Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ColorMedia.dll connected to the internet but can't get online...


  • This topic is locked This topic is locked
25 replies to this topic

#1 hunters123

hunters123

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 26 March 2015 - 10:49 AM

Hello, I have a Windows 7 Home 64 bit Dell that is connected to the internet, but can't get online.  I've run ccleaner, Malwarebytes, MSE, Fkill, tdsskiller and combofix and nothing has solved the issue.  Can any kind person here give me any suggestions please?  I thank you VERY much.

 

PS.  After trying a system restore, it always fails with "failed while deleting the following file/directory...c:/Windows/syswow64/colormedia.dll"  0xc0003005.

 

PSS.  Upon startup, I get a lot of "bad image" errors with colormedia.dll in the error message....Toaster.exe, DSUpd.exe, TWC.win7.exe, All bad image.....



BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:27 PM

Posted 26 March 2015 - 10:52 AM

Hello and welcome..
For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

WIN7.. Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hunters123

hunters123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 26 March 2015 - 11:04 AM

Thanks for your quick reply!  I had already check the proxy settings and that is unchecked and Automatically detect settings is checked.  Running the winsockfix.bat didn't solve it either.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:27 PM

Posted 26 March 2015 - 11:18 AM

Ok then we need to see your ComboFix log in a new topic.
Post the new topic here.

Virus, Trojan, Spyware, and Malware Removal Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 hunters123

hunters123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 26 March 2015 - 11:27 AM

Ok thanks, sorry for posting in the wrong forum.  I need to post the FRST log first right?  Or just go ahead with the ComboFix log?  I don't want to not follow the rules...



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:27 AM

Posted 26 March 2015 - 11:29 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 hunters123

hunters123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 26 March 2015 - 11:40 AM

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by DWAYNE (administrator) on DWAYNE-PC on 26-03-2015 11:35:50
Running from C:\Users\DWAYNE\Desktop\cleaner
Loaded Profiles: DWAYNE (Available profiles: DWAYNE & BEQ)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\Run: [GoogleChromeAutoLaunch_92BF795A6B17D84362A93E38C78E6BE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48128 2015-02-24] ()
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\BEQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
SearchScopes: HKLM -> {056DE163-7825-4BC9-B9D2-52E0C9B53008} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {E417590F-C8FC-4854-971A-5F83A53F3AB9} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-25] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-25] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-25] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: WSWSVCUchrome - No CLSID Value
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332608] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332608] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332608] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332608] ()
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [332608] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378544] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378544] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378544] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378544] ()
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [378544] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\DWAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\j2ws09d9.default-1422134654309
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Binkiland
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-13] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-13] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-13] (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-04-19] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\DWAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\j2ws09d9.default-1422134654309\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-02-13]
FF Extension: GMarks - C:\Users\DWAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\j2ws09d9.default-1422134654309\Extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}.xpi [2015-02-14]
FF Extension: Video DownloadHelper - C:\Users\DWAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\j2ws09d9.default-1422134654309\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-02]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06]
FF HKLM-x32\...\Firefox\Extensions: [flvto@hotger.com] - C:\Users\DWAYNE\AppData\Local\Flvto Plugin for Firefox\flvto_1.7.0.xpi
FF Extension: No Name - C:\Users\DWAYNE\AppData\Local\Flvto Plugin for Firefox\flvto_1.7.0.xpi [2013-10-01]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-11-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-03]
FF HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\Firefox\Extensions: [flvto@hotger.com] - C:\Users\DWAYNE\AppData\Local\Flvto Plugin for Firefox\flvto_1.7.0.xpi
FF HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.bing.com/?pc=conduit&ptag=A477141CA2B3149FD85F&form=CONORG&conlogo=CT3210127&ShowAppsUI=1
CHR StartupUrls: Default -> "hxxp://www.bing.com/?pc=conduit&ptag=A477141CA2B3149FD85F&form=CONORG&conlogo=CT3210127&ShowAppsUI=1", "hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPF0B9CFC8-4CE0-4141-BD99-27BD2C6817D5&SSPV=", "hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP315F9736-9912-4011-989F-B057C0464C99&SSPV=", "hxxp://www.trovi.com/?gd=&ctid=CT3329908&octid=EB_ORIGINAL_CTID&ISID=M584F4F5C-AE4B-4531-A166-16836D8B99F5&SearchSource=55&CUI=&UM=2&UP=SPC13FF20F-CFA7-4934-AC6B-91E5AEAD455B&SSPV=", "hxxp://binkiland.com/?f=7&a=bnk_dwndlm_15_07&cd=2XzuyEtN2Y1L1QzuyBzztB0B0C0BzytBtB0CtCtCtD0C0AyEtN0D0Tzu0StCtCtBzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StBzyzyyEyBtB0F0DtG0CyCyEtCtG0FyByCtCtGyCzztAtBtGtDzy0CyByE0AyC0ByE0DyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyBtDyD0CzzyDtGyD0E0DtBtGyEyE0F0AtG0AtAyEyCtG0B0B0DyD0C0B0C0C0F0CtBtB2Q&cr=967283735&ir="
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U31) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll No File
CHR Profile: C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-11]
CHR Extension: (YouTube) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-10]
CHR Extension: (Adblock Plus) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-14]
CHR Extension: (Google Search) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-10]
CHR Extension: (Google Wallet) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 VhdAttach; C:\Program Files\Josip Medved\VHD Attach\VhdAttachService.exe [276936 2014-04-07] (Josip Medved)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-04] () [File not signed] <==== ATTENTION
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-04] () [File not signed] <==== ATTENTION
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2013-08-04] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-08-04] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-08-04] (Kaspersky Lab)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-09-13] ()
S3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [124176 2012-11-30] (High Criteria inc.)
U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [35064 2015-02-10] ()
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 11:28 - 2015-03-26 11:35 - 00000000 ____D () C:\FRST
2015-03-26 09:11 - 2015-03-26 09:11 - 00029056 _____ () C:\ComboFix.txt
2015-03-25 20:50 - 2015-03-25 20:50 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-25 10:44 - 2015-03-26 11:35 - 00000000 ____D () C:\Users\DWAYNE\Desktop\cleaner
2015-03-09 11:47 - 2015-03-09 11:47 - 00000000 __SHD () C:\Users\BEQ\AppData\Local\EmieUserList
2015-03-09 11:47 - 2015-03-09 11:47 - 00000000 __SHD () C:\Users\BEQ\AppData\Local\EmieSiteList
2015-03-09 11:47 - 2015-03-09 11:47 - 00000000 __SHD () C:\Users\BEQ\AppData\Local\EmieBrowserModeList
2015-03-08 21:27 - 2015-03-22 17:18 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\Shauna & Baby Amaka 3.7.2015
2015-03-06 01:43 - 2015-03-06 01:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-04 14:22 - 2015-03-09 00:22 - 00000000 ____D () C:\Users\DWAYNE\Desktop\Jalanei
2015-02-28 05:43 - 2015-02-28 05:48 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Sharknado 2 The Second One (2014) [1080p]
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 11:31 - 2009-07-14 00:10 - 01453885 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 11:25 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 11:09 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 11:09 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 11:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-26 11:01 - 2011-04-07 23:02 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-26 11:01 - 2010-11-13 00:09 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-03-26 11:00 - 2015-02-13 20:31 - 00004023 _____ () C:\Windows\setupact.log
2015-03-26 11:00 - 2009-07-14 00:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 11:00 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 09:39 - 2011-04-07 23:16 - 00000000 ____D () C:\ProgramData\Sonic
2015-03-26 09:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-26 09:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-03-26 09:18 - 2015-02-10 18:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 09:11 - 2013-11-27 17:46 - 00000000 ____D () C:\Qoobox
2015-03-26 09:06 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-26 09:04 - 2015-02-14 10:28 - 00455116 _____ () C:\Windows\PFRO.log
2015-03-25 21:00 - 2013-11-11 21:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-25 09:59 - 2010-11-13 00:09 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\Apps\2.0
2015-03-25 00:13 - 2013-12-30 23:49 - 00000000 ____D () C:\Program Files (x86)\Alien Stars
2015-03-24 10:05 - 2014-10-22 07:19 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\CrashDumps
2015-03-22 23:00 - 2013-11-12 20:56 - 00000000 ____D () C:\Users\DWAYNE\AppData\Roaming\uTorrent
2015-03-22 20:45 - 2014-02-02 02:21 - 00000000 ____D () C:\Users\DWAYNE\Documents\Outlook Files
2015-03-22 20:44 - 2014-02-02 02:25 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\57545CD5-18A5-4F8C-934F-9B82A1B2AE5F.aplzod
2015-03-22 17:15 - 2014-11-16 16:42 - 00000000 ____D () C:\Users\DWAYNE\Desktop\Old Skool Family!
2015-03-22 17:10 - 2015-02-14 03:07 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\Flvto Youtube Downloader
2015-03-22 16:58 - 2010-11-13 00:04 - 00000000 ____D () C:\Users\DWAYNE
2015-03-22 15:56 - 2015-01-31 21:08 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\Herman High's Going Home Celebration 1.28.2015
2015-03-22 15:56 - 2015-01-27 01:00 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Unbroken.2014.DVDSCR.XviD.AC3-EVO
2015-03-22 15:56 - 2014-11-16 01:22 - 00000000 ____D () C:\Users\DWAYNE\Downloads\The.Last.Exorcism.Part.II.2013.UNRATED.BRRip.XviD-3LT0N
2015-03-22 15:56 - 2014-11-15 20:42 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Kill Them Softly (2012) [1080p]
2015-03-22 15:56 - 2014-01-28 12:31 - 00000000 ____D () C:\Users\BEQ
2015-03-22 15:56 - 2014-01-17 20:51 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Captain Phillips (2013) DVDRip XviD-MAXSPEED
2015-03-22 15:56 - 2013-12-19 02:08 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Elysium 2013 1080p BRRip x264 AC3-JYK
2015-03-22 15:56 - 2013-12-19 02:05 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Elysium 2013 720p BRRIP  x264 AAC KiNGDOM
2015-03-22 15:56 - 2013-11-15 02:11 - 00000000 ____D () C:\Users\DWAYNE\Desktop\Trash
2015-03-22 15:56 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-22 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-22 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-22 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-22 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-22 15:55 - 2014-01-18 17:51 - 00000000 ____D () C:\Users\DWAYNE\AppData\Roaming\Audacity
2015-03-22 15:55 - 2013-12-06 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-22 15:55 - 2013-11-21 02:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
2015-03-22 15:55 - 2013-11-20 16:38 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2015-03-22 15:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-22 15:53 - 2014-01-28 12:55 - 00000000 ____D () C:\Users\BEQ\AppData\Local\Google
2015-03-22 15:53 - 2013-11-20 15:40 - 00000000 ____D () C:\Users\DWAYNE\AppData\Roaming\Skype
2015-03-22 12:42 - 2014-10-14 01:12 - 00000000 ____D () C:\Users\DWAYNE\Desktop\Jessica
2015-03-21 18:09 - 2014-10-22 20:52 - 00000000 ____D () C:\Users\DWAYNE\Desktop\folder
2015-03-11 02:10 - 2014-08-17 01:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 17:09 - 2013-11-14 21:33 - 00000000 ____D () C:\Users\DWAYNE\dwhelper
2015-03-10 12:30 - 2014-08-08 17:05 - 00000000 ____D () C:\Users\DWAYNE\Desktop\E-FAM Meeting 8.1.2014
2015-03-07 20:32 - 2015-02-16 02:11 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F02EF1C-EE84-4DB7-B84B-8E51D07EB1ED}
2015-03-07 20:24 - 2015-02-10 10:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 13:52 - 2013-12-16 06:01 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\iLivid
2015-03-05 01:09 - 2014-05-01 23:29 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\JESS
2015-03-04 21:40 - 2013-11-13 06:12 - 00000000 ____D () C:\Users\DWAYNE\AppData\Roaming\vlc
2015-03-04 18:07 - 2013-12-04 01:32 - 00037344 _____ () C:\Windows\system32\lvcoinst.log
2015-03-04 17:54 - 2013-11-21 02:11 - 00001859 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2015-03-04 17:53 - 2013-11-21 02:11 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2015-03-03 08:17 - 2014-08-19 13:39 - 00295552 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-26 01:27 - 2013-11-11 20:35 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\Print Screens
2015-02-24 16:37 - 2014-11-14 02:50 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\DAA
2015-02-24 16:23 - 2014-08-07 13:03 - 00000000 ____D () C:\Users\DWAYNE\Desktop\New
2015-02-24 06:51 - 2014-11-17 13:16 - 00000000 ____D () C:\Users\DWAYNE\Desktop\vault
 
