Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected


  • This topic is locked This topic is locked
16 replies to this topic

#1 JoanaV

JoanaV

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 03 March 2015 - 04:27 PM

Hey guys I am pretty sure my Samsung is infected deeply and I did everything I could to deal with the issue, but unfortunately my abilities only go so far. Laptop is very slow, unresponsive and difficult to use in the past year or so. Whenever I try to open the NativeImages or Catroot folders, it freezes and won't let me continue. I changed over 10 antivirus programs as no one could remove the virus. I am currently with Panda, but it is weak,
Here is my TDSS Killer report. Please help me!

21:17:49.0601 0x13b0  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:17:53.0512 0x13b0  ============================================================
21:17:53.0513 0x13b0  Current date / time: 2015/03/03 21:17:53.0512
21:17:53.0513 0x13b0  SystemInfo:
21:17:53.0513 0x13b0  
21:17:53.0513 0x13b0  OS Version: 6.1.7601 ServicePack: 1.0
21:17:53.0513 0x13b0  Product type: Workstation
21:17:53.0513 0x13b0  ComputerName: JOANNA-PC
21:17:53.0514 0x13b0  UserName: Joanna
21:17:53.0514 0x13b0  Windows directory: C:\Windows
21:17:53.0515 0x13b0  System windows directory: C:\Windows
21:17:53.0515 0x13b0  Running under WOW64
21:17:53.0515 0x13b0  Processor architecture: Intel x64
21:17:53.0515 0x13b0  Number of processors: 2
21:17:53.0515 0x13b0  Page size: 0x1000
21:17:53.0515 0x13b0  Boot type: Normal boot
21:17:53.0515 0x13b0  ============================================================
21:18:00.0552 0x13b0  KLMD registered as C:\Windows\system32\drivers\40295291.sys
21:18:00.0781 0x13b0  System UUID: {949E891C-8B10-0783-0F1B-85F2D4EB56F7}
21:18:01.0184 0x13b0  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:18:01.0188 0x13b0  ============================================================
21:18:01.0188 0x13b0  \Device\Harddisk0\DR0:
21:18:01.0189 0x13b0  MBR partitions:
21:18:01.0189 0x13b0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A383000
21:18:01.0189 0x13b0  ============================================================
21:18:01.0202 0x13b0  C: <-> \Device\Harddisk0\DR0\Partition1
21:18:01.0202 0x13b0  ============================================================
21:18:01.0203 0x13b0  Initialize success
21:18:01.0203 0x13b0  ============================================================
21:18:19.0532 0x1184  ============================================================
21:18:19.0532 0x1184  Scan started
21:18:19.0532 0x1184  Mode: Manual; SigCheck; TDLFS; 
21:18:19.0532 0x1184  ============================================================
21:18:19.0532 0x1184  KSN ping started
21:18:25.0025 0x1184  KSN ping finished: true
21:18:27.0062 0x1184  ================ Scan system memory ========================
21:18:27.0062 0x1184  System memory - ok
21:18:27.0063 0x1184  ================ Scan services =============================
21:18:27.0307 0x1184  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:18:27.0433 0x1184  1394ohci - ok
21:18:27.0484 0x1184  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:18:27.0510 0x1184  ACPI - ok
21:18:27.0618 0x1184  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:18:27.0688 0x1184  AcpiPmi - ok
21:18:27.0943 0x1184  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:18:27.0978 0x1184  AdobeARMservice - ok
21:18:28.0083 0x1184  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:18:28.0118 0x1184  adp94xx - ok
21:18:28.0152 0x1184  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:18:28.0175 0x1184  adpahci - ok
21:18:28.0198 0x1184  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:18:28.0216 0x1184  adpu320 - ok
21:18:28.0250 0x1184  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:18:28.0316 0x1184  AeLookupSvc - ok
21:18:28.0414 0x1184  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
21:18:28.0478 0x1184  AFD - ok
21:18:28.0513 0x1184  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:18:28.0528 0x1184  agp440 - ok
21:18:28.0569 0x1184  [ 913C625EB03E0F917BF934734369EC54, DF69D59B2570DAEBB39C217B59B713D5726AB32174FD01C83210A20255842365 ] ALCATELUSB      C:\Windows\system32\Drivers\AlcatelUsb.sys
21:18:28.0614 0x1184  ALCATELUSB - ok
21:18:28.0644 0x1184  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:18:28.0678 0x1184  ALG - ok
21:18:28.0719 0x1184  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:18:28.0747 0x1184  aliide - ok
21:18:28.0775 0x1184  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:18:28.0792 0x1184  amdide - ok
21:18:28.0804 0x1184  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:18:28.0854 0x1184  AmdK8 - ok
21:18:28.0873 0x1184  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:18:28.0911 0x1184  AmdPPM - ok
21:18:28.0963 0x1184  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:18:28.0992 0x1184  amdsata - ok
21:18:29.0017 0x1184  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:18:29.0037 0x1184  amdsbs - ok
21:18:29.0052 0x1184  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:18:29.0065 0x1184  amdxata - ok
21:18:29.0089 0x1184  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
21:18:29.0149 0x1184  AppID - ok
21:18:29.0182 0x1184  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:18:29.0243 0x1184  AppIDSvc - ok
21:18:29.0273 0x1184  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
21:18:29.0308 0x1184  Appinfo - ok
21:18:29.0333 0x1184  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:18:29.0349 0x1184  arc - ok
21:18:29.0370 0x1184  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:18:29.0385 0x1184  arcsas - ok
21:18:29.0532 0x1184  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:18:29.0563 0x1184  aspnet_state - ok
21:18:29.0597 0x1184  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:18:29.0672 0x1184  AsyncMac - ok
21:18:29.0710 0x1184  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:18:29.0724 0x1184  atapi - ok
21:18:29.0804 0x1184  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:18:29.0869 0x1184  AudioEndpointBuilder - ok
21:18:29.0893 0x1184  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:18:29.0924 0x1184  AudioSrv - ok
21:18:29.0976 0x1184  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:18:29.0999 0x1184  AxInstSV - ok
21:18:30.0066 0x1184  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:18:30.0106 0x1184  b06bdrv - ok
21:18:30.0158 0x1184  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:18:30.0208 0x1184  b57nd60a - ok
21:18:30.0255 0x1184  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:18:30.0274 0x1184  BDESVC - ok
21:18:30.0305 0x1184  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:18:30.0348 0x1184  Beep - ok
21:18:30.0416 0x1184  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:18:30.0463 0x1184  BFE - ok
21:18:30.0509 0x1184  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
21:18:30.0582 0x1184  BITS - ok
21:18:30.0615 0x1184  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:18:30.0649 0x1184  blbdrive - ok
21:18:30.0705 0x1184  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:18:30.0736 0x1184  bowser - ok
21:18:30.0767 0x1184  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:18:30.0791 0x1184  BrFiltLo - ok
21:18:30.0810 0x1184  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:18:30.0853 0x1184  BrFiltUp - ok
21:18:30.0919 0x1184  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:18:30.0973 0x1184  Browser - ok
21:18:31.0014 0x1184  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:18:31.0065 0x1184  Brserid - ok
21:18:31.0088 0x1184  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:18:31.0130 0x1184  BrSerWdm - ok
21:18:31.0152 0x1184  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:18:31.0192 0x1184  BrUsbMdm - ok
21:18:31.0211 0x1184  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:18:31.0232 0x1184  BrUsbSer - ok
21:18:31.0279 0x1184  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:18:31.0340 0x1184  BthEnum - ok
21:18:31.0359 0x1184  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:18:31.0419 0x1184  BTHMODEM - ok
21:18:31.0447 0x1184  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:18:31.0498 0x1184  BthPan - ok
21:18:31.0559 0x1184  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
21:18:31.0592 0x1184  BTHPORT - ok
21:18:31.0636 0x1184  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:18:31.0736 0x1184  bthserv - ok
21:18:31.0793 0x1184  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
21:18:31.0819 0x1184  BTHUSB - ok
21:18:31.0855 0x1184  [ 40C6FEC49D1CC4D112368A2BCD2BCBB7, E9ECEAA4F740A667C071EDEA1359491B221E5AA43A990744859CA7CC40E67F6C ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
21:18:31.0877 0x1184  btmhsf - ok
21:18:31.0916 0x1184  cbfs5 - ok
21:18:31.0932 0x1184  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:18:31.0974 0x1184  cdfs - ok
21:18:32.0033 0x1184  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:18:32.0062 0x1184  cdrom - ok
21:18:32.0098 0x1184  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:18:32.0150 0x1184  CertPropSvc - ok
21:18:32.0171 0x1184  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:18:32.0203 0x1184  circlass - ok
21:18:32.0238 0x1184  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
21:18:32.0260 0x1184  CLFS - ok
21:18:32.0320 0x1184  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:18:32.0348 0x1184  clr_optimization_v2.0.50727_32 - ok
21:18:32.0392 0x1184  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:18:32.0406 0x1184  clr_optimization_v2.0.50727_64 - ok
21:18:32.0475 0x1184  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:18:32.0505 0x1184  clr_optimization_v4.0.30319_32 - ok
21:18:32.0522 0x1184  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:18:32.0539 0x1184  clr_optimization_v4.0.30319_64 - ok
21:18:32.0572 0x1184  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:18:32.0612 0x1184  CmBatt - ok
21:18:32.0642 0x1184  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:18:32.0656 0x1184  cmdide - ok
21:18:32.0730 0x1184  [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:18:32.0763 0x1184  CNG - ok
21:18:32.0797 0x1184  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:18:32.0810 0x1184  Compbatt - ok
21:18:32.0824 0x1184  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:18:32.0848 0x1184  CompositeBus - ok
21:18:32.0857 0x1184  COMSysApp - ok
21:18:32.0872 0x1184  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:18:32.0884 0x1184  crcdisk - ok
21:18:32.0944 0x1184  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:18:32.0994 0x1184  CryptSvc - ok
21:18:33.0063 0x1184  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:18:33.0132 0x1184  DcomLaunch - ok
21:18:33.0169 0x1184  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:18:33.0226 0x1184  defragsvc - ok
21:18:33.0246 0x1184  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:18:33.0285 0x1184  DfsC - ok
21:18:33.0328 0x1184  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:18:33.0365 0x1184  Dhcp - ok
21:18:33.0394 0x1184  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:18:33.0441 0x1184  discache - ok
21:18:33.0490 0x1184  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
21:18:33.0517 0x1184  Disk - ok
21:18:33.0551 0x1184  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:18:33.0572 0x1184  Dnscache - ok
21:18:33.0613 0x1184  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:18:33.0665 0x1184  dot3svc - ok
