x091c  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
15:05:15.0111 0x091c  WpdUpFltr - ok
15:05:15.0124 0x091c  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:05:15.0138 0x091c  ws2ifsl - ok
15:05:15.0192 0x091c  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:05:15.0211 0x091c  wscsvc - ok
15:05:15.0253 0x091c  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
15:05:15.0266 0x091c  WSDPrintDevice - ok
15:05:15.0270 0x091c  WSearch - ok
15:05:15.0437 0x091c  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\Windows\System32\WSService.dll
15:05:15.0556 0x091c  WSService - ok
15:05:15.0841 0x091c  [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:05:15.0961 0x091c  wuauserv - ok
15:05:16.0024 0x091c  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:05:16.0038 0x091c  WudfPf - ok
15:05:16.0062 0x091c  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
15:05:16.0076 0x091c  WUDFRd - ok
15:05:16.0084 0x091c  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\Windows\System32\drivers\WUDFRd.sys
15:05:16.0099 0x091c  WUDFSensorLP - ok
15:05:16.0128 0x091c  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:05:16.0144 0x091c  wudfsvc - ok
15:05:16.0188 0x091c  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
15:05:16.0204 0x091c  WUDFWpdFs - ok
15:05:16.0272 0x091c  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:05:16.0299 0x091c  WwanSvc - ok
15:05:16.0740 0x091c  [ C4C5C3198C3261BEC89E6C3631047BAF, 78E5604B4B2A184B328C0669781DF11A35AFC04E7375CAB4DB9A48D74929137D ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
15:05:16.0864 0x091c  ZeroConfigService - ok
15:05:16.0897 0x091c  ================ Scan global ===============================
15:05:16.0948 0x091c  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\Windows\system32\basesrv.dll
15:05:17.0028 0x091c  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\Windows\system32\winsrv.dll
15:05:17.0073 0x091c  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\Windows\system32\sxssrv.dll
15:05:17.0164 0x091c  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\Windows\system32\services.exe
15:05:17.0190 0x091c  [ Global ] - ok
15:05:17.0191 0x091c  ================ Scan MBR ==================================
15:05:17.0206 0x091c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
15:05:17.0394 0x091c  \Device\Harddisk0\DR0 - ok
15:05:17.0397 0x091c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
15:05:17.0428 0x091c  \Device\Harddisk1\DR1 - ok
15:05:17.0441 0x091c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
15:05:17.0852 0x091c  \Device\Harddisk2\DR2 - ok
15:05:17.0853 0x091c  ================ Scan VBR ==================================
15:05:17.0869 0x091c  [ A02E9A89C3853BFBD21C330485503EDA ] \Device\Harddisk0\DR0\Partition1
15:05:17.0886 0x091c  \Device\Harddisk0\DR0\Partition1 - ok
15:05:17.0919 0x091c  [ 201D9EBD42C847B4C352FA39DD513983 ] \Device\Harddisk0\DR0\Partition2
15:05:17.0943 0x091c  \Device\Harddisk0\DR0\Partition2 - ok
15:05:17.0962 0x091c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
15:05:17.0962 0x091c  \Device\Harddisk0\DR0\Partition3 - ok
15:05:17.0971 0x091c  [ 064141805C7B7E16528FAE69564B5E82 ] \Device\Harddisk0\DR0\Partition4
15:05:18.0004 0x091c  \Device\Harddisk0\DR0\Partition4 - ok
15:05:18.0042 0x091c  [ 662DFA44A428E610118D336288A6292A ] \Device\Harddisk0\DR0\Partition5
15:05:18.0063 0x091c  \Device\Harddisk0\DR0\Partition5 - ok
15:05:18.0066 0x091c  [ 36375F6B34533DC74379956ACE27E827 ] \Device\Harddisk1\DR1\Partition1
15:05:18.0066 0x091c  \Device\Harddisk1\DR1\Partition1 - ok
15:05:18.0069 0x091c  [ 730B058C7F5166577257A008869AEE6E ] \Device\Harddisk2\DR2\Partition1
15:05:18.0070 0x091c  \Device\Harddisk2\DR2\Partition1 - ok
15:05:18.0071 0x091c  ================ Scan generic autorun ======================
15:05:18.0163 0x091c  [ D31CE5E6AAB2EDAE45E84FCC60814D97, 5C6D0B91F3F49AB6B9284B769ED905FDA2362DF6A1CF725BBD4C2AE2F5F376EB ] C:\Windows\system32\igfxtray.exe
15:05:18.0182 0x091c  IgfxTray - ok
15:05:18.0263 0x091c  [ 85F94C6528AF5855CE38C6852A215A76, 81900FCEF15F5FF4DACF82A6F0E30301E1D04B327DC674E97EA2DC4648FD8719 ] C:\Windows\system32\hkcmd.exe
15:05:18.0291 0x091c  HotKeysCmds - ok
15:05:18.0386 0x091c  [ 1C0E99738F8C1FE9162B743207A16F5D, E3EF02EDCBA2D4B2D7B069065BE814EDA9D47FB0ABD79A1405292C9EB420EE3C ] C:\Windows\system32\igfxpers.exe
15:05:18.0446 0x091c  Persistence - ok
15:05:18.0453 0x091c  BTMTrayAgent - ok
15:05:18.0453 0x091c  ETDCtrl - ok
15:05:19.0188 0x091c  [ 66EB84DA5F31FDA757336444B8D1E3B2, FECAB747B321AD6ED2336C1FB2E756C39883275ED54A559CF7B6989DEA4DD7EB ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:05:19.0517 0x091c  RtHDVCpl - ok
15:05:19.0602 0x091c  [ D8AB6AC4A2D30641C9544021373B47EB, A0553AFB3B186D8EA28CF056139FA5AA150D6BD31E36E5EB9D5DD5940A90CA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
15:05:19.0642 0x091c  RtHDVBg_Dolby - ok
15:05:19.0685 0x091c  [ 6E0BDFBEEED65B017F2E4C2C910B0520, 54D798C2E2804DCDB84E9650EA4A032C669B10C586B396D5505F16235D83882C ] C:\Windows\system32\rundll32.exe
15:05:19.0705 0x091c  Logitech Download Assistant - ok
15:05:19.0844 0x091c  [ 393F021E2A9FA19AC94BA4482E32FC6C, 8DC7A061643099B8A1915ADB59D89912A117883D4194BCC05F653E19DFD321A9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
15:05:19.0865 0x091c  AdobeAAMUpdater-1.0 - ok
15:05:19.0902 0x091c  [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:05:19.0920 0x091c  SunJavaUpdateSched - ok
15:05:19.0999 0x091c  [ 0EF0822810009D58118CCDFD098FA9F4, 9FAA263057898BCDBCB0A064C463F48D149474AA339A3C4C47626CC118750D2D ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
15:05:20.0012 0x091c  iTunesHelper - ok
15:05:20.0287 0x091c  [ 7E713E2ED0226EA82E97A630684115BE, C99F83CF01E7926DE8D2FBCDFA9565D2BCC2D156976458367AEBDB3B327FB849 ] C:\Program Files (x86)\AVG\AVG2015\avgui.exe
15:05:20.0371 0x091c  AVG_UI - ok
15:05:20.0413 0x091c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:05:20.0447 0x091c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
15:05:20.0447 0x091c  Detect skipped due to KSN trusted
15:05:20.0447 0x091c  SwitchBoard - ok
15:05:20.0586 0x091c  [ E1636F57581CAB5D995FD54D2991EF57, BB6B3D005054D386D596A4BA4D9D2F1284D7C845C1CD5EE63775B4569559E0EB ] C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
15:05:20.0632 0x091c  AdobeCS5.5ServiceManager - ok
15:05:20.0680 0x091c  Skype - ok
15:05:20.0682 0x091c  Waiting for KSN requests completion. In queue: 125
15:05:21.0684 0x091c  Waiting for KSN requests completion. In queue: 125
15:05:22.0685 0x091c  Waiting for KSN requests completion. In queue: 125
15:05:23.0709 0x091c  AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe ( 15.0.0.5645 ), 0x41000 ( enabled : updated )
15:05:23.0742 0x091c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x60100 ( disabled : updated )
15:05:23.0745 0x091c  Win FW state via NFP2: enabled
15:05:26.0294 0x091c  ============================================================
15:05:26.0294 0x091c  Scan finished
15:05:26.0294 0x091c  ============================================================
15:05:26.0326 0x1810  Detected object count: 0
15:05:26.0326 0x1810  Actual detected object count: 0