==================== Files in the root of some directories =======
 
2013-12-29 00:09 - 2013-12-29 00:09 - 0024222 _____ () C:\Users\DWAYNE\AppData\Roaming\UserTile.png
2013-12-19 01:56 - 2015-01-12 02:07 - 0000189 _____ () C:\Users\DWAYNE\AppData\Roaming\WB.CFG
2015-02-03 03:35 - 2015-02-03 03:35 - 0000088 _____ () C:\Users\DWAYNE\AppData\Local\35cae5923814e470c74d7ab1f2195f82
2013-12-13 21:35 - 2015-02-20 14:52 - 0014336 _____ () C:\Users\DWAYNE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-10 01:07 - 2015-01-10 01:07 - 0000010 _____ () C:\Users\DWAYNE\AppData\Local\DSI.DAT
2014-01-14 03:39 - 2014-01-14 03:39 - 0007597 _____ () C:\Users\DWAYNE\AppData\Local\Resmon.ResmonCfg
2014-05-13 23:42 - 2014-09-09 22:52 - 0000630 _____ () C:\ProgramData\DEFRAG_HISTORY.xml
2013-11-17 12:54 - 2013-11-17 20:25 - 0001127 _____ () C:\ProgramData\hpzinstall.log
2014-10-27 15:17 - 2014-10-27 15:18 - 0039606 _____ () C:\ProgramData\SMRResults430.dat
2014-05-15 19:29 - 2014-07-18 00:17 - 0000455 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
 
Files to move or delete:
====================
C:\ProgramData\SMRResults430.dat
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\avchv.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-16 11:06
 
==================== End Of Log ============================
 
 
Addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by DWAYNE at 2015-03-26 11:36:53
Running from C:\Users\DWAYNE\Desktop\cleaner
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
77zip (HKLM-x32\...\77zip) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM-x32\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - http://www.adobe.com)
Alien Shooter (HKLM-x32\...\Alien Shooter) (Version: 32.0.0.0 - Shockwave.com)
Alien Stars (HKLM-x32\...\BFG-Alien Stars) (Version:  - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 10 v.10.0.10 (HKLM-x32\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
Best Buy pc app (HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\48e4cff94f039634) (Version: 3.1.0.0 - Best Buy)
Best Buy pc app (Version: 3.1.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.0.0 - Best Buy) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.7 - )
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Birds on a Wire (HKLM-x32\...\Birds on a Wire_is1) (Version:  - GameFools)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{D6E46FC2-B513-4B7D-8C8C-352F4735C541}) (Version: 12.54.02 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Butterfly Escape (HKLM-x32\...\BFG-Butterfly Escape) (Version:  - )
C4600 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Chicken Invaders - Cluck of the Dark Side (HKLM-x32\...\Chicken Invaders - Cluck of the Dark Side_is1) (Version:  - GameFools)
Chicken Invaders 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version:  - Oberon Media)
Chicken Invaders 4: Ultimate Omelette (HKLM-x32\...\BFG-Chicken Invaders 4 - Ultimate Omelette) (Version:  - )
Chicken Rush (HKLM-x32\...\BFG-Chicken Rush) (Version:  - )
Cosmic Bugs (HKLM-x32\...\Cosmic Bugs_is1) (Version:  - GameFools)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth (HKLM-x32\...\{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}) (Version: 7.1.1.1580 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{1E1746EF-F5BF-4677-8F30-04FE399130DA}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCare Data Recovery 5.1 (HKLM-x32\...\iCare Data Recovery_is1) (Version:  - iCare Software)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iLivid (HKLM-x32\...\iLivid) (Version: 5.0.0.3958 - Bandoo Media Inc) <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.0.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech WebCam Driver (HKLM\...\Logitech WebCam Driver) (Version:  - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Luxor Evolved (HKLM-x32\...\BFG-Luxor Evolved) (Version:  - )
Luxor HD (HKLM-x32\...\BFG-Luxor HD) (Version:  - )
Luxor: 5th Passage (HKLM-x32\...\BFG-Luxor - 5th Passage) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Merriam-Webster 3.0 (HKLM-x32\...\{F3812D83-86D2-4445-A841-3E0BA4F9A11C}) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{46EA439E-2D16-49B6-AA80-00DE992FE7CE}) (Version: 7601 - Microsoft)
MixPad (HKLM-x32\...\MixPad) (Version: 3.54 - NCH Software)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}) (Version: 1.6.915.87 - Fitipower)
Multimedia Card Reader (x32 Version: 1.6.915.87 - Fitipower) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.7001 - ooVoo LLC.)
Photo Frames & Effects Free 1.0 (HKLM-x32\...\{CF12B794-A1EF-4211-B16F-0FB4E2FACCA6}_is1) (Version: 1.0 - Big Eagle Software KB)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PhoXo (HKLM-x32\...\PhoXo) (Version: 7.1.0.0 - PhoXo)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_05_C4600_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 5.12 - NCH Software)
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Ricochet Recharged (HKLM-x32\...\Ricochet Recharged_is1) (Version:  - GameFools)
Ricochet: Infinity (HKLM-x32\...\BFG-Ricochet - Infinity) (Version:  - )
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Star Defender 4 (HKLM-x32\...\Star Defender 4) (Version: 32.0.0.0 - Shockwave.com)
Star Defender II (HKLM-x32\...\BFG-Star Defender II) (Version:  - )
Star Defender III (HKLM-x32\...\BFG-Star Defender III) (Version:  - )
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Stoneloops! of Jurassica (HKLM-x32\...\BFG-Stoneloops! of Jurassica) (Version:  - )
Strike Ball 2 Deluxe (HKLM-x32\...\Strike Ball 2 Deluxe_is1) (Version:  - GameFools)
Strike Ball 3 (HKLM-x32\...\Strike Ball 3_is1) (Version:  - GameFools)
The Rise of Atlantis (HKLM-x32\...\The Rise of Atlantis_is1) (Version:  - GameFools)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Recorder 8.4 Standard Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Ulead PhotoImpact 10 SE (HKLM-x32\...\{5A065EA0-0EEC-4E94-A2A0-40812576C122}) (Version: 10.0 - Ulead System)
VHD Attach 3.90 (HKLM\...\JosipMedved_VhdAttach_is1) (Version: 3.90 - Josip Medved)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Wik and The Fable of Souls (HKLM-x32\...\BFG-Wik and The Fable of Souls) (Version:  - )
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
ZoneAlarm Antivirus (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\DWAYNE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\DWAYNE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\DWAYNE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\DWAYNE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DWAYNE\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
11-03-2015 01:57:08 Windows Update
14-03-2015 22:01:42 Windows Update
18-03-2015 13:12:54 Windows Update
19-03-2015 14:59:10 Restore Operation
25-03-2015 20:52:39 ComboFix created restore point
26-03-2015 09:28:27 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-03-26 09:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {024B334A-FA5A-45E2-80F5-D926825B2B4E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {0B4B8688-6EE4-4F09-A29A-CE7F1C948A91} - System32\Tasks\{A770135A-65C8-44FB-9449-C2120FDC079A} => pcalua.exe -a C:\Users\DWAYNE\Desktop\Matroska_Pack_Full_v1.1.2.exe -d C:\Users\DWAYNE\Desktop
Task: {0FAAAA54-7E6F-4D28-A303-744A1202FB50} - System32\Tasks\{FF8A8DEB-5553-4857-8705-110E94624BD5} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {2FB8CE23-7443-45C9-AFBF-EE23BF908BCF} - System32\Tasks\{4521DC65-507B-4A5C-95FC-89FEC23A18AB} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {38CD071B-E006-4A56-A915-D9FB155573F9} - \WSE_Vosteran No Task File <==== ATTENTION
Task: {3A1DE7E2-DD29-43FD-B4C2-F782DC700604} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {407A1373-0F82-41EC-A537-94D6EDCD3847} - System32\Tasks\{53BD0D2A-DD2B-4AD1-806B-F43E96498DCC} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {46C57410-1C13-4F15-963A-886CC5E404A7} - System32\Tasks\{A7D5D420-3504-42CD-A5A5-79C699347784} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {4C18FCAC-3827-401A-93C3-305DAF91652F} - System32\Tasks\{625446AD-71CB-4F47-B78E-867DE4296348} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {4E159951-617D-46AA-979C-2713078BDF29} - System32\Tasks\{20489823-7E56-45EF-958C-3A4F0DE32327} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {689DCB58-41F1-4AA2-8A94-819A03FB63AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11] (Google Inc.)
Task: {6D779BE4-3448-40D0-A1D4-A1AFE85C17A3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2005116030-2370162056-1101638710-1000UA => C:\Users\DWAYNE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-12] (Facebook Inc.)
Task: {9043664F-A28D-4EB6-A949-A9F2C077BD78} - System32\Tasks\{F74E2FFA-96A9-4D08-BDCD-E31F58C86063} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {9E12E40A-AD58-4F18-826E-85B76C48A5F4} - System32\Tasks\{B4282214-1CCF-4544-A79F-AB99B4E4B27F} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {A0595851-C2C3-40A8-A786-197B92EB3BDD} - System32\Tasks\{9C89993A-F4D5-4019-8D3E-B53FEC80A344} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {B420B954-4D64-44F3-AADA-27C80122DB38} - \LuckyTab No Task File <==== ATTENTION
Task: {B62B7E47-FFDA-49E4-8AE6-BE5D6809550D} - System32\Tasks\{258B1A80-BEA0-4154-B941-F284B169E81E} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {B7EB1E64-914B-4D08-8955-EC748E3E9A8A} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {C03D2325-0A6F-4B81-935A-9D62B1AE7820} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2005116030-2370162056-1101638710-1000Core => C:\Users\DWAYNE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-12] (Facebook Inc.)
Task: {C0C4CA88-D0B0-4F5B-A305-82A41960C856} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-13] (Adobe Systems Incorporated)
Task: {C1BBF16F-73A6-40C8-88F5-A22C7872A550} - System32\Tasks\{17E3F14B-C1CE-47E6-A95F-6A1B92A4A592} => P:\RunSanDiskSecureAccess_Win.exe
Task: {C1D716B9-420E-466B-A5BD-F909A0705748} - System32\Tasks\{E11245BE-1A35-4711-ADEC-0CDE36B0F0CC} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {C484CBCC-B39B-4F67-9E27-8A26DDFDF7E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11] (Google Inc.)
Task: {C50A566E-B734-4585-BB03-594A6A6EE3EB} - System32\Tasks\{88B0DD43-2C45-47E7-A84C-56A7EBA99590} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {C586E56B-52FE-456A-B898-4B17B9241D95} - System32\Tasks\{A4A37D9A-85C3-46D6-9374-A60FA72A049B} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {CA8DAC1D-0A72-40C5-B905-285E879C982C} - System32\Tasks\OTRIG => C:\ProgramData\e1b027fcd3704bff937400ada3efac5d\e1b027fcd3704bff937400ada3efac5d.exe
Task: {E05B08D5-F53A-46FC-B718-8EA75EF0BE0D} - System32\Tasks\{FA18D6D8-61AB-4204-866C-0EDF2E3432CC} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: {F386D404-8AA1-4668-8CE1-EF4CE9092808} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {F3E41E75-9FC6-4BA3-9A7E-5151A77B4ED7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F65CF10D-00E3-46D3-B96E-331B31CA2242} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-08-05] ()
Task: {FA43CD3E-94B7-49F7-AE0E-900719CADF0B} - System32\Tasks\UpdaterEX => C:\Users\DWAYNE\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {FD220CFF-1CC2-49C6-A432-DB13D9749A9A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe
Task: {FEEEE0AF-BF59-4817-95B8-1B0E8F24F900} - System32\Tasks\{26386321-AB5C-48EA-B661-D66ABB6D0620} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2015-02-24 09:36 - 2015-02-24 22:48 - 00048128 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
2015-02-24 09:36 - 2015-02-24 22:48 - 01158656 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
2015-02-24 09:36 - 2015-02-24 22:48 - 00260096 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
2015-02-24 09:36 - 2015-02-24 22:48 - 00109056 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
2011-04-07 23:03 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-03-09 12:41 - 2011-03-09 12:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2011-03-09 12:41 - 2011-03-09 12:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2010-03-05 10:24 - 2010-03-05 10:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2015-02-10 10:53 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-10 10:53 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-10 10:53 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:08993BCD
AlternateDataStreams: C:\ProgramData\TEMP:1EE5EBCB
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:47408F84
AlternateDataStreams: C:\ProgramData\TEMP:5D40B34A
AlternateDataStreams: C:\ProgramData\TEMP:60723CC0
AlternateDataStreams: C:\ProgramData\TEMP:6E897B76
AlternateDataStreams: C:\ProgramData\TEMP:7A632F57
AlternateDataStreams: C:\ProgramData\TEMP:8173A019
AlternateDataStreams: C:\ProgramData\TEMP:838FECBF
AlternateDataStreams: C:\ProgramData\TEMP:9812B773
AlternateDataStreams: C:\ProgramData\TEMP:9BAC8B7A
AlternateDataStreams: C:\ProgramData\TEMP:A18B7034
AlternateDataStreams: C:\ProgramData\TEMP:ACCEFF0E
AlternateDataStreams: C:\ProgramData\TEMP:B42826C8
AlternateDataStreams: C:\ProgramData\TEMP:C09E92DA
AlternateDataStreams: C:\ProgramData\TEMP:C48D4F24
AlternateDataStreams: C:\ProgramData\TEMP:E2295807
AlternateDataStreams: C:\Users\DWAYNE\Local Settings:init
AlternateDataStreams: C:\Users\DWAYNE\Downloads\vhdattach390.exe:BDU
AlternateDataStreams: C:\Users\DWAYNE\AppData\Local:init
AlternateDataStreams: C:\Users\DWAYNE\AppData\Local\Application Data:init
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DWAYNE\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^DWAYNE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: Dell Registration => C:\Program Files (x86)\System Registration\prodreg.exe /boot
MSCONFIG\startupreg: FAHConsole => C:\Program Files\File Association Helper\FAHConsole.exe
MSCONFIG\startupreg: Flvto Youtube Downloader => "C:\Users\DWAYNE\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.exe" /minimize
MSCONFIG\startupreg: GoogleChromeAutoLaunch_92BF795A6B17D84362A93E38C78E6BE4 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShwiconXP9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Ulead AutoDetector v2 => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2005116030-2370162056-1101638710-500 - Administrator - Disabled)
BEQ (S-1-5-21-2005116030-2370162056-1101638710-1003 - Limited - Enabled) => C:\Users\BEQ
DWAYNE (S-1-5-21-2005116030-2370162056-1101638710-1000 - Administrator - Enabled) => C:\Users\DWAYNE
Guest (S-1-5-21-2005116030-2370162056-1101638710-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/26/2015 11:01:02 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/26/2015 11:00:39 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (03/26/2015 09:38:32 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Restore Operation). Additional information: 0xc0003005.
 