21:18:33.0690 0x1184  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:18:33.0741 0x1184  DPS - ok
21:18:33.0798 0x1184  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:18:33.0840 0x1184  drmkaud - ok
21:18:33.0888 0x1184  [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:18:33.0913 0x1184  dtsoftbus01 - ok
21:18:33.0980 0x1184  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:18:34.0020 0x1184  DXGKrnl - ok
21:18:34.0075 0x1184  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:18:34.0146 0x1184  EapHost - ok
21:18:34.0301 0x1184  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:18:34.0422 0x1184  ebdrv - ok
21:18:34.0451 0x1184  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS             C:\Windows\System32\lsass.exe
21:18:34.0483 0x1184  EFS - ok
21:18:34.0587 0x1184  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:18:34.0646 0x1184  ehRecvr - ok
21:18:34.0672 0x1184  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:18:34.0700 0x1184  ehSched - ok
21:18:34.0774 0x1184  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:18:34.0802 0x1184  elxstor - ok
21:18:34.0826 0x1184  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:18:34.0880 0x1184  ErrDev - ok
21:18:34.0951 0x1184  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:18:35.0019 0x1184  EventSystem - ok
21:18:35.0039 0x1184  ew_hwusbdev - ok
21:18:35.0053 0x1184  ew_usbenumfilter - ok
21:18:35.0091 0x1184  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:18:35.0147 0x1184  exfat - ok
21:18:35.0172 0x1184  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:18:35.0231 0x1184  fastfat - ok
21:18:35.0280 0x1184  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:18:35.0313 0x1184  Fax - ok
21:18:35.0326 0x1184  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
21:18:35.0354 0x1184  fdc - ok
21:18:35.0398 0x1184  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:18:35.0482 0x1184  fdPHost - ok
21:18:35.0501 0x1184  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:18:35.0559 0x1184  FDResPub - ok
21:18:35.0597 0x1184  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:18:35.0610 0x1184  FileInfo - ok
21:18:35.0627 0x1184  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:18:35.0675 0x1184  Filetrace - ok
21:18:35.0689 0x1184  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:18:35.0722 0x1184  flpydisk - ok
21:18:35.0752 0x1184  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:18:35.0771 0x1184  FltMgr - ok
21:18:35.0883 0x1184  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
21:18:35.0949 0x1184  FontCache - ok
21:18:36.0005 0x1184  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:18:36.0034 0x1184  FontCache3.0.0.0 - ok
21:18:36.0072 0x1184  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:18:36.0089 0x1184  FsDepends - ok
21:18:36.0121 0x1184  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:18:36.0134 0x1184  Fs_Rec - ok
21:18:36.0173 0x1184  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:18:36.0196 0x1184  fvevol - ok
21:18:36.0224 0x1184  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:18:36.0239 0x1184  gagp30kx - ok
21:18:36.0257 0x1184  GLOBUL Connection Manager. RunOuc - ok
21:18:36.0315 0x1184  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:18:36.0388 0x1184  gpsvc - ok
21:18:36.0500 0x1184  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:18:36.0527 0x1184  gusvc - ok
21:18:36.0560 0x1184  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:18:36.0582 0x1184  hcw85cir - ok
21:18:36.0629 0x1184  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:18:36.0669 0x1184  HdAudAddService - ok
21:18:36.0705 0x1184  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:18:36.0726 0x1184  HDAudBus - ok
21:18:36.0740 0x1184  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:18:36.0770 0x1184  HidBatt - ok
21:18:36.0791 0x1184  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:18:36.0811 0x1184  HidBth - ok
21:18:36.0821 0x1184  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:18:36.0856 0x1184  HidIr - ok
21:18:36.0888 0x1184  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
21:18:36.0942 0x1184  hidserv - ok
21:18:36.0988 0x1184  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
21:18:37.0003 0x1184  HidUsb - ok
21:18:37.0027 0x1184  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:18:37.0088 0x1184  hkmsvc - ok
21:18:37.0116 0x1184  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:18:37.0137 0x1184  HomeGroupListener - ok
21:18:37.0174 0x1184  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:18:37.0231 0x1184  HomeGroupProvider - ok
21:18:37.0283 0x1184  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:18:37.0299 0x1184  HpSAMD - ok
21:18:37.0350 0x1184  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:18:37.0428 0x1184  HTTP - ok
21:18:37.0465 0x1184  huawei_cdcacm - ok
21:18:37.0469 0x1184  huawei_enumerator - ok
21:18:37.0486 0x1184  huawei_ext_ctrl - ok
21:18:37.0505 0x1184  huawei_wwanecm - ok
21:18:37.0532 0x1184  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:18:37.0545 0x1184  hwpolicy - ok
21:18:37.0589 0x1184  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:18:37.0607 0x1184  i8042prt - ok
21:18:37.0680 0x1184  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:18:37.0718 0x1184  iaStorV - ok
21:18:37.0746 0x1184  [ FC47F5CF561BF0FD897EFD1A9604DCCF, C304737F78A772051993A68BB06F860733A8650013A46946A854E47C892C252E ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
21:18:37.0787 0x1184  iBtFltCoex - ok
21:18:37.0896 0x1184  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:18:37.0936 0x1184  idsvc - ok
21:18:37.0956 0x1184  IEEtwCollectorService - ok
21:18:38.0407 0x1184  [ 8CB8667F5A3B5515F2585F3254F3AAF7, 068E3E513AFF0ADAAB5EB5C019F13DD6D0BF4E8D69B98CFFCBA0368E04674CA8 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:18:38.0787 0x1184  igfx - ok
21:18:38.0851 0x1184  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:18:38.0865 0x1184  iirsp - ok
21:18:38.0925 0x1184  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:18:38.0988 0x1184  IKEEXT - ok
21:18:39.0040 0x1184  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:18:39.0064 0x1184  IntcDAud - ok
21:18:39.0102 0x1184  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:18:39.0114 0x1184  intelide - ok
21:18:39.0143 0x1184  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:18:39.0182 0x1184  intelppm - ok
21:18:39.0216 0x1184  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:18:39.0259 0x1184  IPBusEnum - ok
21:18:39.0280 0x1184  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:18:39.0319 0x1184  IpFilterDriver - ok
21:18:39.0412 0x1184  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:18:39.0467 0x1184  iphlpsvc - ok
21:18:39.0474 0x1184  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:18:39.0490 0x1184  IPMIDRV - ok
21:18:39.0505 0x1184  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:18:39.0570 0x1184  IPNAT - ok
21:18:39.0598 0x1184  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:18:39.0618 0x1184  IRENUM - ok
21:18:39.0644 0x1184  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:18:39.0656 0x1184  isapnp - ok
21:18:39.0716 0x1184  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:18:39.0758 0x1184  iScsiPrt - ok
21:18:39.0816 0x1184  [ 5678EC677028221EC5C815BCD07AB697, 02FD1A0290A9A17823D24A0E55D4AB35C3F939C986AB8BB54C6248287466FE0D ] jrdusbser       C:\Windows\system32\DRIVERS\jrdusbser.sys
21:18:39.0848 0x1184  jrdusbser - ok
21:18:39.0877 0x1184  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:18:39.0892 0x1184  kbdclass - ok
21:18:39.0919 0x1184  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:18:39.0950 0x1184  kbdhid - ok
21:18:39.0964 0x1184  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso          C:\Windows\system32\lsass.exe
21:18:39.0980 0x1184  KeyIso - ok
21:18:40.0010 0x1184  [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:18:40.0026 0x1184  KSecDD - ok
21:18:40.0052 0x1184  [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:18:40.0070 0x1184  KSecPkg - ok
21:18:40.0097 0x1184  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:18:40.0159 0x1184  ksthunk - ok
21:18:40.0190 0x1184  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:18:40.0254 0x1184  KtmRm - ok
21:18:40.0315 0x1184  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:18:40.0397 0x1184  LanmanServer - ok
21:18:40.0442 0x1184  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:18:40.0501 0x1184  LanmanWorkstation - ok
21:18:40.0559 0x1184  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:18:40.0625 0x1184  lltdio - ok
21:18:40.0670 0x1184  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:18:40.0764 0x1184  lltdsvc - ok
21:18:40.0812 0x1184  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:18:40.0880 0x1184  lmhosts - ok
21:18:40.0898 0x1184  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:18:40.0912 0x1184  LSI_FC - ok
21:18:40.0931 0x1184  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:18:40.0945 0x1184  LSI_SAS - ok
21:18:40.0969 0x1184  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:18:40.0982 0x1184  LSI_SAS2 - ok
21:18:41.0000 0x1184  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:18:41.0014 0x1184  LSI_SCSI - ok
21:18:41.0032 0x1184  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:18:41.0073 0x1184  luafv - ok
21:18:41.0122 0x1184  MBAMSwissArmy - ok
21:18:41.0144 0x1184  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:18:41.0163 0x1184  Mcx2Svc - ok
21:18:41.0178 0x1184  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:18:41.0191 0x1184  megasas - ok
21:18:41.0254 0x1184  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:18:41.0282 0x1184  MegaSR - ok
21:18:41.0330 0x1184  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:18:41.0352 0x1184  MEIx64 - ok
21:18:41.0399 0x1184  [ B1720E97FABBDF7D30B36DAF19C3DEE8, 93F82FDA8FFB801B823792F3BFAB587ECB1AECC06AE76B2007631A910F827C94 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
21:18:41.0426 0x1184  mfeapfk - ok
21:18:41.0551 0x1184  [ EF0F85EDBDF6C0AB467E88E0CEE2B346, 2A7322D58DADF093D4BEBDE6DD6B85EEC70FC5F40CA786774200B917D5BE0CEA ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
21:18:41.0596 0x1184  mfehidk - ok
21:18:41.0645 0x1184  [ 341BFCAA3A55C08E8C9ECB1654ACA905, C81D87320192730EC6BDA932EEAC300793070FDF4FB7D1B9EE083F47A357690C ] mfevtp          C:\Windows\system32\mfevtps.exe
21:18:41.0663 0x1184  mfevtp - ok
21:18:41.0717 0x1184  [ 2802D09F1B6ED502237539563F3C4992, C95C7C4880FB8435C828C85599035F00500BD85B363E0842B4719792125CB9FE ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
21:18:41.0753 0x1184  mfewfpk - ok
21:18:41.0775 0x1184  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:18:41.0840 0x1184  MMCSS - ok
21:18:41.0878 0x1184  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:18:41.0933 0x1184  Modem - ok
21:18:42.0012 0x1184  Modem Device Helper - ok
21:18:42.0040 0x1184  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:18:42.0105 0x1184  monitor - ok
21:18:42.0155 0x1184  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:18:42.0185 0x1184  mouclass - ok
21:18:42.0217 0x1184  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:18:42.0270 0x1184  mouhid - ok
21:18:42.0304 0x1184  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:18:42.0335 0x1184  mountmgr - ok
21:18:42.0361 0x1184  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:18:42.0379 0x1184  mpio - ok
21:18:42.0456 0x1184  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:18:42.0532 0x1184  mpsdrv - ok