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 23 January 2015 - 04:15 PM

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Step 1

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    resethosts;
    autoclean;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 sparklynnprez

sparklynnprez
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 23 January 2015 - 04:52 PM

Here is the log:

 

 
Zoek.exe v5.0.0.0 Updated 18-01-2015
Tool run by AcerPC on Fri 01/23/2015 at 15:23:13.09.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\AcerPC\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
1/23/2015 3:24:35 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Reset Hosts File ======================
 
# Copyright © 1993-2006 Microsoft Corp. 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# For example: 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
127.0.0.1       localhost 
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\AcerPC\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Services(whitelist) ======================
Powered by E Dev
 
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\avg2015\avgidsagent.exe
R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\avg2015\avgwdsvc.exe
R2 - [Bluetooth Device Monitor] - Bluetooth Device Monitor - c:\program files (x86)\intel\bluetooth\devmonsrv.exe
R2 - [Bluetooth OBEX Service] - Bluetooth OBEX Service - c:\program files (x86)\intel\bluetooth\obexsrv.exe
R2 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
R2 - [DACoreService] - Dragon Assistant Core - c:\program files (x86)\nuance\dragon assistant\core\dacore.exe
R2 - [ETDService] - Elan Service - c:\program files\elantech\etdservice.exe
R2 - [EvtEng] - Intel® PROSet/Wireless Event Log - c:\program files\intel\wifi\bin\evteng.exe
R2 - [ExpressCache] - ExpressCache - c:\program files\condusiv technologies\expresscache\expresscache.exe
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
R2 - [Intel® Wireless Bluetooth® 4.0 Radio Management] - Intel® Wireless Bluetooth® 4.0 Radio Management - c:\program files (x86)\intel\bluetooth\ibtrksrv.exe
R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
R2 - [mfefire] - McAfee Firewall Core Service - c:\program files\common files\mcafee\systemcore\\mfefire.exe
R2 - [mfevtp] - McAfee Validation Trust Protection Service - c:\windows\system32\mfevtps.exe
R2 - [NAUpdate] - Nero Update - c:\program files (x86)\nero\update\nasvc.exe
R2 - [RegSrvc] - Intel® PROSet/Wireless Registry Service - c:\program files\common files\intel\wirelesscommon\regsrvc.exe
R2 - [SolutoLauncherService] - Soluto Launcher Service - c:\program files\soluto\solutolauncherservice.exe
R2 - [SolutoService] - Soluto PCGenome Core Service - c:\program files\soluto\solutoservice.exe
R2 - [Unchecky] - Unchecky - c:\program files (x86)\unchecky\bin\unchecky_svc.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R2 - [ZeroConfigService] - Intel® PROSet/Wireless Zero Configuration Service - c:\program files\intel\wifi\bin\zeroconfigservice.exe
R3 - [ePowerSvc] - ePower Service - c:\program files\acer\acer power management\epowersvc.exe
R3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel® Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Intel® Capability Licensing Service TCP IP Interface] - Intel® Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - c:\program files\intel\wifi\bin\pandhcpdns.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [SwitchBoard] - Adobe SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [USecuAppSvc] - Acer Theft Shield Service - c:\program files\acer\acer theft shield\usecuappsvc.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Users\AcerPC\AppData\Local\AVG Web TuneUp deleted
C:\Program Files\AVG Web TuneUp deleted
C:\Users\Public\Pokki deleted
C:\PROGRA~3\AVG Web TuneUp deleted
C:\PROGRA~3\Avg_Update_1214tb deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\AcerPC\AppData\Local\Pokki deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\AcerPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\AcerPC\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
"C:\Windows\Installer\ae79b.msi" deleted
"C:\PROGRA~2\AVG Web TuneUp\TBAPI.dll" deleted
"C:\PROGRA~2\AVG Web TuneUp" not deleted
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8073 MB
CPU Info: Intel® Core™ i5-4200U CPU @ 1.60GHz
CPU Speed: 2343.9 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | Intel® HD Graphics Family
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1280 X 720 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Intel® Dual Band Wireless-N 7260 | Realtek PCIe GBE Family Controller
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  447.3GB
Hard Disks - Free: C:  297.3GB
Manufacturer *: Insyde Corp.
BIOS Info: AT/AT COMPATIBLE |  | ACRSYS - 1
Time Zone: Central Standard Time
Motherboard *: Acer Polaris_HW
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated)
Default Browser: Google Chrome 40.0.2214.91
Internet Explorer Version: 11.0.9600.17498 
Mozilla Firefox version: 33.0.2 (x86 en-US)