Error: (03/26/2015 09:37:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/26/2015 09:36:42 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (03/26/2015 09:11:26 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (03/26/2015 09:05:42 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/26/2015 09:05:19 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (03/25/2015 09:11:25 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (03/25/2015 09:05:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
 
System errors:
=============
Error: (03/26/2015 11:31:48 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 113.70.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/26/2015 11:31:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.193.2942.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/26/2015 11:31:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.193.2942.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/26/2015 11:31:43 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.193.2942.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/26/2015 11:31:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147014790
 
Error: (03/26/2015 11:30:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147014790
 
Error: (03/26/2015 11:12:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 113.70.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/26/2015 11:12:15 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.193.2942.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/26/2015 11:12:15 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.193.2942.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/26/2015 11:12:13 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.193.2942.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
Error: (03/26/2015 11:01:02 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/26/2015 11:00:39 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (03/26/2015 09:38:32 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Restore Operation0xc0003005
 
Error: (03/26/2015 09:37:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/26/2015 09:36:42 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (03/26/2015 09:11:26 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (03/26/2015 09:05:42 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/26/2015 09:05:19 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (03/25/2015 09:11:25 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (03/25/2015 09:05:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-11 14:11:59.560
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-11 14:11:59.420
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-15 22:26:03.751
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Charity\Antivirus\avc3\avc3_sig_251\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-15 14:08:05.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Charity\Antivirus\avc3\avc3_sig_251\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-15 13:12:39.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Charity\Antivirus\avc3\avc3_sig_251\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-10 13:57:06.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Charity\Antivirus\avc3\avc3_sig_251\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-06 11:26:01.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Charity\Antivirus\avc3\avc3_sig_250\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 18:51:05.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Charity\Antivirus\avc3\avc3_sig_250\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 18:05:30.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Charity\Antivirus\avc3\avc3_sig_250\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-03 14:37:12.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Charity\Antivirus\avc3\avc3_sig_249\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 41%
Total physical RAM: 3895.12 MB
Available physical RAM: 2275.38 MB
Total Pagefile: 7788.42 MB
Available Pagefile: 6208.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:920.59 GB) (Free:95.23 GB) NTFS
Drive i: (UNTITLED) (Removable) (Total:3.82 GB) (Free:3.82 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 39D2059E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=920.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 3.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:27 AM

Posted 26 March 2015 - 11:45 AM

The thread will be moved to the malware forum. :)

 
warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via  hidden2.png > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Step 1

Please uninstall some programs:
  • Windows 7w7.png: Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall: iLivid
  • Reboot your computer.
Step 2
Scan with TDSStdsskiller.pngiller .
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules" & "use KSN to scan objects") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:27 PM

Posted 26 March 2015 - 11:46 AM

Moved to MRL forum.. Sent new link to OP..
Hi Jurgen

Edited by boopme, 26 March 2015 - 11:51 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 hunters123

hunters123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 26 March 2015 - 11:52 AM

iLivid had been previously uninstalled and just needed to be removed from the list.  Here is the TDSSKiller log:

 

AGain, thanks!!

 

 