21:18:42.0590 0x1184  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:18:42.0655 0x1184  MpsSvc - ok
21:18:42.0715 0x1184  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:18:42.0757 0x1184  MRxDAV - ok
21:18:42.0820 0x1184  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:18:42.0855 0x1184  mrxsmb - ok
21:18:43.0055 0x1184  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:18:43.0108 0x1184  mrxsmb10 - ok
21:18:43.0124 0x1184  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:18:43.0159 0x1184  mrxsmb20 - ok
21:18:43.0200 0x1184  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:18:43.0221 0x1184  msahci - ok
21:18:43.0257 0x1184  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:18:43.0272 0x1184  msdsm - ok
21:18:43.0289 0x1184  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:18:43.0316 0x1184  MSDTC - ok
21:18:43.0341 0x1184  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:18:43.0379 0x1184  Msfs - ok
21:18:43.0401 0x1184  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:18:43.0454 0x1184  mshidkmdf - ok
21:18:43.0470 0x1184  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:18:43.0482 0x1184  msisadrv - ok
21:18:43.0540 0x1184  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:18:43.0639 0x1184  MSiSCSI - ok
21:18:43.0643 0x1184  msiserver - ok
21:18:43.0665 0x1184  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:18:43.0733 0x1184  MSKSSRV - ok
21:18:43.0756 0x1184  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:18:43.0798 0x1184  MSPCLOCK - ok
21:18:43.0839 0x1184  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:18:43.0896 0x1184  MSPQM - ok
21:18:43.0930 0x1184  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:18:43.0954 0x1184  MsRPC - ok
21:18:44.0136 0x1184  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:18:44.0169 0x1184  mssmbios - ok
21:18:44.0203 0x1184  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:18:44.0423 0x1184  MSTEE - ok
21:18:44.0451 0x1184  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:18:44.0497 0x1184  MTConfig - ok
21:18:44.0523 0x1184  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:18:44.0543 0x1184  Mup - ok
21:18:44.0819 0x1184  [ 395278D3A1C559D864EAF788587C581C, E20CCE48D031316BBA003179B87A2027ECB8CC760D6D4298F8A7C40E2E22357E ] NanoServiceMain C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
21:18:44.0848 0x1184  NanoServiceMain - ok
21:18:45.0065 0x1184  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:18:45.0139 0x1184  napagent - ok
21:18:45.0187 0x1184  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:18:45.0235 0x1184  NativeWifiP - ok
21:18:45.0337 0x1184  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:18:45.0379 0x1184  NDIS - ok
21:18:45.0409 0x1184  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:18:45.0471 0x1184  NdisCap - ok
21:18:45.0514 0x1184  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:18:45.0581 0x1184  NdisTapi - ok
21:18:45.0595 0x1184  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:18:45.0652 0x1184  Ndisuio - ok
21:18:45.0685 0x1184  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:18:45.0749 0x1184  NdisWan - ok
21:18:45.0778 0x1184  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:18:45.0820 0x1184  NDProxy - ok
21:18:45.0832 0x1184  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:18:45.0873 0x1184  NetBIOS - ok
21:18:45.0889 0x1184  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:18:45.0932 0x1184  NetBT - ok
21:18:45.0955 0x1184  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon        C:\Windows\system32\lsass.exe
21:18:45.0969 0x1184  Netlogon - ok
21:18:46.0017 0x1184  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:18:46.0067 0x1184  Netman - ok
21:18:46.0122 0x1184  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:18:46.0158 0x1184  NetMsmqActivator - ok
21:18:46.0174 0x1184  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:18:46.0201 0x1184  NetPipeActivator - ok
21:18:46.0233 0x1184  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:18:46.0302 0x1184  netprofm - ok
21:18:46.0309 0x1184  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:18:46.0327 0x1184  NetTcpActivator - ok
21:18:46.0334 0x1184  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:18:46.0351 0x1184  NetTcpPortSharing - ok
21:18:46.0693 0x1184  [ AC69618DE5BCCE8747C9AB0AAE1003C1, D975963FA338AB58684BE0556633F3A846D5360FAD1A5E11BB7A273474DFB64D ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
21:18:46.0943 0x1184  NETwNs64 - ok
21:18:46.0989 0x1184  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:18:47.0003 0x1184  nfrd960 - ok
21:18:47.0058 0x1184  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:18:47.0115 0x1184  NlaSvc - ok
21:18:47.0192 0x1184  [ ACC47D60E202EBA0A8A80768EC5D3C97, 3A26BA0A97201B55151D649DBCF048E0D72A933D4DDBE5FD415AB772C7C6C250 ] NNSALPC         C:\Windows\system32\DRIVERS\NNSAlpc.sys
21:18:47.0227 0x1184  NNSALPC - ok
21:18:47.0279 0x1184  [ 4C7EAD79B914ADE44D68171AFEEF2AB3, 78D805FFC0DF4EB3D36B43CFD05CF7F5AFCC81B196224A09834EB17FA4D29838 ] NNSHTTP         C:\Windows\system32\DRIVERS\NNSHttp.sys
21:18:47.0306 0x1184  NNSHTTP - ok
21:18:47.0344 0x1184  [ B40C57451477334E8A66F4823BE04AE3, B3E52FA1570D569F2C40716ED925E3D588489DF37D9639E3BA5B5C0AAFE91543 ] NNSHTTPS        C:\Windows\system32\DRIVERS\NNSHttps.sys
21:18:47.0370 0x1184  NNSHTTPS - ok
21:18:47.0393 0x1184  [ 222CF23D6FCEB616CA48BBA55FC4D5C0, DB61FEA4126005A226E88FD6590BC57B440047DFAC6531B3C91AFFEFB0AD6F6C ] NNSIDS          C:\Windows\system32\DRIVERS\NNSIds.sys
21:18:47.0408 0x1184  NNSIDS - ok
21:18:47.0471 0x1184  [ 735143727C4438A72490A2432E7D5CEA, 23FE6DCAFCD7E2B63FA0F14BCBBEC0BCEA220D2BAAAA57FB6E9810C2758A93A7 ] NNSNAHSL        C:\Windows\system32\DRIVERS\NNSNAHSL.sys
21:18:47.0497 0x1184  NNSNAHSL - ok
21:18:47.0524 0x1184  [ C5332A1FB751B8D5FD9D424D330BC91B, B2FEBEA06252457FF87B74D693E75B29CCF6839EA6FFD60007996B23A6D80154 ] NNSPICC         C:\Windows\system32\DRIVERS\NNSPicc.sys
21:18:47.0540 0x1184  NNSPICC - ok
21:18:47.0581 0x1184  [ AA1A311C019288FFCCF3661B5EA27A99, BC91048E82C820CECBBDEDD9D9F7EDDBF6CBC88CE1D9C83A12C4A0E59CFAAC76 ] NNSPIHSW        C:\Windows\system32\DRIVERS\NNSPihsw.sys
21:18:47.0597 0x1184  NNSPIHSW - ok
21:18:47.0615 0x1184  [ EB153B4FA5200D1D3352D6C3FB7C9C38, 306805080F8FDB5D9299E93C7074F3B46F8E4B6623A3A75A83E98E6EB0E5BDC5 ] NNSPOP3         C:\Windows\system32\DRIVERS\NNSPop3.sys
21:18:47.0631 0x1184  NNSPOP3 - ok
21:18:47.0671 0x1184  [ 425356A7A3657174C206AA3FDB3DDD35, 9634D9A2271C57051BBEC58020082B4CCF2A6583B8FB3C6AC22E9C81728E10F8 ] NNSPROT         C:\Windows\system32\DRIVERS\NNSProt.sys
21:18:47.0691 0x1184  NNSPROT - ok
21:18:47.0715 0x1184  [ FFDF3257F83A094941005EE607B8A905, D3E676A13175D329E2F3677D9B56ED7B4DCDCE6794C96025171B24140B543EDC ] NNSPRV          C:\Windows\system32\DRIVERS\NNSPrv.sys
21:18:47.0731 0x1184  NNSPRV - ok
21:18:47.0754 0x1184  [ DE87A11CB1767ABDDE223D4CC0F7C221, 3D24BC83E4D88174CA08281C0B3E3E7BC44218F4C6950D28D37029AE39F68E50 ] NNSSMTP         C:\Windows\system32\DRIVERS\NNSSmtp.sys
21:18:47.0770 0x1184  NNSSMTP - ok
21:18:47.0799 0x1184  [ 537FB2F711E65475562FE29877F108E1, D2B486CBF3D4CF4AB5D6CCF34CAA57725C3027A2C3E0A1CF628D33546ACBF072 ] NNSSTRM         C:\Windows\system32\DRIVERS\NNSStrm.sys
21:18:47.0821 0x1184  NNSSTRM - ok
21:18:47.0866 0x1184  [ 4F37DC4420A00BC6E9D22E3590806BFC, C65CEE11AFA68F9B870FB256AB53A04C32C1F73F6F4F209944815CC96F8FEB17 ] NNSTLSC         C:\Windows\system32\DRIVERS\NNSTlsc.sys
21:18:47.0882 0x1184  NNSTLSC - ok
21:18:47.0907 0x1184  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:18:47.0972 0x1184  Npfs - ok
21:18:48.0017 0x1184  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:18:48.0076 0x1184  nsi - ok
21:18:48.0111 0x1184  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:18:48.0168 0x1184  nsiproxy - ok
21:18:48.0292 0x1184  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:18:48.0351 0x1184  Ntfs - ok
21:18:48.0367 0x1184  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:18:48.0434 0x1184  Null - ok
21:18:48.0464 0x1184  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:18:48.0479 0x1184  nvraid - ok
21:18:48.0523 0x1184  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:18:48.0552 0x1184  nvstor - ok
21:18:48.0581 0x1184  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:18:48.0598 0x1184  nv_agp - ok
21:18:48.0720 0x1184  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:18:48.0747 0x1184  odserv - ok
21:18:48.0780 0x1184  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:18:48.0816 0x1184  ohci1394 - ok
21:18:48.0875 0x1184  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:18:48.0890 0x1184  ose - ok
21:18:48.0924 0x1184  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:18:48.0982 0x1184  p2pimsvc - ok
21:18:49.0021 0x1184  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:18:49.0048 0x1184  p2psvc - ok
21:18:49.0116 0x1184  [ 742FC7886B2F155317723F1D6B045F94, BCB0DC50A64423973694DD35A270C6C9F4BB5A0A0819ECA0287B8BB9458DB137 ] PandaAgent      C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
21:18:49.0137 0x1184  PandaAgent - ok
21:18:49.0186 0x1184  panda_url_filtering - ok
21:18:49.0239 0x1184  [ 6925454E20B184E482CD65F297D51DB5, 9386542E9B20C370FCB275C7F8005DAD45C86BBC2F7B8DB3552FA49B474C5EED ] panda_url_filteringd C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys
21:18:49.0269 0x1184  panda_url_filteringd - ok
21:18:49.0301 0x1184  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
21:18:49.0343 0x1184  Parport - ok
21:18:49.0380 0x1184  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:18:49.0394 0x1184  partmgr - ok
21:18:49.0431 0x1184  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:18:49.0466 0x1184  PcaSvc - ok
21:18:49.0488 0x1184  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:18:49.0506 0x1184  pci - ok
21:18:49.0528 0x1184  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:18:49.0540 0x1184  pciide - ok
21:18:49.0560 0x1184  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:18:49.0578 0x1184  pcmcia - ok
21:18:49.0599 0x1184  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:18:49.0612 0x1184  pcw - ok
21:18:49.0645 0x1184  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:18:49.0721 0x1184  PEAUTH - ok
21:18:49.0808 0x1184  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:18:49.0840 0x1184  PerfHost - ok
21:18:49.0921 0x1184  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:18:50.0008 0x1184  pla - ok
21:18:50.0075 0x1184  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:18:50.0126 0x1184  PlugPlay - ok
21:18:50.0146 0x1184  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:18:50.0182 0x1184  PNRPAutoReg - ok
21:18:50.0222 0x1184  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:18:50.0245 0x1184  PNRPsvc - ok
21:18:50.0280 0x1184  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:18:50.0330 0x1184  PolicyAgent - ok
21:18:50.0367 0x1184  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
21:18:50.0418 0x1184  Power - ok
21:18:50.0462 0x1184  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:18:50.0522 0x1184  PptpMiniport - ok
21:18:50.0585 0x1184  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:18:50.0713 0x1184  Processor - ok
21:18:50.0980 0x1184  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:18:51.0226 0x1184  ProfSvc - ok
21:18:51.0469 0x1184  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:18:51.0506 0x1184  ProtectedStorage - ok