Google Chrome version: 40.0.2214.91
Adobe Reader version: 11.0.10.32
Sun Java version: 1.8.0_25 (32-bit) 
Sun Java version: 1.8.0_25 (64-bit) 
Flash Player version: 10.2.153.1
Shockwave Player version: 12.1.3r153
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\AcerPC\AppData\Local\Temp ====
2015-01-23 16:13:43 97511FE2CA09CC2E06C3CD6519C3494E 43008 ----a-w- C:\Users\AcerPC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsdntti.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-01-14 21:23:44 DCE9FD22B136C127C85F285E083B928B 65536 ----a-w- C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 21:23:27 D9F17FC61102D89A67A2AA3DD21231F5 33584 ----a-w- C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 21:23:27 BFFD9961B29DAB8084278DB2314D6027 33280 ----a-w- C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 21:23:27 B5867FF96CD0F7712CB4985EAC9F9147 370424 ----a-w- C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 21:23:27 7C36A441C73F079781ABA8F3DAEDFB37 136296 ----a-w- C:\Windows\SysWOW64\wermgr.exe
2015-01-14 21:23:27 7B2643AE85322EA168B0E760B73258FF 424544 ----a-w- C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 21:23:27 4B07B24705A9225EB565650569BDA26B 344536 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 21:23:27 1F9C1925A85C6CC592C2FF612A610412 372408 ----a-w- C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 21:23:27 1EB1C1E43C1901865C5AE34A9771C069 448792 ----a-w- C:\Windows\SysWOW64\wer.dll
2015-01-14 21:23:27 1275462A4337DBC5518859316BEF262C 413136 ----a-w- C:\Windows\SysWOW64\WerFault.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-01-14 21:23:57 19424364D8C03B990C4281BE53963FD0 225280 ----a-w- C:\Windows\Sysnative\profsvc.dll
2015-01-14 21:23:55 29A888F3136B2643E22113B5422B46F9 87040 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2015-01-14 21:23:44 FE11972797DED38CA55E88BD3579F6A2 360448 ----a-w- C:\Windows\Sysnative\ncsi.dll
2015-01-14 21:23:44 E94EB2A95D7D016E119C4D6868788831 391680 ----a-w- C:\Windows\Sysnative\nlasvc.dll
2015-01-14 21:23:44 6319232C1CE39AC35316CF51910EEEB5 86016 ----a-w- C:\Windows\Sysnative\nlaapi.dll
2015-01-14 21:23:27 E24D3259769A0218FE19BB306821C2E5 394120 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll
2015-01-14 21:23:27 D1E3B8D9130C70F6A3D4FDB52373FF34 37888 ----a-w- C:\Windows\Sysnative\werdiagcontroller.dll
2015-01-14 21:23:27 A41B72F81B389786805CC4D5767B5FBC 531616 ----a-w- C:\Windows\Sysnative\ci.dll
2015-01-14 21:23:27 9404704666256045F5BA9B290953B4D0 38264 ----a-w- C:\Windows\Sysnative\WerFaultSecure.exe
2015-01-14 21:23:27 8EBC741DDE9409038262E2F317ED7CCE 535640 ----a-w- C:\Windows\Sysnative\wer.dll
2015-01-14 21:23:27 8779FDAE68BC948B0FE152E758CC8DA7 229888 ----a-w- C:\Windows\Sysnative\AudioEndpointBuilder.dll
2015-01-14 21:23:27 770BAA636F3B61DA7E414421444F84FD 272248 ----a-w- C:\Windows\Sysnative\audiodg.exe
2015-01-14 21:23:27 6F237EE5DDA34EAF3D9C79D4A283E250 482872 ----a-w- C:\Windows\Sysnative\AudioEng.dll
2015-01-14 21:23:27 6DCD12586353DC6307AC781045CA13A4 465320 ----a-w- C:\Windows\Sysnative\WerFault.exe
2015-01-14 21:23:27 61EA45A645854FE81D8A924E2D93DFFE 911360 ----a-w- C:\Windows\Sysnative\audiosrv.dll
2015-01-14 21:23:27 428F083690D7AAA012338FD5A0663EE3 500016 ----a-w- C:\Windows\Sysnative\AudioSes.dll
2015-01-14 21:23:27 41C501FD9D42F3F04A8532C73E09F356 108944 ----a-w- C:\Windows\Sysnative\EncDump.dll
2015-01-14 21:23:27 2C354FA91EF605007FD11BB89EED2266 413248 ----a-w- C:\Windows\Sysnative\Faultrep.dll
2015-01-14 21:23:27 0BCDEB035B9346D3C3C6C8BB1AA7F38C 139984 ----a-w- C:\Windows\Sysnative\wermgr.exe
====== C:\Windows\Sysnative\drivers =====
2015-01-14 21:23:51 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\Windows\Sysnative\drivers\ahcache.sys
2015-01-14 21:23:50 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys
====== C:\Windows\Tasks ======
2015-01-05 15:46:54 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-09 20:43:05 -------- d-----w- C:\Program Files\KONICA MINOLTA
======= C:\PROGRA~2 =====
======= C: =====
2015-01-23 19:46:18 !HASH: COULD NOT OPEN FILE !!!!! 0 --sha-w- C:\DkHyperbootSync
====== C:\Users\AcerPC\AppData\Roaming ======
2015-01-15 22:20:05 -------- d-----w- C:\Users\AcerPC\AppData\Local\ElevatedDiagnostics
2015-01-12 16:44:51 -------- d-----w- C:\Users\Default\AppData\Roaming\TuneUp Software
2015-01-12 16:44:51 -------- d-----w- C:\Users\Default User\AppData\Roaming\TuneUp Software
====== C:\Users\AcerPC ======
2015-01-23 19:09:27 DD55080C38BF607930A99950B95B0814 2126848 ----a-w- C:\Users\AcerPC\Desktop\FRST64.exe
2015-01-23 18:48:45 EB37771FE67C0BE822195BB437AF20A8 401920 ----a-w- C:\Users\AcerPC\Desktop\MiniToolBox.exe
2015-01-22 22:10:27 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\AcerPC\Desktop\AdwCleaner (1).exe
2015-01-22 22:10:11 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\AcerPC\Downloads\AdwCleaner.exe
2015-01-22 20:41:24 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\Users\AcerPC\Desktop\tdsskiller.exe
2015-01-22 20:40:23 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\Users\AcerPC\Downloads\TDSSKiller.exe
 