11:47:12.0230 0x14ac  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:47:21.0885 0x14ac  ============================================================
11:47:21.0885 0x14ac  Current date / time: 2015/03/26 11:47:21.0885
11:47:21.0885 0x14ac  SystemInfo:
11:47:21.0885 0x14ac  
11:47:21.0885 0x14ac  OS Version: 6.1.7601 ServicePack: 1.0
11:47:21.0885 0x14ac  Product type: Workstation
11:47:21.0886 0x14ac  ComputerName: DWAYNE-PC
11:47:21.0886 0x14ac  UserName: DWAYNE
11:47:21.0886 0x14ac  Windows directory: C:\Windows
11:47:21.0886 0x14ac  System windows directory: C:\Windows
11:47:21.0887 0x14ac  Running under WOW64
11:47:21.0887 0x14ac  Processor architecture: Intel x64
11:47:21.0887 0x14ac  Number of processors: 4
11:47:21.0887 0x14ac  Page size: 0x1000
11:47:21.0887 0x14ac  Boot type: Normal boot
11:47:21.0887 0x14ac  ============================================================
11:47:24.0126 0x14ac  KLMD registered as C:\Windows\system32\drivers\22816996.sys
11:47:24.0602 0x14ac  System UUID: {D2B169B4-C49B-72D2-2581-9A76CCECA9C1}
11:47:25.0309 0x14ac  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:47:25.0334 0x14ac  ============================================================
11:47:25.0334 0x14ac  \Device\Harddisk0\DR0:
11:47:25.0334 0x14ac  MBR partitions:
11:47:25.0334 0x14ac  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x15C3000
11:47:25.0334 0x14ac  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15D7000, BlocksNum 0x7312F000
11:47:25.0334 0x14ac  ============================================================
11:47:25.0349 0x14ac  C: <-> \Device\Harddisk0\DR0\Partition2
11:47:25.0349 0x14ac  ============================================================
11:47:25.0349 0x14ac  Initialize success
11:47:25.0349 0x14ac  ============================================================
11:48:04.0058 0x065c  ============================================================
11:48:04.0058 0x065c  Scan started
11:48:04.0058 0x065c  Mode: Manual; SigCheck; TDLFS; 
11:48:04.0058 0x065c  ============================================================
11:48:04.0058 0x065c  KSN ping started
11:48:04.0092 0x065c  KSN ping finished: false
11:48:11.0137 0x065c  ================ Scan system memory ========================
11:48:11.0137 0x065c  System memory - ok
11:48:11.0138 0x065c  ================ Scan services =============================
11:48:11.0305 0x065c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:48:11.0448 0x065c  1394ohci - ok
11:48:11.0523 0x065c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:48:11.0562 0x065c  ACPI - ok
11:48:11.0608 0x065c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:48:11.0656 0x065c  AcpiPmi - ok
11:48:11.0804 0x065c  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:48:11.0866 0x065c  AdobeARMservice - ok
11:48:12.0078 0x065c  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:48:12.0104 0x065c  AdobeFlashPlayerUpdateSvc - ok
11:48:12.0184 0x065c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:48:12.0221 0x065c  adp94xx - ok
11:48:12.0239 0x065c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:48:12.0263 0x065c  adpahci - ok
11:48:12.0273 0x065c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:48:12.0294 0x065c  adpu320 - ok
11:48:12.0312 0x065c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:48:12.0355 0x065c  AeLookupSvc - ok
11:48:12.0435 0x065c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
11:48:12.0474 0x065c  AFD - ok
11:48:12.0521 0x065c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
11:48:12.0548 0x065c  agp440 - ok
11:48:12.0599 0x065c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
11:48:12.0638 0x065c  ALG - ok
11:48:12.0653 0x065c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:48:12.0670 0x065c  aliide - ok
11:48:12.0674 0x065c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:48:12.0691 0x065c  amdide - ok
11:48:12.0700 0x065c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:48:12.0722 0x065c  AmdK8 - ok
11:48:12.0734 0x065c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:48:12.0755 0x065c  AmdPPM - ok
11:48:12.0813 0x065c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:48:12.0847 0x065c  amdsata - ok
11:48:12.0901 0x065c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:48:12.0937 0x065c  amdsbs - ok
11:48:12.0952 0x065c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:48:12.0969 0x065c  amdxata - ok
11:48:13.0011 0x065c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
11:48:13.0069 0x065c  AppID - ok
11:48:13.0122 0x065c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:48:13.0188 0x065c  AppIDSvc - ok
11:48:13.0236 0x065c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
11:48:13.0271 0x065c  Appinfo - ok
11:48:13.0364 0x065c  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:48:13.0388 0x065c  Apple Mobile Device - ok
11:48:13.0444 0x065c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:48:13.0476 0x065c  arc - ok
11:48:13.0481 0x065c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:48:13.0499 0x065c  arcsas - ok
11:48:13.0673 0x065c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:48:13.0714 0x065c  aspnet_state - ok
11:48:13.0762 0x065c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:48:13.0819 0x065c  AsyncMac - ok
11:48:13.0827 0x065c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:48:13.0844 0x065c  atapi - ok
11:48:13.0869 0x065c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:48:13.0906 0x065c  AudioEndpointBuilder - ok
11:48:13.0927 0x065c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:48:13.0963 0x065c  AudioSrv - ok
11:48:14.0033 0x065c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:48:14.0078 0x065c  AxInstSV - ok
11:48:14.0097 0x065c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
11:48:14.0128 0x065c  b06bdrv - ok
11:48:14.0196 0x065c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:48:14.0235 0x065c  b57nd60a - ok
11:48:14.0267 0x065c  BAPIDRV - ok
11:48:14.0324 0x065c  [ 01A24B415926BB5F772DBE12459D97DE, 1FA2EEF283025D788051E6145DAEF26CB481F87F641156FC4D89B8DEE4B244A5 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:48:14.0366 0x065c  BBSvc - ok
11:48:14.0452 0x065c  [ 785DE7ABDA13309D6065305542829E76, 78F49A5349B66042836615EF99B4EB70FA708369D315D105513C04F33070D297 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:48:14.0495 0x065c  BBUpdate - ok
11:48:14.0514 0x065c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:48:14.0538 0x065c  BDESVC - ok
11:48:14.0546 0x065c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:48:14.0629 0x065c  Beep - ok
11:48:14.0700 0x065c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
11:48:14.0736 0x065c  BFE - ok
11:48:14.0814 0x065c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
11:48:14.0876 0x065c  BITS - ok
11:48:14.0884 0x065c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:48:14.0905 0x065c  blbdrive - ok
11:48:14.0986 0x065c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:48:15.0016 0x065c  Bonjour Service - ok
11:48:15.0037 0x065c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:48:15.0058 0x065c  bowser - ok
11:48:15.0076 0x065c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:48:15.0101 0x065c  BrFiltLo - ok
11:48:15.0109 0x065c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:48:15.0132 0x065c  BrFiltUp - ok
11:48:15.0187 0x065c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
11:48:15.0241 0x065c  BridgeMP - ok
11:48:15.0296 0x065c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
11:48:15.0338 0x065c  Browser - ok
11:48:15.0358 0x065c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:48:15.0385 0x065c  Brserid - ok
11:48:15.0398 0x065c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:48:15.0422 0x065c  BrSerWdm - ok
11:48:15.0431 0x065c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:48:15.0455 0x065c  BrUsbMdm - ok
11:48:15.0458 0x065c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:48:15.0479 0x065c  BrUsbSer - ok
11:48:15.0487 0x065c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:48:15.0512 0x065c  BTHMODEM - ok
11:48:15.0532 0x065c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
11:48:15.0576 0x065c  bthserv - ok
11:48:15.0753 0x065c  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
11:48:15.0797 0x065c  c2cautoupdatesvc - ok
11:48:15.0909 0x065c  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
11:48:15.0961 0x065c  c2cpnrsvc - ok
11:48:15.0963 0x065c  catchme - ok
11:48:15.0979 0x065c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:48:16.0022 0x065c  cdfs - ok
11:48:16.0082 0x065c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:48:16.0121 0x065c  cdrom - ok
11:48:16.0158 0x065c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:48:16.0203 0x065c  CertPropSvc - ok
11:48:16.0232 0x065c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:48:16.0257 0x065c  circlass - ok
11:48:16.0279 0x065c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
11:48:16.0302 0x065c  CLFS - ok
11:48:16.0359 0x065c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:48:16.0376 0x065c  clr_optimization_v2.0.50727_32 - ok
11:48:16.0425 0x065c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:48:16.0450 0x065c  clr_optimization_v2.0.50727_64 - ok
11:48:16.0562 0x065c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:48:16.0598 0x065c  clr_optimization_v4.0.30319_32 - ok
11:48:16.0666 0x065c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:48:16.0693 0x065c  clr_optimization_v4.0.30319_64 - ok
11:48:16.0748 0x065c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:48:16.0797 0x065c  CmBatt - ok
11:48:16.0844 0x065c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:48:16.0884 0x065c  cmdide - ok
11:48:16.0945 0x065c  [ 43338F791330F585B4C71FFBCC635FA3, 121247BE70CD9ECBB2841A5FE2143E74C6613E7539A20B4E38758123EEFF93CB ] cmwf            C:\Windows\system32\Drivers\cmwf.sys
11:48:16.0946 0x065c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cmwf.sys. md5: 43338F791330F585B4C71FFBCC635FA3, sha256: 121247BE70CD9ECBB2841A5FE2143E74C6613E7539A20B4E38758123EEFF93CB
11:48:16.0947 0x065c  cmwf - detected LockedFile.Multi.Generic ( 1 )
11:48:17.0027 0x065c  cmwf ( LockedFile.Multi.Generic ) - warning
11:48:17.0027 0x065c  Force sending object to P2P due to detect: cmwf
11:48:17.0080 0x065c  Object send P2P result: false
11:48:17.0150 0x065c  [ 66B3F13448EF456B70ED715F454A3037, A28780607053A0F9599A8DA536DD16E984CD238680A97939F1A7882E26472EF5 ] cmwr            C:\Windows\system32\Drivers\cmwr.sys
11:48:17.0151 0x065c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cmwr.sys. md5: 66B3F13448EF456B70ED715F454A3037, sha256: A28780607053A0F9599A8DA536DD16E984CD238680A97939F1A7882E26472EF5
11:48:17.0152 0x065c  cmwr - detected LockedFile.Multi.Generic ( 1 )
11:48:17.0152 0x065c  cmwr ( LockedFile.Multi.Generic ) - warning
11:48:17.0152 0x065c  Force sending object to P2P due to detect: cmwr
11:48:17.0154 0x065c  Object send P2P result: false
11:48:17.0220 0x065c  [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG             C:\Windows\system32\Drivers\cng.sys
11:48:17.0265 0x065c  CNG - ok
11:48:17.0322 0x065c  ColorMedia - ok
11:48:17.0336 0x065c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:48:17.0359 0x065c  Compbatt - ok
11:48:17.0414 0x065c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:48:17.0458 0x065c  CompositeBus - ok
11:48:17.0461 0x065c  COMSysApp - ok
11:48:17.0471 0x065c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:48:17.0488 0x065c  crcdisk - ok
11:48:17.0559 0x065c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:48:17.0595 0x065c  CryptSvc - ok
11:48:17.0660 0x065c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:48:17.0717 0x065c  DcomLaunch - ok
11:48:17.0740 0x065c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
11:48:17.0787 0x065c  defragsvc - ok
11:48:17.0841 0x065c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:48:17.0903 0x065c  DfsC - ok
11:48:17.0964 0x065c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:48:18.0010 0x065c  Dhcp - ok
11:48:18.0022 0x065c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
11:48:18.0063 0x065c  discache - ok
11:48:18.0073 0x065c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:48:18.0091 0x065c  Disk - ok
11:48:18.0155 0x065c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:48:18.0194 0x065c  Dnscache - ok
11:48:18.0304 0x065c  [ 0840ABBBDF438691EE65A20040635CBE, F83597ECECFADBA45242B683A19A01ADF84203B016301B64530C7BE8234175E8 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
11:48:18.0328 0x065c  DockLoginService - detected UnsignedFile.Multi.Generic ( 1 )
11:48:18.0328 0x065c  DockLoginService ( UnsignedFile.Multi.Generic ) - warning
11:48:18.0328 0x065c  Force sending object to P2P due to detect: DockLoginService
11:48:18.0329 0x065c  Object send P2P result: false
11:48:18.0383 0x065c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:48:18.0447 0x065c  dot3svc - ok
11:48:18.0520 0x065c  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
11:48:18.0557 0x065c  Dot4 - ok
11:48:18.0620 0x065c  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
11:48:18.0665 0x065c  Dot4Print - ok
11:48:18.0672 0x065c  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
11:48:18.0696 0x065c  dot4usb - ok
11:48:18.0765 0x065c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
11:48:18.0817 0x065c  DPS - ok
11:48:18.0863 0x065c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:48:18.0900 0x065c  drmkaud - ok
11:48:18.0935 0x065c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:48:18.0971 0x065c  DXGKrnl - ok
11:48:18.0982 0x065c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
11:48:19.0025 0x065c  EapHost - ok
11:48:19.0101 0x065c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
11:48:19.0197 0x065c  ebdrv - ok
11:48:19.0211 0x065c  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS             C:\Windows\System32\lsass.exe
11:48:19.0233 0x065c  EFS - ok
11:48:19.0321 0x065c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:48:19.0359 0x065c  ehRecvr - ok
11:48:19.0414 0x065c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
11:48:19.0450 0x065c  ehSched - ok
11:48:19.0523 0x065c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:48:19.0552 0x065c  elxstor - ok
11:48:19.0596 0x065c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:48:19.0629 0x065c  ErrDev - ok
11:48:19.0649 0x065c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
11:48:19.0698 0x065c  EventSystem - ok
11:48:19.0709 0x065c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:48:19.0755 0x065c  exfat - ok
11:48:19.0772 0x065c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:48:19.0817 0x065c  fastfat - ok
11:48:19.0898 0x065c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
11:48:19.0945 0x065c  Fax - ok