21:18:51.0538 0x1184  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:18:51.0590 0x1184  Psched - ok
21:18:51.0681 0x1184  [ ABF42AF66C50E3FBAD2280020360920E, 0F2FB1C117DE989AB615D673B09B5DACC1592ED895505F1880EAA09788E0E3E1 ] PSINAflt        C:\Windows\system32\DRIVERS\PSINAflt.sys
21:18:51.0712 0x1184  PSINAflt - ok
21:18:51.0759 0x1184  [ 54C28488E5F038B29E2D80DBFC910666, 5386D279375DC737E3E3FBE6576B8C97D2346ED98061CBA1982C09832FDF9E78 ] PSINFile        C:\Windows\system32\DRIVERS\PSINFile.sys
21:18:51.0790 0x1184  PSINFile - ok
21:18:51.0815 0x1184  [ 305FCF2F725B806BC5E69AC95340A271, FCA0EF28DE5F4DAF8E3E4BB70C7668A0E1990CC080D52BA711DFB9CC5C369230 ] PSINKNC         C:\Windows\system32\DRIVERS\psinknc.sys
21:18:51.0835 0x1184  PSINKNC - ok
21:18:51.0875 0x1184  [ ED6B1CDE5B178B057F64B2AF682EB45A, BDD46380BF51A48982E81F1D5EDAC2D9B16D2C03E886144279F4505ADA247EE2 ] PSINProc        C:\Windows\system32\DRIVERS\PSINProc.sys
21:18:51.0892 0x1184  PSINProc - ok
21:18:51.0954 0x1184  [ 171F1C6F49142F2D1C174B817F46EC0F, 96F6B021CBEA2F0787A01E323EED626B380DAD13FC91EE4552F4DEEEC95DBD2C ] PSINProt        C:\Windows\system32\DRIVERS\PSINProt.sys
21:18:51.0985 0x1184  PSINProt - ok
21:18:52.0021 0x1184  [ 6A19A5665FBE15D63046B20BB0BFD7AB, 45EBDAD1E5CF5747EB5600F74969123428094E7FAC68CAE29AF02E31FFC3FB8D ] PSINReg         C:\Windows\system32\DRIVERS\PSINReg.sys
21:18:52.0041 0x1184  PSINReg - ok
21:18:52.0120 0x1184  [ 105ACC469DF34C8BD0D5E68A70C774E5, 983A759339E058AAE779EB9476EC2AEE8B379F0C60E5E2FD73826155827F5518 ] PSKMAD          C:\Windows\system32\DRIVERS\PSKMAD.sys
21:18:52.0148 0x1184  PSKMAD - ok
21:18:52.0198 0x1184  [ CAB0E7856EA9AB97E270E53AE0833EA6, E73C77578F6FFD8B4A3E4BD198EE3795C9A65567D8894F14136804393EBA7A61 ] PSUAService     C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
21:18:52.0221 0x1184  PSUAService - ok
21:18:52.0296 0x1184  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:18:52.0350 0x1184  ql2300 - ok
21:18:52.0389 0x1184  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:18:52.0405 0x1184  ql40xx - ok
21:18:52.0437 0x1184  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:18:52.0463 0x1184  QWAVE - ok
21:18:52.0479 0x1184  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:18:52.0498 0x1184  QWAVEdrv - ok
21:18:52.0508 0x1184  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:18:52.0566 0x1184  RasAcd - ok
21:18:52.0609 0x1184  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:18:52.0661 0x1184  RasAgileVpn - ok
21:18:52.0678 0x1184  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:18:52.0741 0x1184  RasAuto - ok
21:18:52.0786 0x1184  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:18:52.0828 0x1184  Rasl2tp - ok
21:18:52.0855 0x1184  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:18:52.0924 0x1184  RasMan - ok
21:18:52.0951 0x1184  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:18:53.0008 0x1184  RasPppoe - ok
21:18:53.0035 0x1184  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:18:53.0087 0x1184  RasSstp - ok
21:18:53.0111 0x1184  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:18:53.0169 0x1184  rdbss - ok
21:18:53.0188 0x1184  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:18:53.0212 0x1184  rdpbus - ok
21:18:53.0239 0x1184  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:18:53.0277 0x1184  RDPCDD - ok
21:18:53.0296 0x1184  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:18:53.0333 0x1184  RDPENCDD - ok
21:18:53.0351 0x1184  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:18:53.0403 0x1184  RDPREFMP - ok
21:18:53.0494 0x1184  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:18:53.0526 0x1184  RdpVideoMiniport - ok
21:18:53.0566 0x1184  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:18:53.0605 0x1184  RDPWD - ok
21:18:53.0652 0x1184  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:18:53.0672 0x1184  rdyboost - ok
21:18:53.0711 0x1184  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:18:53.0781 0x1184  RemoteAccess - ok
21:18:53.0803 0x1184  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:18:53.0853 0x1184  RemoteRegistry - ok
21:18:53.0931 0x1184  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:18:54.0004 0x1184  RFCOMM - ok
21:18:54.0024 0x1184  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:18:54.0082 0x1184  RpcEptMapper - ok
21:18:54.0102 0x1184  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:18:54.0118 0x1184  RpcLocator - ok
21:18:54.0151 0x1184  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
21:18:54.0202 0x1184  RpcSs - ok
21:18:54.0252 0x1184  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:18:54.0318 0x1184  rspndr - ok
21:18:54.0404 0x1184  [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:18:54.0436 0x1184  RTL8167 - ok
21:18:54.0452 0x1184  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs           C:\Windows\system32\lsass.exe
21:18:54.0466 0x1184  SamSs - ok
21:18:54.0483 0x1184  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:18:54.0497 0x1184  sbp2port - ok
21:18:54.0527 0x1184  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:18:54.0570 0x1184  SCardSvr - ok
21:18:54.0587 0x1184  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:18:54.0638 0x1184  scfilter - ok
21:18:54.0691 0x1184  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
21:18:54.0767 0x1184  Schedule - ok
21:18:54.0794 0x1184  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:18:54.0832 0x1184  SCPolicySvc - ok
21:18:54.0868 0x1184  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:18:54.0889 0x1184  SDRSVC - ok
21:18:54.0929 0x1184  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:18:54.0967 0x1184  secdrv - ok
21:18:54.0981 0x1184  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
21:18:55.0019 0x1184  seclogon - ok
21:18:55.0036 0x1184  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
21:18:55.0076 0x1184  SENS - ok
21:18:55.0088 0x1184  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:18:55.0124 0x1184  SensrSvc - ok
21:18:55.0147 0x1184  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:18:55.0161 0x1184  Serenum - ok
21:18:55.0199 0x1184  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
21:18:55.0217 0x1184  Serial - ok
21:18:55.0241 0x1184  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:18:55.0277 0x1184  sermouse - ok
21:18:55.0313 0x1184  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:18:55.0356 0x1184  SessionEnv - ok
21:18:55.0374 0x1184  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:18:55.0392 0x1184  sffdisk - ok
21:18:55.0397 0x1184  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:18:55.0414 0x1184  sffp_mmc - ok
21:18:55.0426 0x1184  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:18:55.0443 0x1184  sffp_sd - ok
21:18:55.0450 0x1184  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:18:55.0483 0x1184  sfloppy - ok
21:18:55.0528 0x1184  [ 2FE1CD3AA602414841DB10AD96C95A5E, 1A2489DF37C13B578E69AA0D3D5DB3627C77750C45D78BB2872E29DD10253326 ] SGDrv           C:\Windows\system32\DRIVERS\SGdrv64.sys
21:18:55.0541 0x1184  SGDrv - ok
21:18:55.0576 0x1184  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:18:55.0637 0x1184  SharedAccess - ok
21:18:55.0668 0x1184  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:18:55.0725 0x1184  ShellHWDetection - ok
21:18:55.0757 0x1184  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:18:55.0770 0x1184  SiSRaid2 - ok
21:18:55.0787 0x1184  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:18:55.0800 0x1184  SiSRaid4 - ok
21:18:55.0919 0x1184  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:18:55.0951 0x1184  SkypeUpdate - ok
21:18:55.0990 0x1184  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:18:56.0029 0x1184  Smb - ok
21:18:56.0081 0x1184  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:18:56.0097 0x1184  SNMPTRAP - ok
21:18:56.0132 0x1184  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:18:56.0163 0x1184  spldr - ok
21:18:56.0216 0x1184  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
21:18:56.0246 0x1184  Spooler - ok
21:18:56.0389 0x1184  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:18:56.0632 0x1184  sppsvc - ok
21:18:56.0717 0x1184  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:18:56.0931 0x1184  sppuinotify - ok
21:18:56.0992 0x1184  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:18:57.0057 0x1184  srv - ok
21:18:57.0108 0x1184  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:18:57.0170 0x1184  srv2 - ok
21:18:57.0191 0x1184  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:18:57.0212 0x1184  srvnet - ok
21:18:57.0257 0x1184  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:18:57.0301 0x1184  SSDPSRV - ok
21:18:57.0330 0x1184  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:18:57.0378 0x1184  SstpSvc - ok
21:18:57.0402 0x1184  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:18:57.0414 0x1184  stexstor - ok
21:18:57.0487 0x1184  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:18:57.0530 0x1184  stisvc - ok
21:18:57.0545 0x1184  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:18:57.0557 0x1184  swenum - ok
21:18:57.0594 0x1184  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:18:57.0646 0x1184  swprv - ok
21:18:57.0722 0x1184  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
21:18:57.0789 0x1184  SysMain - ok
21:18:57.0821 0x1184  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:18:57.0867 0x1184  TabletInputService - ok
21:18:57.0896 0x1184  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:18:57.0941 0x1184  TapiSrv - ok
21:18:57.0958 0x1184  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
21:18:57.0998 0x1184  TBS - ok
21:18:58.0119 0x1184  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:18:58.0183 0x1184  Tcpip - ok
21:18:58.0254 0x1184  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:18:58.0316 0x1184  TCPIP6 - ok
21:18:58.0353 0x1184  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:18:58.0386 0x1184  tcpipreg - ok
21:18:58.0414 0x1184  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:18:58.0429 0x1184  TDPIPE - ok
21:18:58.0446 0x1184  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:18:58.0477 0x1184  TDTCP - ok
21:18:58.0520 0x1184  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:18:58.0538 0x1184  tdx - ok
21:18:58.0558 0x1184  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:18:58.0573 0x1184  TermDD - ok
21:18:58.0626 0x1184  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
21:18:58.0661 0x1184  TermService - ok
21:18:58.0691 0x1184  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:18:58.0726 0x1184  Themes - ok
21:18:58.0748 0x1184  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:18:58.0788 0x1184  THREADORDER - ok
21:18:58.0808 0x1184  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:18:58.0850 0x1184  TrkWks - ok
21:18:58.0909 0x1184  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:18:58.0970 0x1184  TrustedInstaller - ok
21:18:59.0001 0x1184  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:18:59.0015 0x1184  tssecsrv - ok
21:18:59.0070 0x1184  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:18:59.0086 0x1184  TsUsbFlt - ok
21:18:59.0122 0x1184  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:18:59.0162 0x1184  TsUsbGD - ok
21:18:59.0218 0x1184  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:18:59.0323 0x1184  tunnel - ok
21:18:59.0348 0x1184  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:18:59.0361 0x1184  uagp35 - ok
21:18:59.0386 0x1184  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:18:59.0451 0x1184  udfs - ok