====== C: exe-files ==
2015-01-23 21:03:20 14238D58C271F9EADB32516334727C70 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1094781392-2095679774-3273041629-1001\$I49LZ50.exe
2015-01-23 19:09:27 DD55080C38BF607930A99950B95B0814 2126848 ----a-w- C:\Users\AcerPC\Desktop\FRST64.exe
2015-01-23 18:48:45 EB37771FE67C0BE822195BB437AF20A8 401920 ----a-w- C:\Users\AcerPC\Desktop\MiniToolBox.exe
2015-01-23 17:37:21 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\9A81CCFD-7938-43DD-95CC-7CA43382561A\DismHost.exe
2015-01-23 17:18:55 DEA8F52EACE7BE0CB4F48622F01D9362 53720 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_8545eee6-6c3f-4725-8cdf-b211a2348316\PCGAppControlPluginLoader.exe
2015-01-23 17:18:53 DEA8F52EACE7BE0CB4F48622F01D9362 53720 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_c93a31bc-3e90-4b71-9f0f-dd0d5045f374\PCGAppControlPluginLoader.exe
2015-01-22 22:10:27 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\AcerPC\Desktop\AdwCleaner (1).exe
2015-01-22 22:10:11 6EA377DA154B0111D59AE70C35F9864E 2186752 ----a-w- C:\Users\AcerPC\Downloads\AdwCleaner.exe
2015-01-22 20:41:24 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\Users\AcerPC\Desktop\tdsskiller.exe
2015-01-22 20:41:24 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\$Recycle.Bin\S-1-5-21-1094781392-2095679774-3273041629-1001\$R49LZ50.exe
2015-01-22 20:40:23 9C5DAAED3B3C06DBC95228CC407B8B70 4197016 ----a-w- C:\Users\AcerPC\Downloads\TDSSKiller.exe
2015-01-22 17:18:50 DEA8F52EACE7BE0CB4F48622F01D9362 53720 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_2b08ab4d-87a5-4871-86af-be0fc19947ff\PCGAppControlPluginLoader.exe
2015-01-22 17:18:48 DEA8F52EACE7BE0CB4F48622F01D9362 53720 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_0c584e1e-35d2-4425-ab6c-0fd59b60bee0\PCGAppControlPluginLoader.exe
2015-01-21 21:45:32 F1A2E9146124E17D752AAACAE7D8F6EC 7265872 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.91\40.0.2214.91_39.0.2171.99_chrome_updater.exe
2015-01-21 16:49:17 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\53AEC2AA-2837-493A-92ED-E1EC8E42F5D2\DismHost.exe
2015-01-21 16:24:54 DEA8F52EACE7BE0CB4F48622F01D9362 53720 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_81bda1ff-4659-4451-8469-12aea7e9daf3\PCGAppControlPluginLoader.exe
2015-01-21 16:24:52 DEA8F52EACE7BE0CB4F48622F01D9362 53720 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_98b6b800-7938-415f-8086-d53f67451d31\PCGAppControlPluginLoader.exe
2015-01-20 19:42:18 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\F590832A-1B5F-45CF-91D3-777EAA96B315\DismHost.exe
2015-01-20 16:17:58 DEA8F52EACE7BE0CB4F48622F01D9362 53720 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_15d3f815-ef67-4d1b-9417-fdc451a1c85a\PCGAppControlPluginLoader.exe
2015-01-20 16:17:57 DEA8F52EACE7BE0CB4F48622F01D9362 53720 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_91b321d1-64e1-4da8-b5e1-5c344b79a3df\PCGAppControlPluginLoader.exe
2015-01-19 16:11:31 DEA8F52EACE7BE0CB4F48622F01D9362 53720 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_691798cc-f6d3-441c-bd46-d0eb0fbd74b9\PCGAppControlPluginLoader.exe
2015-01-19 16:11:29 DEA8F52EACE7BE0CB4F48622F01D9362 53720 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_b7151553-42f9-484a-916e-2dbed692b981\PCGAppControlPluginLoader.exe
2015-01-16 22:14:32 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\20D52325-7116-48D4-AAF8-E4D5449008FB\DismHost.exe
2015-01-16 22:05:04 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\0243E42A-0FC4-476D-AD78-73C057D6FC89\DismHost.exe
2015-01-16 22:00:01 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\8013B9C4-0DC0-4A26-B751-8B94E968D172\DismHost.exe
=== C: other files ==
2015-01-22 20:40:08 E05770D0C2CD3B7A15FE0CA5EA5094C0 4176437 ----a-w- C:\Users\AcerPC\Downloads\tdsskiller.zip
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-1094781392-2095679774-3273041629-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS5.5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe -launchedbylogin"
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "
 