11:48:19.0957 0x065c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:48:19.0978 0x065c  fdc - ok
11:48:19.0991 0x065c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
11:48:20.0032 0x065c  fdPHost - ok
11:48:20.0036 0x065c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:48:20.0077 0x065c  FDResPub - ok
11:48:20.0085 0x065c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:48:20.0102 0x065c  FileInfo - ok
11:48:20.0113 0x065c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:48:20.0153 0x065c  Filetrace - ok
11:48:20.0161 0x065c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:48:20.0181 0x065c  flpydisk - ok
11:48:20.0238 0x065c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:48:20.0266 0x065c  FltMgr - ok
11:48:20.0348 0x065c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
11:48:20.0397 0x065c  FontCache - ok
11:48:20.0461 0x065c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:48:20.0493 0x065c  FontCache3.0.0.0 - ok
11:48:20.0504 0x065c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:48:20.0521 0x065c  FsDepends - ok
11:48:20.0534 0x065c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:48:20.0552 0x065c  Fs_Rec - ok
11:48:20.0607 0x065c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:48:20.0641 0x065c  fvevol - ok
11:48:20.0651 0x065c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:48:20.0668 0x065c  gagp30kx - ok
11:48:20.0715 0x065c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:48:20.0745 0x065c  GEARAspiWDM - ok
11:48:20.0821 0x065c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:48:20.0879 0x065c  gpsvc - ok
11:48:20.0994 0x065c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:48:21.0030 0x065c  gupdate - ok
11:48:21.0034 0x065c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:48:21.0050 0x065c  gupdatem - ok
11:48:21.0109 0x065c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:48:21.0151 0x065c  gusvc - ok
11:48:21.0164 0x065c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:48:21.0185 0x065c  hcw85cir - ok
11:48:21.0257 0x065c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:48:21.0289 0x065c  HDAudBus - ok
11:48:21.0353 0x065c  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
11:48:21.0395 0x065c  HECIx64 - ok
11:48:21.0408 0x065c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:48:21.0428 0x065c  HidBatt - ok
11:48:21.0439 0x065c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:48:21.0462 0x065c  HidBth - ok
11:48:21.0477 0x065c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:48:21.0499 0x065c  HidIr - ok
11:48:21.0508 0x065c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
11:48:21.0548 0x065c  hidserv - ok
11:48:21.0565 0x065c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:48:21.0584 0x065c  HidUsb - ok
11:48:21.0639 0x065c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:48:21.0693 0x065c  hkmsvc - ok
11:48:21.0745 0x065c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:48:21.0786 0x065c  HomeGroupListener - ok
11:48:21.0796 0x065c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:48:21.0820 0x065c  HomeGroupProvider - ok
11:48:21.0985 0x065c  [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:48:22.0022 0x065c  hpqcxs08 - ok
11:48:22.0035 0x065c  [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:48:22.0050 0x065c  hpqddsvc - ok
11:48:22.0066 0x065c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:48:22.0084 0x065c  HpSAMD - ok
11:48:22.0163 0x065c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:48:22.0223 0x065c  HTTP - ok
11:48:22.0271 0x065c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:48:22.0298 0x065c  hwpolicy - ok
11:48:22.0347 0x065c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:48:22.0387 0x065c  i8042prt - ok
11:48:22.0445 0x065c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:48:22.0483 0x065c  iaStorV - ok
11:48:22.0586 0x065c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:48:22.0620 0x065c  idsvc - ok
11:48:22.0649 0x065c  IEEtwCollectorService - ok
11:48:22.0961 0x065c  [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
11:48:23.0286 0x065c  igfx - ok
11:48:23.0302 0x065c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:48:23.0320 0x065c  iirsp - ok
11:48:23.0400 0x065c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
11:48:23.0440 0x065c  IKEEXT - ok
11:48:23.0455 0x065c  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
11:48:23.0478 0x065c  Impcd - ok
11:48:23.0597 0x065c  [ E9BEFD8C6A1DB3B544B61647DDA35F62, 815CD7DD6FBC7766AE85F87A416C178D1EA31A137130813AC2A9EB81F44BDD44 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:48:23.0658 0x065c  IntcAzAudAddService - ok
11:48:23.0723 0x065c  [ 58CF58DEE26C909BD6F977B61D246295, 0CE27B81C091961A22B75478449D654F9C1A68E43DF80C699DB8DD3D1B288461 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
11:48:23.0762 0x065c  IntcDAud - ok
11:48:23.0810 0x065c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:48:23.0841 0x065c  intelide - ok
11:48:23.0892 0x065c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:48:23.0923 0x065c  intelppm - ok
11:48:23.0928 0x065c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:48:23.0971 0x065c  IPBusEnum - ok
11:48:24.0018 0x065c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:48:24.0075 0x065c  IpFilterDriver - ok
11:48:24.0098 0x065c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:48:24.0132 0x065c  iphlpsvc - ok
11:48:24.0145 0x065c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:48:24.0167 0x065c  IPMIDRV - ok
11:48:24.0180 0x065c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:48:24.0223 0x065c  IPNAT - ok
11:48:24.0317 0x065c  [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:48:24.0350 0x065c  iPod Service - ok
11:48:24.0404 0x065c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:48:24.0450 0x065c  IRENUM - ok
11:48:24.0499 0x065c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:48:24.0529 0x065c  isapnp - ok
11:48:24.0546 0x065c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:48:24.0575 0x065c  iScsiPrt - ok
11:48:24.0603 0x065c  [ 9D7EA8C7215D8D4AE7BE110EEE61085D, C8AEC99985AEAD52FA4FA14DA98EE465594EA1392E2010D0B474CD467D766EE8 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
11:48:24.0626 0x065c  k57nd60a - ok
11:48:24.0688 0x065c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:48:24.0724 0x065c  kbdclass - ok
11:48:24.0754 0x065c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:48:24.0776 0x065c  kbdhid - ok
11:48:24.0820 0x065c  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso          C:\Windows\system32\lsass.exe
11:48:24.0851 0x065c  KeyIso - ok
11:48:24.0926 0x065c  [ 18DCDF2DFDCCEB2EEF9E641F39D17BC7, 7C9704568E346C2C7292DD5D8027ED8249708424FE8DF5F4EED634FE80BAA2BA ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
11:48:24.0953 0x065c  KL1 - ok
11:48:24.0998 0x065c  [ 2CB6342329B118D9C2CD7551B1CF7002, 138BF88850B848428214DC07AD26F8281994DB6D1B62E78472CD6172C57E411C ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
11:48:25.0038 0x065c  KLIF - ok
11:48:25.0083 0x065c  [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:48:25.0116 0x065c  KSecDD - ok
11:48:25.0137 0x065c  [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:48:25.0157 0x065c  KSecPkg - ok
11:48:25.0170 0x065c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:48:25.0211 0x065c  ksthunk - ok
11:48:25.0242 0x065c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:48:25.0291 0x065c  KtmRm - ok
11:48:25.0347 0x065c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
11:48:25.0410 0x065c  LanmanServer - ok
11:48:25.0457 0x065c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:48:25.0524 0x065c  LanmanWorkstation - ok
11:48:25.0723 0x065c  [ 1D5C6790425CB6DBB1B3C2722C34E199, D8BCC31A443B77711A7CA468E754A73137C1CC47D6F3DA5BEE3735B654327B0C ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
11:48:25.0754 0x065c  LBTServ - ok
11:48:25.0822 0x065c  [ 5EA1731968F2FD0E950DDCE6D36C5134, 16C47AA60CB62F206DBF3B4FAF99FCA667E7193178D1B7ECB162FA87C008BAA3 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
11:48:25.0852 0x065c  LEqdUsb - ok
11:48:25.0859 0x065c  [ 50AC0930F05DFB996F085B49E112E5C9, C5147E92656506981705AFCAA97B7BDAD0929FF39C1666E774BE1BD32FB08387 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
11:48:25.0873 0x065c  LHidEqd - ok
11:48:25.0923 0x065c  [ 96EB043E2843B5A87A486D0BC6921094, 0B339A18B2F536F12B2C1B4FEDEB3A815DC7F8E7B082144EE084B3E6ED067FBC ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:48:25.0954 0x065c  LHidFilt - ok
11:48:26.0014 0x065c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:48:26.0069 0x065c  lltdio - ok
11:48:26.0093 0x065c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:48:26.0141 0x065c  lltdsvc - ok
11:48:26.0144 0x065c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:48:26.0186 0x065c  lmhosts - ok
11:48:26.0235 0x065c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:48:26.0280 0x065c  LSI_FC - ok
11:48:26.0291 0x065c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:48:26.0309 0x065c  LSI_SAS - ok
11:48:26.0321 0x065c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:48:26.0339 0x065c  LSI_SAS2 - ok
11:48:26.0353 0x065c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:48:26.0371 0x065c  LSI_SCSI - ok
11:48:26.0430 0x065c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
11:48:26.0471 0x065c  luafv - ok
11:48:26.0499 0x065c  LVPr2M64 - ok
11:48:26.0547 0x065c  [ A401CFF74982D8DF851F20307C806073, 1D7BA90C9E77FAAE59F60AB5310EC41D9C5B98F1F9A89A3CDB9169E6DEF565DA ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
11:48:26.0583 0x065c  LVRS64 - ok
11:48:26.0695 0x065c  [ 13384CB5F5813E65F31078D6ABFAAF38, A6E7374C15CAECC273197BF62F8F926BA30E9509270A8470756F4710E1DEA126 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
11:48:26.0804 0x065c  LVUVC64 - ok
11:48:26.0855 0x065c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:48:26.0892 0x065c  Mcx2Svc - ok
11:48:26.0902 0x065c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:48:26.0919 0x065c  megasas - ok
11:48:26.0939 0x065c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:48:26.0961 0x065c  MegaSR - ok
11:48:26.0973 0x065c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
11:48:27.0014 0x065c  MMCSS - ok
11:48:27.0022 0x065c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
11:48:27.0061 0x065c  Modem - ok
11:48:27.0082 0x065c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:48:27.0104 0x065c  monitor - ok
11:48:27.0108 0x065c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:48:27.0125 0x065c  mouclass - ok
11:48:27.0170 0x065c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:48:27.0192 0x065c  mouhid - ok
11:48:27.0233 0x065c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:48:27.0253 0x065c  mountmgr - ok
11:48:27.0286 0x065c  [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:48:27.0305 0x065c  MozillaMaintenance - ok
11:48:27.0381 0x065c  [ FBA4CDA6B3B00D7A116DCC2B5C7E9790, FE909159323290555971F031E7911DCCD035B873E630A230A660C13D57719206 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
11:48:27.0409 0x065c  MpFilter - ok
11:48:27.0421 0x065c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:48:27.0439 0x065c  mpio - ok
11:48:27.0456 0x065c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:48:27.0497 0x065c  mpsdrv - ok
11:48:27.0573 0x065c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:48:27.0631 0x065c  MpsSvc - ok
11:48:27.0679 0x065c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:48:27.0719 0x065c  MRxDAV - ok
11:48:27.0745 0x065c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:48:27.0767 0x065c  mrxsmb - ok
11:48:27.0794 0x065c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:48:27.0819 0x065c  mrxsmb10 - ok
11:48:27.0840 0x065c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:48:27.0862 0x065c  mrxsmb20 - ok
11:48:27.0911 0x065c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:48:27.0938 0x065c  msahci - ok
11:48:27.0993 0x065c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:48:28.0027 0x065c  msdsm - ok
11:48:28.0038 0x065c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
11:48:28.0062 0x065c  MSDTC - ok
11:48:28.0068 0x065c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:48:28.0108 0x065c  Msfs - ok
11:48:28.0118 0x065c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:48:28.0157 0x065c  mshidkmdf - ok
11:48:28.0205 0x065c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:48:28.0235 0x065c  msisadrv - ok
11:48:28.0293 0x065c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:48:28.0352 0x065c  MSiSCSI - ok
11:48:28.0355 0x065c  msiserver - ok
11:48:28.0407 0x065c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:48:28.0465 0x065c  MSKSSRV - ok
11:48:28.0545 0x065c  [ F46BA4E7F4A34295B20917CD77F6CEC9, 1A91AC1AC1FBFC6922D0430D752240A91C9001373B1F84F960FDE0AC062A411A ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:48:28.0586 0x065c  MsMpSvc - ok
11:48:28.0631 0x065c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:48:28.0699 0x065c  MSPCLOCK - ok
11:48:28.0705 0x065c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:48:28.0745 0x065c  MSPQM - ok
11:48:28.0808 0x065c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:48:28.0844 0x065c  MsRPC - ok
11:48:28.0889 0x065c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:48:28.0923 0x065c  mssmbios - ok
11:48:28.0937 0x065c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:48:28.0977 0x065c  MSTEE - ok
11:48:28.0985 0x065c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:48:29.0005 0x065c  MTConfig - ok
11:48:29.0013 0x065c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
11:48:29.0030 0x065c  Mup - ok
11:48:29.0101 0x065c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
11:48:29.0165 0x065c  napagent - ok
11:48:29.0233 0x065c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:48:29.0273 0x065c  NativeWifiP - ok
11:48:29.0344 0x065c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:48:29.0380 0x065c  NDIS - ok
11:48:29.0438 0x065c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:48:29.0489 0x065c  NdisCap - ok
11:48:29.0536 0x065c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:48:29.0597 0x065c  NdisTapi - ok
11:48:29.0655 0x065c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:48:29.0714 0x065c  Ndisuio - ok
11:48:29.0768 0x065c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:48:29.0823 0x065c  NdisWan - ok
11:48:29.0872 0x065c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:48:29.0934 0x065c  NDProxy - ok
11:48:30.0007 0x065c  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:48:30.0025 0x065c  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
11:48:30.0025 0x065c  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:48:30.0075 0x065c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:48:30.0138 0x065c  NetBIOS - ok