21:18:59.0490 0x1184  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:18:59.0524 0x1184  UI0Detect - ok
21:18:59.0552 0x1184  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:18:59.0569 0x1184  uliagpkx - ok
21:18:59.0594 0x1184  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:18:59.0614 0x1184  umbus - ok
21:18:59.0633 0x1184  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:18:59.0651 0x1184  UmPass - ok
21:18:59.0695 0x1184  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:18:59.0757 0x1184  upnphost - ok
21:18:59.0795 0x1184  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:18:59.0810 0x1184  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
21:19:02.0414 0x1184  Detect skipped due to KSN trusted
21:19:02.0414 0x1184  USBAAPL64 - ok
21:19:02.0465 0x1184  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:19:02.0521 0x1184  usbccgp - ok
21:19:02.0569 0x1184  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:19:02.0592 0x1184  usbcir - ok
21:19:02.0629 0x1184  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:19:02.0651 0x1184  usbehci - ok
21:19:02.0726 0x1184  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:19:02.0775 0x1184  usbhub - ok
21:19:02.0811 0x1184  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:19:02.0828 0x1184  usbohci - ok
21:19:02.0846 0x1184  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:19:02.0886 0x1184  usbprint - ok
21:19:02.0930 0x1184  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:19:02.0969 0x1184  USBSTOR - ok
21:19:03.0000 0x1184  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:19:03.0018 0x1184  usbuhci - ok
21:19:03.0060 0x1184  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:19:03.0080 0x1184  usbvideo - ok
21:19:03.0113 0x1184  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:19:03.0155 0x1184  UxSms - ok
21:19:03.0172 0x1184  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc        C:\Windows\system32\lsass.exe
21:19:03.0187 0x1184  VaultSvc - ok
21:19:03.0217 0x1184  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:19:03.0231 0x1184  vdrvroot - ok
21:19:03.0265 0x1184  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:19:03.0320 0x1184  vds - ok
21:19:03.0334 0x1184  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:19:03.0353 0x1184  vga - ok
21:19:03.0368 0x1184  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:19:03.0420 0x1184  VgaSave - ok
21:19:03.0430 0x1184  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:19:03.0448 0x1184  vhdmp - ok
21:19:03.0475 0x1184  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:19:03.0487 0x1184  viaide - ok
21:19:03.0508 0x1184  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:19:03.0521 0x1184  volmgr - ok
21:19:03.0550 0x1184  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:19:03.0572 0x1184  volmgrx - ok
21:19:03.0596 0x1184  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:19:03.0616 0x1184  volsnap - ok
21:19:03.0641 0x1184  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:19:03.0658 0x1184  vsmraid - ok
21:19:03.0774 0x1184  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:19:03.0857 0x1184  VSS - ok
21:19:03.0878 0x1184  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:19:03.0917 0x1184  vwifibus - ok
21:19:03.0955 0x1184  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:19:03.0995 0x1184  vwififlt - ok
21:19:04.0024 0x1184  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:19:04.0088 0x1184  vwifimp - ok
21:19:04.0149 0x1184  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:19:04.0206 0x1184  W32Time - ok
21:19:04.0233 0x1184  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:19:04.0261 0x1184  WacomPen - ok
21:19:04.0305 0x1184  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:19:04.0356 0x1184  WANARP - ok
21:19:04.0362 0x1184  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:19:04.0402 0x1184  Wanarpv6 - ok
21:19:04.0519 0x1184  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:19:04.0578 0x1184  WatAdminSvc - ok
21:19:04.0649 0x1184  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:19:04.0728 0x1184  wbengine - ok
21:19:04.0760 0x1184  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:19:04.0786 0x1184  WbioSrvc - ok
21:19:04.0812 0x1184  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:19:04.0932 0x1184  wcncsvc - ok
21:19:04.0965 0x1184  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:19:04.0981 0x1184  WcsPlugInService - ok
21:19:05.0033 0x1184  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:19:05.0057 0x1184  Wd - ok
21:19:05.0151 0x1184  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:19:05.0192 0x1184  Wdf01000 - ok
21:19:05.0229 0x1184  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:19:05.0254 0x1184  WdiServiceHost - ok
21:19:05.0260 0x1184  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:19:05.0283 0x1184  WdiSystemHost - ok
21:19:05.0327 0x1184  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
21:19:05.0350 0x1184  WebClient - ok
21:19:05.0382 0x1184  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:19:05.0426 0x1184  Wecsvc - ok
21:19:05.0448 0x1184  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:19:05.0489 0x1184  wercplsupport - ok
21:19:05.0512 0x1184  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:19:05.0576 0x1184  WerSvc - ok
21:19:05.0629 0x1184  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:19:05.0670 0x1184  WfpLwf - ok
21:19:05.0687 0x1184  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:19:05.0698 0x1184  WIMMount - ok
21:19:05.0730 0x1184  WinDefend - ok
21:19:05.0739 0x1184  WinHttpAutoProxySvc - ok
21:19:05.0812 0x1184  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:19:05.0871 0x1184  Winmgmt - ok
21:19:05.0966 0x1184  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
21:19:06.0038 0x1184  WinRM - ok
21:19:06.0089 0x1184  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:19:06.0106 0x1184  WinUsb - ok
21:19:06.0166 0x1184  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:19:06.0237 0x1184  Wlansvc - ok
21:19:06.0263 0x1184  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:19:06.0278 0x1184  WmiAcpi - ok
21:19:06.0309 0x1184  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:19:06.0329 0x1184  wmiApSrv - ok
21:19:06.0353 0x1184  WMPNetworkSvc - ok
21:19:06.0383 0x1184  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:19:06.0410 0x1184  WPCSvc - ok
21:19:06.0432 0x1184  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:19:06.0452 0x1184  WPDBusEnum - ok
21:19:06.0471 0x1184  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:19:06.0528 0x1184  ws2ifsl - ok
21:19:06.0555 0x1184  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
21:19:06.0579 0x1184  wscsvc - ok
21:19:06.0583 0x1184  WSearch - ok
21:19:06.0728 0x1184  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:19:06.0810 0x1184  wuauserv - ok
21:19:06.0846 0x1184  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:19:06.0863 0x1184  WudfPf - ok
21:19:06.0924 0x1184  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:19:06.0943 0x1184  WUDFRd - ok
21:19:06.0978 0x1184  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:19:06.0995 0x1184  wudfsvc - ok
21:19:07.0095 0x1184  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:19:07.0171 0x1184  WwanSvc - ok
21:19:07.0357 0x1184  ================ Scan global ===============================
21:19:07.0375 0x1184  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:19:07.0411 0x1184  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:19:07.0428 0x1184  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:19:07.0467 0x1184  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:19:07.0517 0x1184  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:19:07.0537 0x1184  [ Global ] - ok
21:19:07.0537 0x1184  ================ Scan MBR ==================================
21:19:07.0545 0x1184  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:19:07.0837 0x1184  \Device\Harddisk0\DR0 - ok
21:19:07.0838 0x1184  ================ Scan VBR ==================================
21:19:07.0843 0x1184  [ 855EB24A97E9B564DCAA70F0B186A44C ] \Device\Harddisk0\DR0\Partition1
21:19:07.0846 0x1184  \Device\Harddisk0\DR0\Partition1 - ok
21:19:07.0847 0x1184  ================ Scan generic autorun ======================
21:19:07.0902 0x1184  [ 5435F95E21800127299CFAE29446F256, 2E6C074467E3A8A77BF8FE95C410E5880F88063A27990365671ED9E71820AF78 ] C:\Windows\system32\igfxtray.exe
21:19:07.0927 0x1184  IgfxTray - ok
21:19:07.0961 0x1184  [ 1D625FCDF466B0146F150FEFFA2FA58B, 35EC4369B9D864F56B1CBF6D864176EE73A344A90389C0C12D485B6F4710D864 ] C:\Windows\system32\hkcmd.exe
21:19:07.0983 0x1184  HotKeysCmds - ok
21:19:08.0012 0x1184  [ EDBBBD6DF695833A33AD1B76DA923F00, 22B675B5413F76B8496480AC2508E08CAEBCDF235600694D7D016F448A969F29 ] C:\Windows\system32\igfxpers.exe
21:19:08.0034 0x1184  Persistence - ok
21:19:08.0179 0x1184  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:19:08.0218 0x1184  Adobe ARM - ok
21:19:08.0317 0x1184  [ 645CC5E693E6B4145072925D45DFF040, 351571D0A197A121F3AA2DA2EE1B66DA1D1554456A5347BD815EF947F5237B08 ] C:\Program Files (x86)\T-Mobile\ConnectionManager\Background\ModemListener.exe
21:19:08.0354 0x1184  T-Mobile ModemListener - detected UnsignedFile.Multi.Generic ( 1 )
21:19:11.0276 0x1184  Detect skipped due to KSN trusted
21:19:11.0276 0x1184  T-Mobile ModemListener - ok
21:19:11.0330 0x1184  [ 273C4436D232B27AFD8DF3BAF148D932, 62D52E7D215086D1F9CD51ECB10976C9C4EFE1A4BB4C74E57CE6C8DE16A4BAA8 ] C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
21:19:11.0359 0x1184  PSUAMain - ok
21:19:11.0474 0x1184  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:19:11.0520 0x1184  Sidebar - ok
21:19:11.0551 0x1184  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:19:11.0575 0x1184  mctadmin - ok
21:19:11.0611 0x1184  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:19:11.0657 0x1184  Sidebar - ok
21:19:11.0665 0x1184  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:19:11.0687 0x1184  mctadmin - ok
21:19:11.0851 0x1184  [ 50EDBF0A77FF618FC4223B73658B0B9D, 46A86A078CF9A6E95D9C1F534FCD69C28534B7CBD1ED896D75BC7B663B525980 ] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
21:19:11.0944 0x1184  DAEMON Tools Pro Agent - ok
21:19:12.0080 0x1184  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
21:19:12.0134 0x1184  Sidebar - ok
21:19:12.0197 0x1184  Skype - ok
21:19:12.0748 0x1184  [ B2BAE2D76FBE9FDC3F6E0D1F886DF367, 964EBF736891BE252C68FCE1F9EAD5E60E6E0C2119D21C6DF49FBD30FBB678EF ] C:\Program Files\CCleaner\CCleaner64.exe
21:19:12.0963 0x1184  CCleaner Monitoring - ok
21:19:12.0979 0x1184  Waiting for KSN requests completion. In queue: 68
21:19:13.0979 0x1184  Waiting for KSN requests completion. In queue: 68
21:19:14.0979 0x1184  Waiting for KSN requests completion. In queue: 68
21:19:16.0017 0x1184  AV detected via SS2: Panda Free Antivirus, C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe ( 1.0.0.0 ), 0x71000 ( enabled : updated )
21:19:16.0020 0x1184  FW detected via SS2: Panda Firewall, C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe ( 1.0.0.0 ), 0x70010 ( disabled )
21:19:16.0027 0x1184  Win FW state via NFP2: enabled
21:19:18.0576 0x1184  ============================================================
21:19:18.0576 0x1184  Scan finished
21:19:18.0576 0x1184  ============================================================
21:19:18.0599 0x02d0  Detected object count: 0
21:19:18.0599 0x02d0  Actual detected object count: 0
 