==== Startup Folders ======================
 
2014-12-03 20:34:16 1154 ----a-w- C:\Users\AcerPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/05/2014 02:26 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d00438f82443a8.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/05/2014 02:26 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/05/2014 02:26 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d00438f8e6ccbf.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/05/2014 02:26 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-SSVNORMANDYSR1-AcerPC" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe]
"C:\Windows\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe]
"C:\Windows\SysNative\tasks\Dolby Selector" [C:\Program Files\Dolby Digital Plus\ddp.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d00438f82443a8" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d00438f8e6ccbf" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HIDMonitor" [C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe]
"C:\Windows\SysNative\tasks\Launch Screen Grasp_First" ["C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe"]
"C:\Windows\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"]
"C:\Windows\SysNative\tasks\Prelauncher" ["C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe"]
"C:\Windows\SysNative\tasks\prelauncher_First" ["C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe"]
"C:\Windows\SysNative\tasks\Screen Grasp GestureDetection" ["C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{1DBBDAE0-BE53-4E4C-AA36-E7E299465C75}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\SysNative\tasks\Recovery Management\Notification" [C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe]
"C:\Windows\SysNative\tasks\Theft Shield\AcerTheftShieldTask" [C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [12/05/2014 03:24 PM]
 
==== Chromium Look ======================
 
Google Chrome Version: 40.0.2214.91 (Possible outdated, latest Stable version: 39.0.2171.99)
 
 
Google Voice Search Hotword (Beta) - AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
WOT - AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
CPDD-Floral - AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eleaanohmbjpeldodmjmdiilebpgcalg
Google Dictionary (by Google) - AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja
Send from Gmail (by Google) - AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc
 
==== Chromium Fix ======================
 
C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_healthfinder.gov_0.localstorage deleted successfully
C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_healthfinder.gov_0.localstorage-journal deleted successfully
C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{54C4C0A3-D418-44DA-A42B-4F5BEA64CF4E} Unknown  Url="Not_Found"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1094781392-2095679774-3273041629-1001\Software\Microsoft\Internet Explorer\SearchScopes\{54C4C0A3-D418-44DA-A42B-4F5BEA64CF4E} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\AcerPC\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\AcerPC\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\AcerPC\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\AcerPC\AppData\Local\Microsoft\Windows\INetCache\IE\IS42EQEG will be deleted at reboot
C:\Users\AcerPC\AppData\Local\Microsoft\Windows\INetCache\IE\KEUZD787 will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=4394 folders=256 582288304 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\AcerPC\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\AcerPC\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\PROGRA~2\AVG Web TuneUp"  not found
"C:\Users\AcerPC\AppData\Local\Microsoft\Windows\INetCache\IE\IS42EQEG" not found
"C:\Users\AcerPC\AppData\Local\Microsoft\Windows\INetCache\IE\KEUZD787" not found
 
==== EOF on Fri 01/23/2015 at 15:50:32.77 ======================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 23 January 2015 - 05:15 PM

Hi,
how is the computer running right now?
Please give me some time to review your logs. I will post further instructions before monday. Is that OK for you?
Have a nice weekend! :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 sparklynnprez

sparklynnprez
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 23 January 2015 - 05:20 PM

It seems to be running well enough -- however, I am still worried about the host items that showed up when I ran minitoolbox. I can post the log from that if you like. 

 

Monday is totally fine - I won't have this computer with me over the weekend so I will reply first thing monday morning.

 

Thanks again for all of your help! I would have no idea what to do on my own!



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 23 January 2015 - 05:25 PM

I am still worried about the host items that showed up when I ran minitoolbox.

:lol: The hosts file has been replaced by Zoek... So you can enjoy your weekend maybe even more. :)


Edited by deeprybka, 23 January 2015 - 05:26 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 sparklynnprez

sparklynnprez
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 23 January 2015 - 05:39 PM

Ok - well I guess let me know once you are able to go through those logs! If it's ok, I wanna check on this issue with minitoolbox once we're done with everything just to be totally sure. Thanks again and talk to you on Monday!



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 23 January 2015 - 05:45 PM

:thumbup2:


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 25 January 2015 - 02:54 PM

Hi,
I hope you had a nice weekend! :)

Please go ahead with this step:

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 sparklynnprez

sparklynnprez
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 27 January 2015 - 03:47 PM

Hi - I have not forgotten about this post! I have been home sick from work and have not had access to my work computer yet. :( I will be in the office tomorrow to complete this step! So sorry for the inconvenience!