11:48:30.0198 0x065c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:48:30.0250 0x065c  NetBT - ok
11:48:30.0260 0x065c  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon        C:\Windows\system32\lsass.exe
11:48:30.0281 0x065c  Netlogon - ok
11:48:30.0308 0x065c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
11:48:30.0357 0x065c  Netman - ok
11:48:30.0427 0x065c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:48:30.0460 0x065c  NetMsmqActivator - ok
11:48:30.0474 0x065c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:48:30.0494 0x065c  NetPipeActivator - ok
11:48:30.0519 0x065c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
11:48:30.0568 0x065c  netprofm - ok
11:48:30.0609 0x065c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:48:30.0640 0x065c  NetTcpActivator - ok
11:48:30.0645 0x065c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:48:30.0665 0x065c  NetTcpPortSharing - ok
11:48:30.0698 0x065c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:48:30.0716 0x065c  nfrd960 - ok
11:48:30.0770 0x065c  [ E10B84385C3FEEF4BDE8E6A980535522, 56D9E47B76CDABE45E64C9E74DCBCC2F7C07A44519ED938BD730018C48445614 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:48:30.0814 0x065c  NisDrv - ok
11:48:30.0898 0x065c  [ 9BF50324444C46997C2492D505B47F2D, 42C74456C64F7D688E0911255746BD2A52A3590AED22B24F7E385760D720B8E9 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
11:48:30.0923 0x065c  NisSrv - ok
11:48:30.0986 0x065c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:48:31.0032 0x065c  NlaSvc - ok
11:48:31.0035 0x065c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:48:31.0077 0x065c  Npfs - ok
11:48:31.0080 0x065c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
11:48:31.0121 0x065c  nsi - ok
11:48:31.0132 0x065c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:48:31.0172 0x065c  nsiproxy - ok
11:48:31.0225 0x065c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:48:31.0289 0x065c  Ntfs - ok
11:48:31.0297 0x065c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
11:48:31.0338 0x065c  Null - ok
11:48:31.0397 0x065c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:48:31.0422 0x065c  nvraid - ok
11:48:31.0447 0x065c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:48:31.0466 0x065c  nvstor - ok
11:48:31.0516 0x065c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:48:31.0534 0x065c  nv_agp - ok
11:48:31.0584 0x065c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:48:31.0624 0x065c  ohci1394 - ok
11:48:31.0697 0x065c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:48:31.0720 0x065c  ose - ok
11:48:32.0000 0x065c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:48:32.0112 0x065c  osppsvc - ok
11:48:32.0143 0x065c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:48:32.0171 0x065c  p2pimsvc - ok
11:48:32.0187 0x065c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
11:48:32.0216 0x065c  p2psvc - ok
11:48:32.0234 0x065c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:48:32.0255 0x065c  Parport - ok
11:48:32.0274 0x065c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:48:32.0292 0x065c  partmgr - ok
11:48:32.0343 0x065c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:48:32.0385 0x065c  PcaSvc - ok
11:48:32.0460 0x065c  [ 7317A0B550F7AC0223B7070897670476, ABB0A1296BA267467C16CF99383EFCAB1732B07EE5B2494197A26B8432DD0A94 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
11:48:32.0497 0x065c  PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
11:48:32.0510 0x065c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
11:48:32.0530 0x065c  pci - ok
11:48:32.0540 0x065c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
11:48:32.0557 0x065c  pciide - ok
11:48:32.0569 0x065c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:48:32.0589 0x065c  pcmcia - ok
11:48:32.0600 0x065c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:48:32.0616 0x065c  pcw - ok
11:48:32.0637 0x065c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:48:32.0691 0x065c  PEAUTH - ok
11:48:32.0776 0x065c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:48:32.0822 0x065c  PerfHost - ok
11:48:32.0918 0x065c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
11:48:32.0991 0x065c  pla - ok
11:48:33.0054 0x065c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:48:33.0086 0x065c  PlugPlay - ok
11:48:33.0151 0x065c  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:48:33.0170 0x065c  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
11:48:33.0170 0x065c  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:48:33.0181 0x065c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:48:33.0203 0x065c  PNRPAutoReg - ok
11:48:33.0218 0x065c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:48:33.0245 0x065c  PNRPsvc - ok
11:48:33.0263 0x065c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:48:33.0312 0x065c  PolicyAgent - ok
11:48:33.0322 0x065c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
11:48:33.0366 0x065c  Power - ok
11:48:33.0426 0x065c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:48:33.0480 0x065c  PptpMiniport - ok
11:48:33.0491 0x065c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:48:33.0513 0x065c  Processor - ok
11:48:33.0568 0x065c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:48:33.0610 0x065c  ProfSvc - ok
11:48:33.0660 0x065c  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:48:33.0696 0x065c  ProtectedStorage - ok
11:48:33.0759 0x065c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:48:33.0829 0x065c  Psched - ok
11:48:33.0840 0x065c  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
11:48:33.0858 0x065c  PxHlpa64 - ok
11:48:33.0902 0x065c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:48:33.0948 0x065c  ql2300 - ok
11:48:33.0962 0x065c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:48:33.0981 0x065c  ql40xx - ok
11:48:33.0997 0x065c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
11:48:34.0027 0x065c  QWAVE - ok
11:48:34.0036 0x065c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:48:34.0060 0x065c  QWAVEdrv - ok
11:48:34.0071 0x065c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:48:34.0111 0x065c  RasAcd - ok
11:48:34.0166 0x065c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:48:34.0225 0x065c  RasAgileVpn - ok
11:48:34.0231 0x065c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
11:48:34.0273 0x065c  RasAuto - ok
11:48:34.0330 0x065c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:48:34.0399 0x065c  Rasl2tp - ok
11:48:34.0431 0x065c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
11:48:34.0479 0x065c  RasMan - ok
11:48:34.0509 0x065c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:48:34.0552 0x065c  RasPppoe - ok
11:48:34.0603 0x065c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:48:34.0654 0x065c  RasSstp - ok
11:48:34.0672 0x065c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:48:34.0718 0x065c  rdbss - ok
11:48:34.0732 0x065c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:48:34.0754 0x065c  rdpbus - ok
11:48:34.0765 0x065c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:48:34.0804 0x065c  RDPCDD - ok
11:48:34.0856 0x065c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:48:34.0914 0x065c  RDPENCDD - ok
11:48:34.0921 0x065c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:48:34.0961 0x065c  RDPREFMP - ok
11:48:35.0027 0x065c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:48:35.0066 0x065c  RdpVideoMiniport - ok
11:48:35.0121 0x065c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:48:35.0168 0x065c  RDPWD - ok
11:48:35.0208 0x065c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:48:35.0234 0x065c  rdyboost - ok
11:48:35.0258 0x065c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:48:35.0303 0x065c  RemoteAccess - ok
11:48:35.0315 0x065c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:48:35.0359 0x065c  RemoteRegistry - ok
11:48:35.0426 0x065c  [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
11:48:35.0461 0x065c  Revoflt - ok
11:48:35.0606 0x065c  [ 3C957189B31C34D3AD21967B12B6AED7, 878FE6EA03F60592D6D557B905A5119E2CC836C2A6A86ED2867C3C9B0F0FDBA2 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
11:48:35.0643 0x065c  RoxMediaDB12OEM - ok
11:48:35.0660 0x065c  [ 2B73088CC2CA757A172B425C9398E5BC, 3D296B4D6F66F7729CC48FE54456E6E6D8207DBA7E31D66653566C128E53163B ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
11:48:35.0680 0x065c  RoxWatch12 - ok
11:48:35.0692 0x065c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:48:35.0735 0x065c  RpcEptMapper - ok
11:48:35.0756 0x065c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
11:48:35.0777 0x065c  RpcLocator - ok
11:48:35.0842 0x065c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
11:48:35.0897 0x065c  RpcSs - ok
11:48:35.0910 0x065c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:48:35.0951 0x065c  rspndr - ok
11:48:35.0959 0x065c  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs           C:\Windows\system32\lsass.exe
11:48:35.0980 0x065c  SamSs - ok
11:48:36.0034 0x065c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:48:36.0066 0x065c  sbp2port - ok
11:48:36.0077 0x065c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:48:36.0122 0x065c  SCardSvr - ok
11:48:36.0173 0x065c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:48:36.0230 0x065c  scfilter - ok
11:48:36.0323 0x065c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
11:48:36.0391 0x065c  Schedule - ok
11:48:36.0440 0x065c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:48:36.0496 0x065c  SCPolicySvc - ok
11:48:36.0550 0x065c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:48:36.0573 0x065c  SDRSVC - ok
11:48:36.0651 0x065c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:48:36.0740 0x065c  secdrv - ok
11:48:36.0779 0x065c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
11:48:36.0837 0x065c  seclogon - ok
11:48:36.0844 0x065c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
11:48:36.0887 0x065c  SENS - ok
11:48:36.0892 0x065c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:48:36.0913 0x065c  SensrSvc - ok
11:48:36.0927 0x065c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:48:36.0947 0x065c  Serenum - ok
11:48:37.0007 0x065c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:48:37.0054 0x065c  Serial - ok
11:48:37.0104 0x065c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:48:37.0142 0x065c  sermouse - ok
11:48:37.0195 0x065c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
11:48:37.0256 0x065c  SessionEnv - ok
11:48:37.0307 0x065c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:48:37.0346 0x065c  sffdisk - ok
11:48:37.0355 0x065c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:48:37.0376 0x065c  sffp_mmc - ok
11:48:37.0388 0x065c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:48:37.0411 0x065c  sffp_sd - ok
11:48:37.0419 0x065c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:48:37.0440 0x065c  sfloppy - ok
11:48:37.0565 0x065c  [ 74EC60E20516AAA573BE74F31175270F, 35A68231368DEE46FEF2A4E30BFAAC38F093FC5A362A7491ED38BDE11F0FC356 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
11:48:37.0611 0x065c  SftService - ok
11:48:37.0630 0x065c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:48:37.0679 0x065c  SharedAccess - ok
11:48:37.0743 0x065c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:48:37.0807 0x065c  ShellHWDetection - ok
11:48:37.0862 0x065c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:48:37.0895 0x065c  SiSRaid2 - ok
11:48:37.0909 0x065c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:48:37.0927 0x065c  SiSRaid4 - ok
11:48:37.0999 0x065c  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:48:38.0028 0x065c  SkypeUpdate - ok
11:48:38.0079 0x065c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:48:38.0131 0x065c  Smb - ok
11:48:38.0193 0x065c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:48:38.0245 0x065c  SNMPTRAP - ok
11:48:38.0252 0x065c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:48:38.0269 0x065c  spldr - ok
11:48:38.0345 0x065c  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
11:48:38.0410 0x065c  Spooler - ok
11:48:38.0550 0x065c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
11:48:38.0671 0x065c  sppsvc - ok
11:48:38.0687 0x065c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:48:38.0728 0x065c  sppuinotify - ok
11:48:38.0759 0x065c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:48:38.0789 0x065c  srv - ok
11:48:38.0816 0x065c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:48:38.0844 0x065c  srv2 - ok
11:48:38.0854 0x065c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:48:38.0877 0x065c  srvnet - ok
11:48:38.0886 0x065c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:48:38.0931 0x065c  SSDPSRV - ok
11:48:38.0943 0x065c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:48:38.0985 0x065c  SstpSvc - ok
11:48:38.0989 0x065c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:48:39.0005 0x065c  stexstor - ok
11:48:39.0075 0x065c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
11:48:39.0122 0x065c  stisvc - ok
11:48:39.0133 0x065c  [ 7731F46EC0D687A931CBA063E8F90EF0, 5CF996A209756B901316C4406C7D3E52ECC9C15A1BDB0D4D9C77846AB29FD040 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
11:48:39.0149 0x065c  stllssvr - ok
11:48:39.0217 0x065c  [ AAD2B2911B11BACC7493B280EAA9CB53, C82B615F59CFE1910633218F7C5DF9BA5A64D407B3FC573CF6267B15A3DBA44D ] SWDUMon         C:\Windows\system32\DRIVERS\SWDUMon.sys
11:48:39.0246 0x065c  SWDUMon - ok
11:48:39.0295 0x065c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:48:39.0330 0x065c  swenum - ok
11:48:39.0351 0x065c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
11:48:39.0404 0x065c  swprv - ok
11:48:39.0521 0x065c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
11:48:39.0587 0x065c  SysMain - ok
11:48:39.0638 0x065c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:48:39.0677 0x065c  TabletInputService - ok
11:48:39.0733 0x065c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:48:39.0788 0x065c  TapiSrv - ok
11:48:39.0798 0x065c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
11:48:39.0840 0x065c  TBS - ok
11:48:39.0943 0x065c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:48:39.0995 0x065c  Tcpip - ok
11:48:40.0096 0x065c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:48:40.0149 0x065c  TCPIP6 - ok
11:48:40.0160 0x065c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:48:40.0180 0x065c  tcpipreg - ok
11:48:40.0188 0x065c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:48:40.0209 0x065c  TDPIPE - ok
11:48:40.0218 0x065c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:48:40.0238 0x065c  TDTCP - ok
11:48:40.0287 0x065c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:48:40.0346 0x065c  tdx - ok
11:48:40.0356 0x065c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:48:40.0373 0x065c  TermDD - ok