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:07 AM

Posted 06 March 2015 - 03:42 PM

Hi Joana and welcome to BC.

We need to get a better look at your system to determine the problem.

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST.


Thanks.

BBPP6nz.png


#3 JoanaV

JoanaV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 08 March 2015 - 05:05 AM

Here you are 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Joanna (administrator) on JOANNA-PC on 08-03-2015 10:02:20
Running from C:\Users\Joanna\Downloads
Loaded Profiles: Joanna (Available profiles: Joanna)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\T-Mobile\ConnectionManager\BackgroundService\ServiceManager.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\T-Mobile\ConnectionManager\Background\ModemListener.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [T-Mobile ModemListener] => C:\Program Files (x86)\T-Mobile\ConnectionManager\Background\ModemListener.exe [114552 2012-12-05] ()
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\MountPoints2: {4a611d6e-bb03-11e1-822e-b8030529456d} - F:\AutoRun.exe
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\MountPoints2: {737e3473-e003-11e1-b3d2-b8030529456d} - F:\AutoRun.exe
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\MountPoints2: {801bf87d-b6fc-11e1-980a-b8030529456d} - F:\AutoRun.exe
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\MountPoints2: {801bf893-b6fc-11e1-980a-b8030529456d} - F:\AutoRun.exe
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\MountPoints2: {ae62e1d4-cbae-11e2-8748-b8030529456d} - F:\AutoRun.exe
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\MountPoints2: {b6b03bb7-e1b1-11e2-bfdc-b8030529456d} - F:\Autorun.exe
SSODL: EldosMountNotificator-cbfs5 - {EC1AF51C-B71C-46AD-8474-10CBE77EBFAD} -  No File
SSODL-x32: EldosMountNotificator-cbfs5 - {EC1AF51C-B71C-46AD-8474-10CBE77EBFAD} -  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [BitcasaBadFileOverlay] -> {EC168C82-5053-422A-BB08-3CD9ACA22E85} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaMirrorOverlay] -> {8C403C00-4544-4A53-879B-1949390CDE13} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaNotMirrored] -> {775CDDED-E6D2-4DD8-8C1F-158BEF44B62A} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {27E14B49-557F-4FE4-BA5E-93EAE1FF230D} =>  No File
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {27E14B49-557F-4FE4-BA5E-93EAE1FF230D} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> 9972D3AF9C4841C4AA718B96CAFC8990 URL = http://search.babylon.com/?q={searchTerms}&affID=117065&tt=0213_3&babsrc=SP_ss&mntrId=6ef4c22b000000000000e8039a91d713
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> {1F05F07A-84CC-4929-BB4D-6B9E1412F683} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQJCZ1QOC&i=26
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2014-10-17] ()
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2014-10-17] ()
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2014-10-17] ()
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2014-10-17] ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-02-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-02-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-02-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-02-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-02-16] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2014-03-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2014-03-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-03-19]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-03-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-04]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
 
Chrome: 
=======
CHR Profile: C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-12]
CHR Extension: (Google Drive) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-12]
CHR Extension: (YouTube) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-12]
CHR Extension: (Adblock Plus) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-12]
CHR Extension: (No Name) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-12]
CHR Extension: (AdBlock) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-12]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 Modem Device Helper; C:\Program Files (x86)\T-Mobile\ConnectionManager\BackgroundService\ServiceManager.exe [51576 2012-12-04] () [File not signed]
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [296760 2014-09-19] (Panda Security)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 GLOBUL Connection Manager. RunOuc; C:\Program Files (x86)\GLOBUL Connection Manager\UpdateDog\ouc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2012-12-04] (Windows ® Codename Longhorn DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-03] (DT Soft Ltd)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2012-12-04] (TCT International Mobile Ltd)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S1 cbfs5; \??\C:\Windows\system32\drivers\cbfs5.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-08 10:02 - 2015-03-08 10:02 - 00019311 _____ () C:\Users\Joanna\Downloads\FRST.txt
2015-03-08 10:02 - 2015-03-08 10:02 - 00000000 ____D () C:\FRST
2015-03-08 10:01 - 2015-03-08 10:01 - 02094592 _____ (Farbar) C:\Users\Joanna\Downloads\FRST64.exe
2015-03-03 19:47 - 2015-01-09 03:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 19:47 - 2015-01-09 03:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 19:47 - 2015-01-09 03:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 19:47 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 09:24 - 2015-03-07 22:32 - 00000560 _____ () C:\Windows\setupact.log
2015-03-02 09:24 - 2015-03-02 09:24 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-26 09:44 - 2015-01-08 23:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 09:44 - 2015-01-08 23:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-21 21:37 - 2014-03-25 13:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-02-19 20:42 - 2015-02-19 20:42 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\Sublime Text 2
2015-02-15 20:43 - 2015-02-15 20:43 - 00032821 _____ () C:\Users\Joanna\Downloads\view.htm
2015-02-11 17:08 - 2015-01-23 04:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 17:08 - 2015-01-23 04:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 17:08 - 2015-01-23 03:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 17:08 - 2015-01-23 03:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 20:43 - 2015-02-04 03:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 20:43 - 2015-02-04 03:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 20:43 - 2015-02-04 03:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 20:43 - 2015-02-04 03:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 20:43 - 2015-02-04 03:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 20:43 - 2015-02-04 03:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 20:43 - 2015-02-04 03:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 20:43 - 2015-01-27 23:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 20:43 - 2015-01-10 06:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 20:43 - 2015-01-10 06:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 20:43 - 2015-01-10 06:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 20:43 - 2015-01-10 06:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 20:43 - 2015-01-10 06:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 20:43 - 2015-01-10 06:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 20:43 - 2015-01-10 06:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 20:43 - 2015-01-10 06:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 20:43 - 2015-01-10 06:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 20:43 - 2015-01-10 06:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 20:43 - 2015-01-10 06:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 20:43 - 2015-01-10 06:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 20:43 - 2015-01-10 06:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 20:43 - 2015-01-10 06:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 20:42 - 2015-01-12 02:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 20:42 - 2015-01-12 02:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 20:42 - 2015-01-12 02:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 20:42 - 2015-01-12 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 20:42 - 2015-01-12 01:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 20:42 - 2015-01-12 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 20:41 - 2015-01-14 05:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 20:41 - 2015-01-14 05:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 20:41 - 2015-01-12 03:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 20:41 - 2015-01-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 20:41 - 2015-01-12 03:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 20:41 - 2015-01-12 02:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 20:41 - 2015-01-12 02:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 20:41 - 2015-01-12 02:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 20:41 - 2015-01-12 02:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 20:41 - 2015-01-12 02:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 20:41 - 2015-01-12 02:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 20:41 - 2015-01-12 02:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 20:41 - 2015-01-12 02:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 20:41 - 2015-01-12 02:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 20:41 - 2015-01-12 02:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 20:41 - 2015-01-12 02:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 20:41 - 2015-01-12 02:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 20:41 - 2015-01-12 02:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 20:41 - 2015-01-12 02:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 20:41 - 2015-01-12 02:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 20:41 - 2015-01-12 02:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 20:41 - 2015-01-12 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 20:41 - 2015-01-12 02:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 20:41 - 2015-01-12 02:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 20:41 - 2015-01-12 02:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 20:41 - 2015-01-12 01:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 20:41 - 2015-01-12 01:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 20:41 - 2015-01-12 01:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 20:41 - 2015-01-12 01:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 20:41 - 2015-01-12 01:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 20:41 - 2015-01-12 01:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 20:41 - 2015-01-12 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 20:41 - 2015-01-12 01:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 20:41 - 2015-01-12 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 20:41 - 2015-01-12 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 20:41 - 2015-01-12 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 20:41 - 2015-01-12 01:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 20:41 - 2015-01-12 01:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 20:41 - 2015-01-12 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 20:41 - 2015-01-12 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 20:41 - 2015-01-12 01:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 20:41 - 2015-01-12 01:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 20:41 - 2015-01-12 01:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 20:41 - 2015-01-12 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 20:41 - 2015-01-12 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 20:41 - 2015-01-12 00:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 20:40 - 2015-01-13 03:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 20:40 - 2015-01-13 02:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 20:39 - 2015-01-15 08:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 20:39 - 2015-01-15 08:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 20:39 - 2015-01-15 08:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 20:39 - 2015-01-15 08:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 20:39 - 2015-01-15 08:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 20:39 - 2015-01-15 08:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 20:39 - 2015-01-15 08:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 20:39 - 2015-01-15 08:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 20:39 - 2015-01-15 08:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 20:39 - 2015-01-15 08:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 20:39 - 2015-01-15 08:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 20:39 - 2015-01-15 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 20:39 - 2015-01-15 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 20:39 - 2015-01-15 07:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 20:39 - 2015-01-15 07:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 20:39 - 2015-01-15 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 20:39 - 2015-01-15 07:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 20:39 - 2015-01-15 04:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 20:38 - 2014-12-12 05:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 20:38 - 2014-12-12 05:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 20:38 - 2014-11-26 03:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 20:38 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 20:38 - 2014-07-07 02:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 20:38 - 2014-07-07 02:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 20:38 - 2014-07-07 01:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 20:38 - 2014-07-07 01:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 20:36 - 2015-01-14 06:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 20:36 - 2014-12-08 03:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 20:36 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 20:35 - 2015-01-14 06:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 20:35 - 2015-01-14 06:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 20:35 - 2015-01-14 05:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 20:35 - 2015-01-14 05:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 20:34 - 2015-01-14 06:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 20:34 - 2015-01-14 05:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 20:32 - 2015-01-09 02:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-06 10:20 - 2015-02-06 10:20 - 00000000 ____D () C:\ed82d38776cb589e31a7fec99a7d
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-08 10:01 - 2012-06-15 16:12 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\Skype
2015-03-08 09:53 - 2015-01-22 00:11 - 01872542 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 09:39 - 2009-07-14 05:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 09:12 - 2012-06-03 04:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 09:07 - 2012-06-03 04:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 22:46 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 22:45 - 2009-07-14 05:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-07 22:40 - 2009-07-14 04:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 22:40 - 2009-07-14 04:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 21:30 - 2015-01-14 00:00 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-03-04 11:27 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing
2015-03-04 00:11 - 2013-09-21 09:20 - 00000000 ____D () C:\UNIVERSITY
2015-03-02 09:34 - 2014-12-13 23:12 - 00000000 ____D () C:\Users\Joanna\AppData\Local\CrashDumps
2015-02-26 17:10 - 2013-06-09 23:17 - 00000000 ____D () C:\Windows\Minidump
2015-02-24 08:47 - 2012-05-24 18:42 - 00000000 ____D () C:\Users\Joanna
2015-02-24 03:17 - 2010-11-21 03:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-19 15:26 - 2014-12-23 00:11 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-14 00:26 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 12:56 - 2012-05-24 21:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 03:53 - 2009-07-14 04:45 - 00350896 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 03:50 - 2014-12-10 23:24 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 03:50 - 2014-05-06 15:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 03:23 - 2013-08-03 06:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:07 - 2012-05-24 21:29 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 20:59 - 2012-09-15 14:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
 