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 27 January 2015 - 03:58 PM

OK... :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 sparklynnprez

sparklynnprez
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 28 January 2015 - 11:24 AM

I'm back! Here is the info you requested: 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by AcerPC (administrator) on SSVNORMANDYSR1 on 28-01-2015 10:20:08
Running from C:\Users\AcerPC\Desktop
Loaded Profiles: AcerPC (Available profiles: AcerPC)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-10-01] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1094781392-2095679774-3273041629-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22058080 2014-10-01] (Skype Technologies S.A.)
Startup: C:\Users\AcerPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1094781392-2095679774-3273041629-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1094781392-2095679774-3273041629-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1094781392-2095679774-3273041629-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-12-05]
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-12-03]
CHR Extension: (Google Docs) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]
CHR Extension: (Google Drive) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-03]
CHR Extension: (WOT) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-12-03]
CHR Extension: (YouTube) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]
CHR Extension: (Adblock Plus) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-03]
CHR Extension: (Google Search) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]
CHR Extension: (CPDD-Floral) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eleaanohmbjpeldodmjmdiilebpgcalg [2014-12-03]
CHR Extension: (Google Sheets) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-12-03]
CHR Extension: (Google Wallet) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-12-03]
CHR Extension: (Gmail) - C:\Users\AcerPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-10-01] (ELAN Microelectronics Corp.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2015-01-05] (RaMMicHaeL)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [347176 2013-08-13] (Acer Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-12-03] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-18] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-22] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 10:19 - 2015-01-28 10:19 - 00000000 ____D () C:\Users\AcerPC\Desktop\FRST-OlderVersion
2015-01-23 15:49 - 2015-01-23 15:22 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-23 15:24 - 2015-01-23 15:50 - 00031430 _____ () C:\zoek-results.log
2015-01-23 15:22 - 2015-01-23 15:45 - 00000000 ____D () C:\zoek_backup
2015-01-23 15:22 - 2015-01-23 15:22 - 01295360 _____ () C:\Users\AcerPC\Desktop\zoek.exe
2015-01-23 14:16 - 2015-01-23 14:16 - 00034354 _____ () C:\Users\AcerPC\Desktop\Addition.txt
2015-01-23 14:14 - 2015-01-28 10:21 - 00024681 _____ () C:\Users\AcerPC\Desktop\FRST.txt
2015-01-23 14:14 - 2015-01-28 10:20 - 00000000 ____D () C:\FRST
2015-01-23 13:09 - 2015-01-28 10:19 - 02130432 _____ (Farbar) C:\Users\AcerPC\Desktop\FRST64.exe
2015-01-23 12:49 - 2015-01-23 16:19 - 00001393 _____ () C:\Users\AcerPC\Desktop\Result.txt
2015-01-23 12:48 - 2015-01-23 12:48 - 00401920 _____ (Farbar) C:\Users\AcerPC\Desktop\MiniToolBox.exe
2015-01-22 16:32 - 2015-01-22 16:32 - 00075000 _____ () C:\Users\AcerPC\Downloads\PGRDeclarationsPage.html
2015-01-22 16:11 - 2015-01-22 17:31 - 00000000 ____D () C:\AdwCleaner
2015-01-22 16:10 - 2015-01-22 16:10 - 02186752 _____ () C:\Users\AcerPC\Downloads\AdwCleaner.exe
2015-01-22 16:10 - 2015-01-22 16:10 - 02186752 _____ () C:\Users\AcerPC\Desktop\AdwCleaner (1).exe
2015-01-22 14:41 - 2015-01-23 15:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\AcerPC\Desktop\tdsskiller.exe
2015-01-22 14:40 - 2015-01-22 14:40 - 04176437 _____ () C:\Users\AcerPC\Downloads\tdsskiller.zip
2015-01-22 14:40 - 2015-01-22 08:42 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\AcerPC\Downloads\TDSSKiller.exe
2015-01-15 16:18 - 2015-01-15 16:18 - 00000000 ____D () C:\KMUPDcache
2015-01-14 15:23 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:23 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:23 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 15:23 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 15:23 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 15:23 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 15:23 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 15:23 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:23 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 15:23 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 15:23 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 15:23 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 15:23 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 15:23 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 15:23 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 15:23 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 15:23 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 15:23 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 15:23 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 15:23 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 15:23 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 15:23 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 15:23 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 15:23 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 15:23 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 10:44 - 2015-01-12 10:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-01-12 10:44 - 2015-01-12 10:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-01-09 14:43 - 2015-01-15 16:18 - 00000000 ____D () C:\Program Files\KONICA MINOLTA
2015-01-09 14:41 - 2007-11-16 07:57 - 00017408 _____ () C:\Windows\system32\KOBJKA_L.DLL
2015-01-09 14:41 - 2007-11-08 11:15 - 00015360 _____ () C:\Windows\system32\KOBJKJ_L.DLL
2015-01-09 10:30 - 2015-01-09 14:48 - 00000000 ____D () C:\Users\AcerPC\Downloads\biz 20 driver
2015-01-09 10:29 - 2015-01-09 14:41 - 00000000 ____D () C:\Users\AcerPC\Downloads\color driver
2015-01-08 12:49 - 2014-11-14 14:12 - 00000000 ____D () C:\Users\AcerPC\Downloads\KM_UniversalDriver_PS_v2.60.0.0_x86
2015-01-08 11:17 - 2015-01-08 11:20 - 70956112 _____ () C:\Users\AcerPC\Downloads\KM_UniversalDriver_PS_v2.60.0.0_x86.zip
2015-01-06 11:04 - 2015-01-06 11:07 - 00000000 ____D () C:\Users\AcerPC\Downloads\Translation
2015-01-05 09:46 - 2015-01-05 09:46 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 10:20 - 2014-12-03 14:40 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-28 10:20 - 2014-10-29 11:25 - 01886511 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 10:20 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-28 10:17 - 2014-12-03 14:33 - 00000000 ____D () C:\Users\AcerPC\AppData\Roaming\Dropbox
2015-01-28 10:17 - 2014-12-03 13:36 - 00000000 ___RD () C:\Users\AcerPC\Dropbox
2015-01-28 10:17 - 2014-11-19 14:39 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00438f82443a8.job
2015-01-28 10:17 - 2014-11-18 12:13 - 00000000 ____D () C:\Users\AcerPC\AppData\Roaming\Skype
2015-01-28 10:17 - 2014-11-05 14:26 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 10:17 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-23 18:44 - 2014-11-19 14:39 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00438f8e6ccbf.job
2015-01-23 18:44 - 2014-11-05 14:26 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 16:27 - 2014-10-29 16:12 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1094781392-2095679774-3273041629-1001
2015-01-23 16:27 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-23 15:54 - 2014-02-28 08:00 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 15:50 - 2014-02-28 07:52 - 00068808 _____ () C:\Windows\PFRO.log
2015-01-23 15:50 - 2013-08-22 08:46 - 00021409 _____ () C:\Windows\setupact.log
2015-01-23 15:50 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 15:49 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-22 13:42 - 2014-12-03 14:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 13:31 - 2014-12-03 14:37 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 18:15 - 2014-12-05 15:58 - 00000000 ____D () C:\Users\AcerPC\AppData\Local\Microsoft Help
2015-01-21 15:46 - 2014-11-05 14:26 - 00002167 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-19 15:32 - 2013-08-22 09:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-19 15:32 - 2013-08-22 09:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 15:13 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-15 17:41 - 2014-11-05 14:27 - 00000000 ____D () C:\Users\AcerPC\AppData\Local\Adobe
2015-01-15 15:24 - 2014-12-05 16:10 - 00000000 ____D () C:\Users\AcerPC\AppData\Local\Deployment
2015-01-14 17:49 - 2014-12-10 12:49 - 00010340 _____ () C:\Users\AcerPC\Downloads\bills spreadsheet.xlsx
2015-01-13 00:40 - 2014-10-29 13:36 - 00000000 ____D () C:\Users\AcerPC\AppData\Roaming\Adobe
2015-01-12 16:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-12 10:44 - 2014-12-03 14:43 - 00000945 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-12 10:44 - 2014-12-03 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-05 18:02 - 2014-12-03 14:38 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 18:02 - 2014-12-03 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 18:02 - 2014-12-03 14:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 10:51 - 2014-12-03 14:37 - 00000000 ____D () C:\Users\AcerPC\AppData\Roaming\Apple Computer
2015-01-05 09:49 - 2014-12-03 14:34 - 00000000 ____D () C:\Users\AcerPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-05 09:49 - 2014-12-03 13:36 - 00001036 _____ () C:\Users\AcerPC\Desktop\Dropbox.lnk
 