11:48:40.0447 0x065c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
11:48:40.0491 0x065c  TermService - ok
11:48:40.0502 0x065c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
11:48:40.0526 0x065c  Themes - ok
11:48:40.0538 0x065c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
11:48:40.0582 0x065c  THREADORDER - ok
11:48:40.0650 0x065c  [ 36E1383019695CB722E685083C005FDD, 8F1A5529D1841D847143679F1728654A05D11FC3EC9229F4163C1648AB04B6F8 ] TotRec8         C:\Windows\system32\drivers\TotRec8.sys
11:48:40.0685 0x065c  TotRec8 - ok
11:48:40.0701 0x065c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
11:48:40.0752 0x065c  TrkWks - ok
11:48:40.0835 0x065c  [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight       C:\WINDOWS\System32\drivers\TrueSight.sys
11:48:40.0867 0x065c  TrueSight - ok
11:48:40.0940 0x065c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:48:40.0987 0x065c  TrustedInstaller - ok
11:48:40.0994 0x065c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:48:41.0015 0x065c  tssecsrv - ok
11:48:41.0072 0x065c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:48:41.0108 0x065c  TsUsbFlt - ok
11:48:41.0172 0x065c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:48:41.0224 0x065c  tunnel - ok
11:48:41.0239 0x065c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:48:41.0257 0x065c  uagp35 - ok
11:48:41.0322 0x065c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:48:41.0379 0x065c  udfs - ok
11:48:41.0387 0x065c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:48:41.0410 0x065c  UI0Detect - ok
11:48:41.0421 0x065c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:48:41.0439 0x065c  uliagpkx - ok
11:48:41.0495 0x065c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
11:48:41.0529 0x065c  umbus - ok
11:48:41.0539 0x065c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:48:41.0563 0x065c  UmPass - ok
11:48:41.0580 0x065c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
11:48:41.0631 0x065c  upnphost - ok
11:48:41.0687 0x065c  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
11:48:41.0715 0x065c  USBAAPL64 - ok
11:48:41.0781 0x065c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
11:48:41.0824 0x065c  usbaudio - ok
11:48:41.0837 0x065c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:48:41.0860 0x065c  usbccgp - ok
11:48:41.0871 0x065c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:48:41.0893 0x065c  usbcir - ok
11:48:41.0903 0x065c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
11:48:41.0925 0x065c  usbehci - ok
11:48:41.0940 0x065c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:48:41.0968 0x065c  usbhub - ok
11:48:41.0974 0x065c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:48:41.0995 0x065c  usbohci - ok
11:48:42.0052 0x065c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:48:42.0097 0x065c  usbprint - ok
11:48:42.0103 0x065c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:48:42.0124 0x065c  usbscan - ok
11:48:42.0142 0x065c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:48:42.0164 0x065c  USBSTOR - ok
11:48:42.0186 0x065c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:48:42.0208 0x065c  usbuhci - ok
11:48:42.0220 0x065c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
11:48:42.0244 0x065c  usbvideo - ok
11:48:42.0254 0x065c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
11:48:42.0296 0x065c  UxSms - ok
11:48:42.0309 0x065c  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc        C:\Windows\system32\lsass.exe
11:48:42.0329 0x065c  VaultSvc - ok
11:48:42.0343 0x065c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:48:42.0360 0x065c  vdrvroot - ok
11:48:42.0426 0x065c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
11:48:42.0484 0x065c  vds - ok
11:48:42.0497 0x065c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:48:42.0520 0x065c  vga - ok
11:48:42.0527 0x065c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:48:42.0568 0x065c  VgaSave - ok
11:48:42.0721 0x065c  [ DDB05F2A65B22C10382127D9352853AA, 8DC159737A3617E5495CB9399731AB8AF7734B2D1776F23AF1AE2518896BCA38 ] VhdAttach       C:\Program Files\Josip Medved\VHD Attach\VhdAttachService.exe
11:48:42.0764 0x065c  VhdAttach - ok
11:48:42.0819 0x065c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:48:42.0851 0x065c  vhdmp - ok
11:48:42.0858 0x065c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:48:42.0875 0x065c  viaide - ok
11:48:42.0883 0x065c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:48:42.0900 0x065c  volmgr - ok
11:48:42.0964 0x065c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:48:43.0001 0x065c  volmgrx - ok
11:48:43.0026 0x065c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:48:43.0047 0x065c  volsnap - ok
11:48:43.0099 0x065c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:48:43.0125 0x065c  vsmraid - ok
11:48:43.0215 0x065c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
11:48:43.0292 0x065c  VSS - ok
11:48:43.0306 0x065c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:48:43.0330 0x065c  vwifibus - ok
11:48:43.0391 0x065c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
11:48:43.0452 0x065c  W32Time - ok
11:48:43.0460 0x065c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:48:43.0481 0x065c  WacomPen - ok
11:48:43.0534 0x065c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:48:43.0591 0x065c  WANARP - ok
11:48:43.0614 0x065c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:48:43.0674 0x065c  Wanarpv6 - ok
11:48:43.0804 0x065c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:48:43.0844 0x065c  WatAdminSvc - ok
11:48:43.0949 0x065c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
11:48:44.0005 0x065c  wbengine - ok
11:48:44.0068 0x065c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:48:44.0114 0x065c  WbioSrvc - ok
11:48:44.0180 0x065c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:48:44.0217 0x065c  wcncsvc - ok
11:48:44.0229 0x065c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:48:44.0250 0x065c  WcsPlugInService - ok
11:48:44.0254 0x065c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:48:44.0270 0x065c  Wd - ok
11:48:44.0326 0x065c  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
11:48:44.0370 0x065c  WDC_SAM - ok
11:48:44.0477 0x065c  [ E6050FE6B60FA91188B8ABDB5B1E339F, B38596C5F2C1FC8EB961ED5E6BEFE3CC3A85900AC41286676CEF8D9D55AB3606 ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
11:48:44.0498 0x065c  WDDMService - detected UnsignedFile.Multi.Generic ( 1 )
11:48:44.0498 0x065c  WDDMService ( UnsignedFile.Multi.Generic ) - warning
11:48:44.0498 0x065c  Force sending object to P2P due to detect: WDDMService
11:48:44.0500 0x065c  Object send P2P result: false
11:48:44.0529 0x065c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:48:44.0564 0x065c  Wdf01000 - ok
11:48:44.0707 0x065c  [ B83D5071B32A70BEBDB3330BFA7ACB80, 152BA162C5F8189D61C1022C1B1F3197DA1810C4D0BA87FC1DAEBF48F4644881 ] WDFME           C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
11:48:44.0742 0x065c  WDFME - ok
11:48:44.0756 0x065c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:48:44.0784 0x065c  WdiServiceHost - ok
11:48:44.0789 0x065c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:48:44.0817 0x065c  WdiSystemHost - ok
11:48:44.0838 0x065c  [ 517DE2C5568CBA6B2A24A557AC60C30B, 608AFBF7C06F9EB7071E242B494F93C9E49B02AD9A8F8FC04EB118405BE59704 ] WDSC            C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
11:48:44.0861 0x065c  WDSC - ok
11:48:44.0912 0x065c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
11:48:44.0956 0x065c  WebClient - ok
11:48:44.0968 0x065c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:48:45.0013 0x065c  Wecsvc - ok
11:48:45.0019 0x065c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:48:45.0063 0x065c  wercplsupport - ok
11:48:45.0122 0x065c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:48:45.0181 0x065c  WerSvc - ok
11:48:45.0193 0x065c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:48:45.0233 0x065c  WfpLwf - ok
11:48:45.0310 0x065c  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
11:48:45.0340 0x065c  WimFltr - ok
11:48:45.0350 0x065c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:48:45.0367 0x065c  WIMMount - ok
11:48:45.0385 0x065c  WinDefend - ok
11:48:45.0391 0x065c  WinHttpAutoProxySvc - ok
11:48:45.0452 0x065c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:48:45.0514 0x065c  Winmgmt - ok
11:48:45.0617 0x065c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
11:48:45.0704 0x065c  WinRM - ok
11:48:45.0767 0x065c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:48:45.0809 0x065c  WinUsb - ok
11:48:45.0832 0x065c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:48:45.0879 0x065c  Wlansvc - ok
11:48:45.0931 0x065c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:48:45.0968 0x065c  WmiAcpi - ok
11:48:46.0026 0x065c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:48:46.0064 0x065c  wmiApSrv - ok
11:48:46.0114 0x065c  WMPNetworkSvc - ok
11:48:46.0125 0x065c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:48:46.0153 0x065c  WPCSvc - ok
11:48:46.0199 0x065c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:48:46.0240 0x065c  WPDBusEnum - ok
11:48:46.0253 0x065c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:48:46.0294 0x065c  ws2ifsl - ok
11:48:46.0371 0x065c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
11:48:46.0418 0x065c  wscsvc - ok
11:48:46.0421 0x065c  WSearch - ok
11:48:46.0487 0x065c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:48:46.0554 0x065c  wuauserv - ok
11:48:46.0624 0x065c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:48:46.0657 0x065c  WudfPf - ok
11:48:46.0667 0x065c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:48:46.0690 0x065c  WUDFRd - ok
11:48:46.0699 0x065c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:48:46.0723 0x065c  wudfsvc - ok
11:48:46.0730 0x065c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:48:46.0754 0x065c  WwanSvc - ok
11:48:46.0758 0x065c  ================ Scan global ===============================
11:48:46.0772 0x065c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
11:48:46.0784 0x065c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
11:48:46.0801 0x065c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
11:48:46.0815 0x065c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:48:46.0836 0x065c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
11:48:46.0842 0x065c  [ Global ] - ok
11:48:46.0842 0x065c  ================ Scan MBR ==================================
11:48:46.0865 0x065c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:48:47.0297 0x065c  \Device\Harddisk0\DR0 - ok
11:48:47.0297 0x065c  ================ Scan VBR ==================================
11:48:47.0300 0x065c  [ DA3A3432F0BCADEA33B6C014FDF15359 ] \Device\Harddisk0\DR0\Partition1
11:48:47.0326 0x065c  \Device\Harddisk0\DR0\Partition1 - ok
11:48:47.0331 0x065c  [ 236B91E2B5457CF7C2856FBA4D2BC971 ] \Device\Harddisk0\DR0\Partition2
11:48:47.0361 0x065c  \Device\Harddisk0\DR0\Partition2 - ok
11:48:47.0362 0x065c  ================ Scan generic autorun ======================
11:48:47.0668 0x065c  [ 3CBECBC83287258DC78B7D2F2821F7E5, 5B1D21ED9FAE4A2B3B9AF010FA9DBC6930EF5C8489FB46FBA27F1BC9AB449062 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11:48:47.0964 0x065c  RtHDVCpl - ok
11:48:48.0142 0x065c  [ 2433692BFC2631DC28B0705C1B760FF2, BBDE902F984E0968A3062F3EEA624E804B03095C67C280CDA4E85D02F46B7CDC ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
11:48:48.0244 0x065c  EvtMgr6 - ok
11:48:48.0299 0x065c  [ 810A5F70CEB063CEC85360394BEC2C56, FCC289B23B2347AD7C34B48E6EFB1914B5ED8D9DD397B0816D94747B168DFD64 ] C:\Windows\system32\igfxtray.exe
11:48:48.0335 0x065c  IgfxTray - ok
11:48:48.0348 0x065c  [ 2FE8F6A30802B69A3F501607F346DEEA, CD603DB6055861E9EAD397234120FBE0D3CACEFADB0D6001099CF0DA9DF1CC34 ] C:\Windows\system32\hkcmd.exe
11:48:48.0373 0x065c  HotKeysCmds - ok
11:48:48.0389 0x065c  [ CA1941B93BA45B7EA4D7D9F451B25C84, B0648762862931CB12004C92CD7A7EF8E3B1C14DD33C980A490D8AA56F7AA723 ] C:\Windows\system32\igfxpers.exe
11:48:48.0414 0x065c  Persistence - ok
11:48:48.0459 0x065c  [ 87A4BA086E5B5DF0F36E3F6D7234D701, EE26338497E016A95CB5970777B7B7AC8FAEF4E491713D729EDEFBCDC9FBF4A4 ] c:\Program Files\Microsoft Security Client\msseces.exe
11:48:48.0517 0x065c  MSC - ok
11:48:48.0633 0x065c  [ FF1AC73491E703FB01E2952455F20AAB, C6DFA9D4354E19F0D7A1CF270AD097A0CF0A5B5C8E26D4E2E9E5173ECEDD59F5 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
11:48:48.0724 0x065c  GoogleChromeAutoLaunch_92BF795A6B17D84362A93E38C78E6BE4 - ok
11:48:48.0822 0x065c  [ 28055897B47B1057820139770C8018E9, 5C199B29D3947229850CFC09FEDFA20ED4B5176F1EEE3C78A6DE094AF6F582B1 ] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
11:48:48.0859 0x065c  TWC.Win7 - detected UnsignedFile.Multi.Generic ( 1 )
11:48:48.0859 0x065c  TWC.Win7 ( UnsignedFile.Multi.Generic ) - warning
11:48:48.0859 0x065c  Force sending object to P2P due to detect: C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
11:48:48.0861 0x065c  Object send P2P result: false
11:48:48.0951 0x065c  Best Buy pc app - ok
11:48:49.0043 0x065c  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
11:48:49.0099 0x065c  swg - ok
11:48:49.0201 0x065c  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
11:48:49.0274 0x065c  Sidebar - ok
11:48:49.0296 0x065c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x61000 ( enabled : updated )
11:48:49.0312 0x065c  Win FW state via NFP2: enabled
11:48:49.0313 0x065c  ============================================================
11:48:49.0313 0x065c  Scan finished
11:48:49.0313 0x065c  ============================================================
11:48:49.0318 0x1668  Detected object count: 7
11:48:49.0318 0x1668  Actual detected object count: 7
11:49:37.0092 0x1668  cmwf ( LockedFile.Multi.Generic ) - skipped by user
11:49:37.0092 0x1668  cmwf ( LockedFile.Multi.Generic ) - User select action: Skip 
11:49:37.0093 0x1668  cmwr ( LockedFile.Multi.Generic ) - skipped by user
11:49:37.0093 0x1668  cmwr ( LockedFile.Multi.Generic ) - User select action: Skip 
11:49:37.0094 0x1668  DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:37.0094 0x1668  DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:37.0096 0x1668  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:37.0096 0x1668  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:37.0097 0x1668  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:37.0097 0x1668  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:37.0099 0x1668  WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:37.0099 0x1668  WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:49:37.0101 0x1668  TWC.Win7 ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:37.0101 0x1668  TWC.Win7 ( UnsignedFile.Multi.Generic ) - User select action: Skip 