==================== Files in the root of some directories =======
 
2012-09-04 16:32 - 2012-09-04 16:32 - 0001916 _____ () C:\Program Files (x86)\NFO.txt
2012-09-04 16:38 - 2012-09-04 16:38 - 15267728 _____ (Google Inc.) C:\Program Files (x86)\picasa39-setup.exe
2012-09-04 16:25 - 2012-09-04 16:25 - 0000140 _____ () C:\Program Files (x86)\Serials.txt
2012-09-04 16:25 - 2012-09-04 16:26 - 12285224 _____ (Nullsoft, Inc.) C:\Program Files (x86)\winamp563_pro_en-us.exe
2014-06-02 09:48 - 2014-06-02 09:48 - 0045475 _____ () C:\ProgramData\1401702489.bdinstall.bin
2014-06-02 09:50 - 2014-06-02 09:50 - 0041786 _____ () C:\ProgramData\1401702612.4460.bin
2014-06-02 09:50 - 2014-06-02 09:50 - 0002055 _____ () C:\ProgramData\1401702612.4764.bin
2014-06-02 10:06 - 2014-06-02 10:06 - 0238323 _____ () C:\ProgramData\1401702918.bdinstall.bin
2014-06-09 17:18 - 2014-06-09 17:18 - 0037823 _____ () C:\ProgramData\1402334328.bdinstall.bin
2014-06-09 17:19 - 2014-06-09 17:19 - 0058670 _____ () C:\ProgramData\1402334330.bdinstall.bin
2014-06-09 17:35 - 2014-06-09 17:35 - 0095743 _____ () C:\ProgramData\1402335130.bdinstall.bin
2014-08-08 15:00 - 2014-08-08 15:00 - 0176799 _____ () C:\ProgramData\1407509950.bdinstall.bin
2014-09-12 18:24 - 2014-09-12 18:24 - 0037823 _____ () C:\ProgramData\1410546287.bdinstall.bin
2014-09-12 18:26 - 2014-09-12 18:26 - 0097756 _____ () C:\ProgramData\1410546289.bdinstall.bin
2015-01-13 18:54 - 2015-01-13 18:54 - 0234950 _____ () C:\ProgramData\1421174593.bdinstall.bin
2015-01-13 21:13 - 2015-01-13 21:13 - 0037822 _____ () C:\ProgramData\1421183616.bdinstall.bin
2015-01-13 21:15 - 2015-01-13 21:15 - 0097076 _____ () C:\ProgramData\1421183618.bdinstall.bin
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-04 12:14
 
==================== End Of Log ============================

And the additional

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
Ran by Joanna at 2015-03-08 10:03:23
Running from C:\Users\Joanna\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connection Manager (HKLM-x32\...\Connection Manager_is1) (Version:  - TCT Mobile Limited)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
DriverPack Solution Updater (HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\DRPSu Updater) (Version: 0.0.25 - DriverPack Solution)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Àêòóàëèçàöèÿ (KB963678) (HKLM-x32\...\{90120000-0016-0402-0000-0000000FF1CE}_HOMESTUDENTR_{B3B0B5D0-371D-4211-A43A-B4E70B563756}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Powerpoint 2007 Help Àêòóàëèçàöèÿ (KB963669) (HKLM-x32\...\{90120000-0018-0402-0000-0000000FF1CE}_HOMESTUDENTR_{C64A08BB-59AC-4ACE-AF1D-D5225DF9CE2D}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Àêòóàëèçàöèÿ (KB963665) (HKLM-x32\...\{90120000-001B-0402-0000-0000000FF1CE}_HOMESTUDENTR_{6BECE490-EB24-47FB-B6C9-91724C0B0E6E}) (Version:  - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\MyFreeCodec) (Version:  - )
Night_Raven Codec Pack (HKLM\...\NR-CP_is1) (Version: 3.08 - Night_Raven)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.2.1.7 - Panda Security and Visicom Media Inc.)
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VaudiX (HKLM\...\VaudiX) (Version: 1.0 - CloudSoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Driver Package - Realtek (USB-100) Net  (04/28/2006 5.122.0510.2006) (HKLM\...\9A6D03D52BE3E56AECB50AB23894176C91CD5ACF) (Version: 04/28/2006 5.122.0510.2006 - Realtek)
WinRAR 5.21 beta 2 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.2 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {27F06C24-0785-4C0C-B190-778DF23F924A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {97A4CC78-C6AF-4109-AE02-CA844CF24C71} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {98C71C76-4807-4115-915D-DB4AA5145E07} - System32\Tasks\{E9DD4009-091B-481B-A0FB-B72BF1AC5820} => pcalua.exe -a C:\Windows\ST5UNST.EXE -c -n "C:\Program Files (x86)\Janus4\ST5UNST.000"
Task: {9C6BABF6-C974-4773-B30B-D5DBE81C3397} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B70F604D-B896-4562-9A90-2501D670ACF1} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {DE07BAFC-1A04-433F-A0DE-6773D074642E} - System32\Tasks\{237B0C0B-1E1F-424F-AA47-04ED721E16A7} => pcalua.exe -a C:\Windows\ST5UNST.EXE -c -n "C:\Program Files (x86)\Janus4\ST5UNST.001"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RDReminder.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-07-01 16:03 - 2012-12-04 15:50 - 00051576 _____ () C:\Program Files (x86)\T-Mobile\ConnectionManager\BackgroundService\ServiceManager.exe
2014-09-12 17:41 - 2014-02-21 12:17 - 00313856 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll
2014-09-12 17:41 - 2014-02-21 12:06 - 02064384 _____ () C:\Program Files\Bitcasa\bitcasaui.dll
2012-05-24 19:14 - 2010-12-16 09:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-01 16:03 - 2012-12-05 16:50 - 00114552 _____ () C:\Program Files (x86)\T-Mobile\ConnectionManager\Background\ModemListener.exe
2013-04-12 17:23 - 2013-04-12 17:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2013-12-05 05:32 - 2013-12-04 02:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 05:32 - 2013-12-04 02:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 05:32 - 2013-12-04 02:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 05:32 - 2013-12-04 02:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 05:32 - 2013-12-04 02:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 05:32 - 2013-12-04 02:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2980891087-1085619845-2753008346-500 - Administrator - Disabled)
Guest (S-1-5-21-2980891087-1085619845-2753008346-501 - Limited - Disabled)
Joanna (S-1-5-21-2980891087-1085619845-2753008346-1000 - Administrator - Enabled) => C:\Users\Joanna
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/08/2015 00:09:38 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (03/07/2015 10:46:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2015 10:45:04 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\esent.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\System32\esent.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (03/07/2015 10:45:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ESENT.dll, version: 6.1.7601.17577, time stamp: 0x4d79bfba
Exception code: 0xc0000006
Fault offset: 0x000000000012e540
Faulting process id: 0x470
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3
 
Error: (03/07/2015 10:33:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/07/2015 01:07:09 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 0
 
Error: (03/07/2015 01:07:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000006
Fault offset: 0x000000000002679f
Faulting process id: 0x1108
Faulting application start time: 0xsvchost.exe_WinDefend0
Faulting application path: svchost.exe_WinDefend1
Faulting module path: svchost.exe_WinDefend2
Report Id: svchost.exe_WinDefend3
 
Error: (03/07/2015 09:27:56 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAADiag.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program PSUAService because of this error.
 
Program: PSUAService
File: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAADiag.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (03/07/2015 09:27:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSUAService.exe, version: 4.0.0.636, time stamp: 0x543fc4cc
Faulting module name: PSUAADiag.dll, version: 4.0.0.1007, time stamp: 0x543fc3b3
Exception code: 0xc0000006
Fault offset: 0x0000bf50
Faulting process id: 0x5f0
Faulting application start time: 0xPSUAService.exe0
Faulting application path: PSUAService.exe1
Faulting module path: PSUAService.exe2
Report Id: PSUAService.exe3
 
Error: (03/07/2015 09:27:56 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44C31D325966583111D3AF4391E098086C66DEFA.bin.VE0 for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44C31D325966583111D3AF4391E098086C66DEFA.bin.VE0
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
 
System errors:
=============
Error: (03/08/2015 09:38:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (03/08/2015 09:26:39 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (03/08/2015 09:26:39 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (03/08/2015 08:34:29 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (03/08/2015 07:13:10 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (03/08/2015 05:34:14 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (03/08/2015 02:34:00 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (03/08/2015 00:33:47 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (03/08/2015 00:05:53 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (03/08/2015 00:00:49 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
 
Microsoft Office Sessions:
=========================
Error: (12/12/2013 02:59:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 781439 seconds with 1500 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-04 01:19:51.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-04 01:19:51.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-04 01:19:51.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-04 01:19:51.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-04 01:19:51.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-04 01:19:51.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-29 23:41:39.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-29 23:41:39.721
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-29 23:41:39.714
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-29 23:41:39.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 58%
Total physical RAM: 4009.55 MB
Available physical RAM: 1661.86 MB
Total Pagefile: 8017.28 MB
Available Pagefile: 5357.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:263.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A33B6C03)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29 KB) - (Type=00)
 
==================== End Of Log ============================


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:07 AM

Posted 08 March 2015 - 07:01 AM

Hi Joana


Step 1
Please make sure that Windows Defender is disabled.
It should have been disabled by Panda when it installed.
The 2 may conflict with each other.
  • Click Start >> Programs >> Windows Defender or launch from the system tray icon.
  • Click on Tools & Settings >> Options.
  • Under Real-time protection options, uncheck the "Real-time protection" check box.
  • Click Save.
  • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Joanna\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


Step 3
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool
  • Please post the contents of that logfile with your next reply.
In your next reply, please submit:
Fixlog.txt
AdwCleaner.txt


Thanks.

Attached Files


Edited by Starbuck, 08 March 2015 - 07:04 AM.