==================== Files in the root of some directories =======
 
2014-10-29 12:04 - 2014-10-29 12:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-29 16:20 - 2014-10-29 16:20 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some content of TEMP:
====================
C:\Users\AcerPC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw9tycf.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-20 12:58
 
==================== End Of Log ============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by AcerPC at 2015-01-28 10:22:02
Running from C:\Users\AcerPC\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.01.3004 - Acer Incorporated)
Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.8102 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.00.3013 - Acer Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{9C542173-96F0-435D-A95C-468CAAC75EA0}) (Version: 10.2.153.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4273 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dragon Assistant Application en-US version 1.5.10 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.10 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.12 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.12 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.10 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.10 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.4 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.4 - Nuance Communications, Inc.)
Dropbox (HKU\S-1-5-21-1094781392-2095679774-3273041629-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ETDWare PS/2-X64 11.6.28.201_WHQL (HKLM\...\Elantech) (Version: 11.6.28.201 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{6E55C9F8-138E-4128-8A9F-6464725BE98A}) (Version: 1.0.102.0 - Condusiv Technologies)
Google Chrome (HKLM-x32\...\{22ACCF34-7FF3-3990-B0DA-697C8A16F121}) (Version: 66.19.16495 - Google, Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HID Monitor (HKLM-x32\...\{7D00AB67-B37B-4CEF-9375-D8BE973AE7A6}) (Version: 1.1.5 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KONICA MINOLTA magicolor 5650 (HKLM\...\KONICA MINOLTA magicolor 5650 Installer) (Version:  - KONICA MINOLTA)
KONICA MINOLTA Universal PS (HKLM\...\KONICA MINOLTA Universal PS) (Version:  - KONICA MINOLTA)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pokki Start Menu (HKU\S-1-5-21-1094781392-2095679774-3273041629-1001\...\Pokki_Start_Menu) (Version: 0.269.5.367 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21238 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.)
Soluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unchecky v0.3.6 (HKLM-x32\...\Unchecky) (Version: 0.3.6 - RaMMicHaeL)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1094781392-2095679774-3273041629-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094781392-2095679774-3273041629-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094781392-2095679774-3273041629-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094781392-2095679774-3273041629-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094781392-2095679774-3273041629-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094781392-2095679774-3273041629-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094781392-2095679774-3273041629-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094781392-2095679774-3273041629-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094781392-2095679774-3273041629-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
14-01-2015 11:11:12 Scheduled Checkpoint
20-01-2015 12:58:31 Windows Update
23-01-2015 15:24:20 zoek.exe restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2015-01-28 10:20 - 00001922 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
 
There are 5 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {19F55765-68CD-4AF3-94C8-4439234600F9} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-07-01] (Acer Incorporated)
Task: {2341B389-BB23-4236-9A67-3D2A364D7816} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {38E08E66-1DE9-40A1-AE6F-B44461748799} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-08-26] (Acer Incorporated)
Task: {41692E71-FCFA-48A9-AF73-4D77D9DD2E9A} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {41F9FD07-CD40-4B81-93BF-C7C5ABDF0D16} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {44172A93-7E9F-4513-AFC7-A983E08008B9} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-07-01] (Acer Incorporated)
Task: {5D3DAAB5-33E7-41AE-B138-4D45E8404893} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-08-12] (Acer Incorporated)
Task: {6206B3FB-A552-4544-BAF0-8AD53E199764} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {86BF90D3-5F9E-4291-9B92-3F536386FED1} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-07-08] (Dolby Laboratories Inc.)
Task: {9E7FDD23-0B03-457B-9544-D554F7C151C4} - System32\Tasks\GoogleUpdateTaskMachineCore1d00438f82443a8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05] (Google Inc.)
Task: {A787E65B-BD7E-4127-AF6E-5C870B767425} - System32\Tasks\GoogleUpdateTaskMachineUA1d00438f8e6ccbf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05] (Google Inc.)
Task: {A9D41059-45DE-436A-9486-D3E786BD1799} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {B07E489B-93DB-4CE7-ACAD-089B5E3E04F0} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {BCADEB94-E3BF-40EF-BF86-6CE03DB9200B} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2013-08-13] (Acer Incorporated)
Task: {C87AD69B-0DE5-49B5-97C0-730985E5D06D} - System32\Tasks\AdobeAAMUpdater-1.0-SSVNORMANDYSR1-AcerPC => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {C9A58E13-DD94-4BB1-8C0B-15E196F49AF2} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {DB5F879D-DFD1-4C27-B380-51FF0A0CC1B1} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {DB8B6FE3-314B-49FA-9EA1-59639B7D58AA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DE5290DA-525F-4FAE-BC6A-A82098874F0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05] (Google Inc.)
Task: {F02EF566-BBD4-42EA-8DD2-B98630A627A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d00438f82443a8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d00438f8e6ccbf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-09 14:41 - 2007-11-08 11:15 - 00015360 _____ () C:\Windows\System32\KOBJKJ_L.dll
2015-01-09 14:41 - 2007-11-16 07:57 - 00017408 _____ () C:\Windows\System32\KOBJKA_L.dll
2014-05-12 03:49 - 2014-05-12 03:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-08-23 15:02 - 2012-08-23 15:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
2013-07-08 19:53 - 2013-07-08 19:53 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-29 12:20 - 2013-07-02 15:30 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2014-10-29 12:20 - 2013-07-02 15:30 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2014-10-29 12:20 - 2013-07-02 15:30 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2014-10-29 12:20 - 2013-07-02 15:30 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2014-10-29 12:20 - 2013-07-02 15:30 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2014-10-29 12:20 - 2013-07-02 15:30 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2014-10-29 12:20 - 2013-07-02 15:29 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2014-10-29 11:40 - 2013-09-03 17:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-01-04 17:19 - 2013-01-04 17:19 - 00035336 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00750080 _____ () C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-28 10:17 - 2015-01-28 10:17 - 00043008 _____ () c:\users\acerpc\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw9tycf.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00047616 _____ () C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00863744 _____ () C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00200704 _____ () C:\Users\AcerPC\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-28 10:20 - 2015-01-28 10:20 - 00058880 _____ () C:\Program Files (x86)\Unchecky\bin\collector.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
AcerPC (S-1-5-21-1094781392-2095679774-3273041629-1001 - Administrator - Enabled) => C:\Users\AcerPC
Administrator (S-1-5-21-1094781392-2095679774-3273041629-500 - Administrator - Disabled)
Guest (S-1-5-21-1094781392-2095679774-3273041629-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2015 07:03:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSVNORMANDYSR1)
Description: Activation of app Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/23/2015 06:07:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSVNORMANDYSR1)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/23/2015 05:05:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSVNORMANDYSR1)
Description: Activation of app Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/23/2015 04:20:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSVNORMANDYSR1)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/23/2015 03:10:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSVNORMANDYSR1)
Description: Activation of app Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/23/2015 02:10:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSVNORMANDYSR1)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/23/2015 01:53:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/23/2015 01:53:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/23/2015 01:53:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/23/2015 01:53:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (01/23/2015 04:27:54 PM) (Source: DCOM) (EventID: 10010) (User: SSVNORMANDYSR1)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (01/23/2015 04:27:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - January 2015 (KB890830).
 
Error: (01/23/2015 03:49:14 PM) (Source: DCOM) (EventID: 10010) (User: SSVNORMANDYSR1)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (01/23/2015 03:40:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/23/2015 03:40:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/23/2015 03:40:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/23/2015 03:40:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/23/2015 03:40:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/23/2015 03:24:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (01/23/2015 03:16:37 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
 
Microsoft Office Sessions:
=========================
Error: (01/23/2015 07:03:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSVNORMANDYSR1)
Description: Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel-2144927148
 
Error: (01/23/2015 06:07:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSVNORMANDYSR1)
Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2144927148
 
Error: (01/23/2015 05:05:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSVNORMANDYSR1)
Description: Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel-2144927148
 
Error: (01/23/2015 04:20:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSVNORMANDYSR1)
Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2144927148
 
Error: (01/23/2015 03:10:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSVNORMANDYSR1)
Description: Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel-2144927148
 
Error: (01/23/2015 02:10:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSVNORMANDYSR1)
Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2144927148
 
Error: (01/23/2015 01:53:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll
 
Error: (01/23/2015 01:53:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll
 
Error: (01/23/2015 01:53:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll
 
Error: (01/23/2015 01:53:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 25%
Total physical RAM: 8072.27 MB
Available physical RAM: 5989.73 MB
Total Pagefile: 10888.27 MB
Available Pagefile: 8308.94 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:447.25 GB) (Free:300.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 18EF3C5B)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: A4A3CA3A)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:17 AM

Posted 28 January 2015 - 11:50 AM

Hi,

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   457bytes   4 downloads

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users