BBPP6nz.png


#5 JoanaV

JoanaV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 09 March 2015 - 05:02 AM

Thank you so much for the quick response and help. Here is the first log file 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 03
Ran by Joanna at 2015-03-08 20:45:32 Run:1
Running from C:\Users\Joanna\Downloads
Loaded Profiles: Joanna (Available profiles: Joanna)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
SSODL: EldosMountNotificator-cbfs5 - {EC1AF51C-B71C-46AD-8474-10CBE77EBFAD} -  No File
SSODL-x32: EldosMountNotificator-cbfs5 - {EC1AF51C-B71C-46AD-8474-10CBE77EBFAD} -  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {27E14B49-557F-4FE4-BA5E-93EAE1FF230D} =>  No File
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {27E14B49-557F-4FE4-BA5E-93EAE1FF230D} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> 9972D3AF9C4841C4AA718B96CAFC8990 URL = http://search.babylon.com/?q={searchTerms}&affID=117065&tt=0213_3&babsrc=SP_ss&mntrId=6ef4c22b000000000000e8039a91d713
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> {1F05F07A-84CC-4929-BB4D-6B9E1412F683} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQJCZ1QOC&i=26
SearchScopes: HKU\S-1-5-21-2980891087-1085619845-2753008346-1000 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
FF HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 GLOBUL Connection Manager. RunOuc; C:\Program Files (x86)\GLOBUL Connection Manager\UpdateDog\ouc.exe [X]
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S1 cbfs5; \??\C:\Windows\system32\drivers\cbfs5.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
Task: {B70F604D-B896-4562-9A90-2501D670ACF1} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:
*****************
 
[1832] C:\Windows\System32\mfevtps.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\EldosMountNotificator-cbfs5 => value deleted successfully.
HKLM\Software\Classes\CLSID\{EC1AF51C-B71C-46AD-8474-10CBE77EBFAD} => Key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\EldosMountNotificator-cbfs5 => value deleted successfully.
HKLM\Software\Wow6432Node\Classes\CLSID\{EC1AF51C-B71C-46AD-8474-10CBE77EBFAD} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EldosIconOverlay-cbfs5" => Key deleted successfully.
HKCR\CLSID\{27E14B49-557F-4FE4-BA5E-93EAE1FF230D} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EldosIconOverlay-cbfs5" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{27E14B49-557F-4FE4-BA5E-93EAE1FF230D} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found. 
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\9972D3AF9C4841C4AA718B96CAFC8990" => Key deleted successfully.
HKCR\CLSID\9972D3AF9C4841C4AA718B96CAFC8990 => Key not found. 
"HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F05F07A-84CC-4929-BB4D-6B9E1412F683}" => Key deleted successfully.
HKCR\CLSID\{1F05F07A-84CC-4929-BB4D-6B9E1412F683} => Key not found. 
"HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found. 
"HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" => Key deleted successfully.
HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => Key not found. 
"HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}" => Key deleted successfully.
HKCR\CLSID\{E88E0043-C9D4-4e33-8555-FEE4F5B63060} => Key not found. 
"HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin" => Key deleted successfully.
HKU\S-1-5-21-2980891087-1085619845-2753008346-1000\Software\Mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df} => value deleted successfully.
mfevtp => Unable to stop service
mfevtp => Service deleted successfully.
GLOBUL Connection Manager. RunOuc => Service deleted successfully.
mfeapfk => Service deleted successfully.
mfehidk => Unable to stop service
mfehidk => Service deleted successfully.
mfewfpk => Unable to stop service
mfewfpk => Service deleted successfully.
cbfs5 => Service deleted successfully.
ew_hwusbdev => Service deleted successfully.
ew_usbenumfilter => Service deleted successfully.
huawei_cdcacm => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
huawei_ext_ctrl => Service deleted successfully.
huawei_wwanecm => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B70F604D-B896-4562-9A90-2501D670ACF1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B70F604D-B896-4562-9A90-2501D670ACF1}" => Key deleted successfully.
C:\Windows\System32\Tasks\BrowserProtect => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect" => Key deleted successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 570.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:46:38 ====
 
 
When I downloaded ADwCleaner and I ran it as administrator and then hit Scan, it did not give me the option to choose what to scan and it only scanned for a few minutes
Here is the log
# AdwCleaner v4.111 - Logfile created 08/03/2015 at 22:22:39
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Joanna - JOANNA-PC
# Running from : C:\Users\Joanna\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Vaudix
Folder Found : C:\Program Files (x86)\Vaudix
Folder Found : C:\Program Files (x86)\VaudiX
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaudix
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaudix
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VaudiX
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Vaudix
Folder Found : C:\ProgramData\Vaudix
Folder Found : C:\ProgramData\VaudiX
Folder Found : C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
 
***** [ Scheduled tasks ] *****
 
Task Found : RDReminder
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\5d5388dde73eee13
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dll-files.com
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\dll-files.com
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\PIP
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\5d5388dde73eee13
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\dll-files.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\SP Global
Key Found : HKLM\SOFTWARE\SProtector
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Web Assistant
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vaudix
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VaudiX
Key Found : [x64] HKLM\SOFTWARE\Web Assistant
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Google Chrome v31.0.1650.63
 
[C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3072253
[C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
*************************
 
AdwCleaner[R1].txt - [5087 bytes] - [08/03/2015 22:17:26]
AdwCleaner[R2].txt - [4956 bytes] - [08/03/2015 22:22:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [5015 bytes] ##########
 
How can I get it to scan the whole system?
Thanks again guys! You are legends!

 



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:07 AM

Posted 09 March 2015 - 12:14 PM

Hi Joana
 

it did not give me the option to choose what to scan and it only scanned for a few minutes
How can I get it to scan the whole system?

AdwCleaner is a specific type of scanner, which targets specific things.
There are no scan options...... the scan ran fine.

Let's remove what it found and then check for any leftovers.

Step 1
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool again.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts. ( Anti Virus. Anti Malware etc )
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
In your next reply, please submit:
AdwCleaner.txt
JRT.txt

also let me know if any improvement in the system.


Thanks.

Edited by Starbuck, 09 March 2015 - 12:15 PM.

BBPP6nz.png


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:07 AM

Posted 12 March 2015 - 03:49 PM

Hi Joana

As you are a Panda user, I wanted to give you this warning:

An update to a number of Panda antivirus programs Wednesday mistakenly flagged core files as malware, putting them in quarantine. In doing so, the antivirus system ceased working.
First reported by The Register, machines are left unstable, or unable to access the Internet.

Panda's free antivirus, retail 2015 service, and its enterprise cloud-based antimalware service are all affected. It's not clear how many machines are affected.

The company took to Twitter to warn users: "Please, Don't reboot PCs. We'll keep you posted."

Panda antivirus mistakenly flags itself as malware, bricks PCs

BBPP6nz.png


#8 JoanaV

JoanaV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 13 March 2015 - 06:21 AM

Hello!
A few days ago I uninstalled Panda and decided to stay with Windows defender. After performing the actions you mentioned, I can feel a noticeable improvement in my laptop's speed and performance. Thank you so much. I am still a bit concerned as everytime I scan the Windows folder, the scan gets stuck at the Assembly folder (Native Images). What on earth is in that folder?
here are the files you requested.

 

# AdwCleaner v4.112 - Logfile created 13/03/2015 at 11:04:38
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Joanna - JOANNA-PC
# Running from : C:\Users\Joanna\Downloads\adwcleaner_4.112.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Joanna\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Google Chrome v31.0.1650.63
 
[C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3072253
 
*************************
 
AdwCleaner[R5].txt - [1545 bytes] - [13/03/2015 11:03:08]
AdwCleaner[S2].txt - [1484 bytes] - [13/03/2015 11:04:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1543  bytes] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Joanna on 13/03/2015 at 11:10:33.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\PANDA SECURITY TOOLBAR UNINST-03387573.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\cloud software ltd"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/03/2015 at 11:17:02.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Thanks again!


#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:07 AM

Posted 13 March 2015 - 12:38 PM

Hi Joana

A few days ago I uninstalled Panda

A well timed decision to remove Panda :)

decided to stay with Windows defender

Windows Defender on it's own won't give you much security.
You'll need an Anti Virus as well.

I changed over 10 antivirus programs as no one could remove the virus.

Basically what you had wasn't a virus at all.... it was Adware (Potentially Unwanted Program)
By default most Anti Virus protectors won't detect Adware...... but usually there is an option in the settings to turn on detection.
I will try and explain why AV's don't normally detect PUP's.
(Potentially Unwanted Program) An application that is installed along with the desired 'free' application the user actually asked for. Also called a "barnacle," in most cases, the PUP is spyware, adware or some other unwanted software.
However, what makes spyware or adware a PUP rather than pure malware is the fact that the end user license agreement (EULA) does inform the user that this additional program is being installed. Considering hardly anyone ever reads the license agreement, the distinction is a subtle one.
So the reason for the non detection is that normally you installed the software yourself, after being informed it was going to be installed.
Always read any install pages and options when installing any software and untick any addition third party software install.

Whenever I try to open the NativeImages or Catroot folders, it freezes and won't let me continue.

I'm not sure why you would want to open those folders.
Native Images are part of the .Net framework – a native service of the Microsoft operating systems.
In short, Native Images are files containing compiled processor-specific machine code, and installs them into the native image cache on the local computer.
The Catroot folders are linked to your windows updates.
Both are best left alone.

I can feel a noticeable improvement in my laptop's speed and performance.

That's good :)

I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • If asked, allow the activex control to install
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.
Or you can use either Firefox or Chrome which almost certainly will be 32bit versions.... but you will need to install the Eset Smart installer.


Please post the Eset Scan report.

Thanks

BBPP6nz.png


#10 JoanaV

JoanaV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 13 March 2015 - 01:06 PM

Thank you so much for taking the time to resolve my issues. My laptop is faster than when I bought it haha!

I will run the online scan tonight and post the log file.

Once again, thank you so much you saved me time, money and a lot of nerves. 

Which antivirus program would you recommend personally?



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:07 AM

Posted 13 March 2015 - 06:20 PM

Hi Joana
 

thank you so much you saved me time, money and a lot of nerves.

It's no problem at all, just glad I can help.
 

Which antivirus program would you recommend personally?

On my 4 systems I run either:
ESET NOD32
or
Emsisoft Anti-Malware

Both of these will give you a 30 day free trial, so you can try before you buy.
Don't forget to only have one installed at any one time.... or they will conflict.
If you can stretch to a paid for AV... you will get a much better program.

That is not to say that there aren't some good 'free' AV programs to be had:
Bitdefender Free
MS Security Essentials
Avira AntiVir

The choice is yours.
 

I will run the online scan tonight and post the log file

Thanks.
I'll be out tomorrow evening, but will reply if you post before then.

Edited by Starbuck, 13 March 2015 - 06:22 PM.

BBPP6nz.png


#12 JoanaV

JoanaV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 15 March 2015 - 05:04 AM

Hey, sorry everytime I try to scan it, my laptop crashes and will not turn on for ages. I think Im going to reinstall it tomorrow



#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:07 AM

Posted 15 March 2015 - 05:45 PM

Hi Joana

I think Im going to reinstall it tomorrow

Sometimes this is the best option.
A clean slate should work wonders for a system with niggling problems.
Obviously it's your decision and I'll respect what you decide to do.

BBPP6nz.png


#14 JoanaV

JoanaV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 16 March 2015 - 04:12 AM

I've had this device for 3 years and I have never reinstalled it. Also, I only have disc C (I know wtf), so will I be able to split it into D and E once I reinstall it?
Thank you, have a great day!



#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:07 AM

Posted 16 March 2015 - 01:35 PM

Hi Joana

I only have disc C (I know wtf), so will I be able to split it into D and E once I reinstall it?

If I'm understanding you correctly.....
When you run the installation disc, Windows will create the C drive by default.
This is the default destination for the Windows Operating system.
Once the Operating system has been installed, you can use Windows to partition the hard drive into other partitions.
D and E if you want.
There are different types of reinstall...... this may help:
How to Reinstall Windows 7

Just remember that once Windows has been reinstalled.... all of your windows updates will have gone as well.
So you will need to get all the updates plus SP1 again ( if it's not on your installation disc)

This will explain how to add other partitions if you decide to do that:
How to Manage Partitions in Windows 7

Feel free to post back if you require any further help with this.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users