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:27 AM

Posted 26 March 2015 - 11:58 AM

Step 1

Start tdsskiller.pngTDSSKiller.exe again with administrator privileges.
  • Set the parameters like in the first scan and click on Start scan.
  • This time select for the "threats"
     
    cmwf ( LockedFile.Multi.Generic ) 
    cmwr ( LockedFile.Multi.Generic )
     
    (and only for that!) the option Cure (or Delete).
  • Click on Continue and allow the reboot.
  • Copy and paste the log file (C:\TDSSKiller.<version_date_time>_log.txt) of this run in your next reply.
After Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

Edited by deeprybka, 26 March 2015 - 11:59 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 hunters123

hunters123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 26 March 2015 - 12:09 PM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by DWAYNE (administrator) on DWAYNE-PC on 26-03-2015 12:07:15
Running from C:\Users\DWAYNE\Desktop\cleaner
Loaded Profiles: DWAYNE (Available profiles: DWAYNE & BEQ)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Josip Medved) C:\Program Files\Josip Medved\VHD Attach\VhdAttachService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\Run: [GoogleChromeAutoLaunch_92BF795A6B17D84362A93E38C78E6BE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48128 2015-02-24] ()
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\BEQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
SearchScopes: HKLM -> {056DE163-7825-4BC9-B9D2-52E0C9B53008} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {E417590F-C8FC-4854-971A-5F83A53F3AB9} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-25] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-25] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-25] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: WSWSVCUchrome - No CLSID Value
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332608] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332608] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332608] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332608] ()
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [332608] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378544] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378544] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378544] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378544] ()
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [378544] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\DWAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\j2ws09d9.default-1422134654309
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Binkiland
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-13] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-13] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-13] (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-04-19] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\DWAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\j2ws09d9.default-1422134654309\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-02-13]
FF Extension: GMarks - C:\Users\DWAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\j2ws09d9.default-1422134654309\Extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}.xpi [2015-02-14]
FF Extension: Video DownloadHelper - C:\Users\DWAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\j2ws09d9.default-1422134654309\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-02]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06]
FF HKLM-x32\...\Firefox\Extensions: [flvto@hotger.com] - C:\Users\DWAYNE\AppData\Local\Flvto Plugin for Firefox\flvto_1.7.0.xpi
FF Extension: No Name - C:\Users\DWAYNE\AppData\Local\Flvto Plugin for Firefox\flvto_1.7.0.xpi [2013-10-01]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-11-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-03]
FF HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\Firefox\Extensions: [flvto@hotger.com] - C:\Users\DWAYNE\AppData\Local\Flvto Plugin for Firefox\flvto_1.7.0.xpi
FF HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.bing.com/?pc=conduit&ptag=A477141CA2B3149FD85F&form=CONORG&conlogo=CT3210127&ShowAppsUI=1
CHR StartupUrls: Default -> "hxxp://www.bing.com/?pc=conduit&ptag=A477141CA2B3149FD85F&form=CONORG&conlogo=CT3210127&ShowAppsUI=1", "hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPF0B9CFC8-4CE0-4141-BD99-27BD2C6817D5&SSPV=", "hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP315F9736-9912-4011-989F-B057C0464C99&SSPV=", "hxxp://www.trovi.com/?gd=&ctid=CT3329908&octid=EB_ORIGINAL_CTID&ISID=M584F4F5C-AE4B-4531-A166-16836D8B99F5&SearchSource=55&CUI=&UM=2&UP=SPC13FF20F-CFA7-4934-AC6B-91E5AEAD455B&SSPV=", "hxxp://binkiland.com/?f=7&a=bnk_dwndlm_15_07&cd=2XzuyEtN2Y1L1QzuyBzztB0B0C0BzytBtB0CtCtCtD0C0AyEtN0D0Tzu0StCtCtBzztN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2StBzyzyyEyBtB0F0DtG0CyCyEtCtG0FyByCtCtGyCzztAtBtGtDzy0CyByE0AyC0ByE0DyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyBtDyD0CzzyDtGyD0E0DtBtGyEyE0F0AtG0AtAyEyCtG0B0B0DyD0C0B0C0C0F0CtBtB2Q&cr=967283735&ir="
CHR DefaultSearchKeyword: Default -> search.conduit.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U31) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll No File
CHR Profile: C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-11]
CHR Extension: (YouTube) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-10]
CHR Extension: (Adblock Plus) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-14]
CHR Extension: (Google Search) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-10]
CHR Extension: (Google Wallet) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 VhdAttach; C:\Program Files\Josip Medved\VHD Attach\VhdAttachService.exe [276936 2014-04-07] (Josip Medved)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2013-08-04] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-08-04] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-08-04] (Kaspersky Lab)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-09-13] ()
S3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [124176 2012-11-30] (High Criteria inc.)
U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [35064 2015-02-10] ()
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 11:28 - 2015-03-26 12:07 - 00000000 ____D () C:\FRST
2015-03-26 09:11 - 2015-03-26 09:11 - 00029056 _____ () C:\ComboFix.txt
2015-03-25 20:50 - 2015-03-26 12:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-25 10:44 - 2015-03-26 12:07 - 00000000 ____D () C:\Users\DWAYNE\Desktop\cleaner
2015-03-09 11:47 - 2015-03-09 11:47 - 00000000 __SHD () C:\Users\BEQ\AppData\Local\EmieUserList
2015-03-09 11:47 - 2015-03-09 11:47 - 00000000 __SHD () C:\Users\BEQ\AppData\Local\EmieSiteList
2015-03-09 11:47 - 2015-03-09 11:47 - 00000000 __SHD () C:\Users\BEQ\AppData\Local\EmieBrowserModeList
2015-03-08 21:27 - 2015-03-22 17:18 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\Shauna & Baby Amaka 3.7.2015
2015-03-06 01:43 - 2015-03-06 01:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-04 14:22 - 2015-03-09 00:22 - 00000000 ____D () C:\Users\DWAYNE\Desktop\Jalanei
2015-02-28 05:43 - 2015-02-28 05:48 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Sharknado 2 The Second One (2014) [1080p]
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 12:06 - 2009-07-14 00:10 - 01459004 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 12:04 - 2011-04-07 23:02 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-26 12:04 - 2010-11-13 00:09 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-03-26 12:03 - 2015-02-13 20:31 - 00004079 _____ () C:\Windows\setupact.log
2015-03-26 12:03 - 2009-07-14 00:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 12:03 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 11:25 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 11:09 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 11:09 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 11:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-26 09:39 - 2011-04-07 23:16 - 00000000 ____D () C:\ProgramData\Sonic
2015-03-26 09:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-26 09:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-03-26 09:18 - 2015-02-10 18:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 09:11 - 2013-11-27 17:46 - 00000000 ____D () C:\Qoobox
2015-03-26 09:06 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-26 09:04 - 2015-02-14 10:28 - 00455116 _____ () C:\Windows\PFRO.log
2015-03-25 21:00 - 2013-11-11 21:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-25 09:59 - 2010-11-13 00:09 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\Apps\2.0
2015-03-25 00:13 - 2013-12-30 23:49 - 00000000 ____D () C:\Program Files (x86)\Alien Stars
2015-03-24 10:05 - 2014-10-22 07:19 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\CrashDumps
2015-03-22 23:00 - 2013-11-12 20:56 - 00000000 ____D () C:\Users\DWAYNE\AppData\Roaming\uTorrent
2015-03-22 20:45 - 2014-02-02 02:21 - 00000000 ____D () C:\Users\DWAYNE\Documents\Outlook Files
2015-03-22 20:44 - 2014-02-02 02:25 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\57545CD5-18A5-4F8C-934F-9B82A1B2AE5F.aplzod
2015-03-22 17:15 - 2014-11-16 16:42 - 00000000 ____D () C:\Users\DWAYNE\Desktop\Old Skool Family!
2015-03-22 17:10 - 2015-02-14 03:07 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\Flvto Youtube Downloader
2015-03-22 16:58 - 2010-11-13 00:04 - 00000000 ____D () C:\Users\DWAYNE
2015-03-22 15:56 - 2015-01-31 21:08 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\Herman High's Going Home Celebration 1.28.2015
2015-03-22 15:56 - 2015-01-27 01:00 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Unbroken.2014.DVDSCR.XviD.AC3-EVO
2015-03-22 15:56 - 2014-11-16 01:22 - 00000000 ____D () C:\Users\DWAYNE\Downloads\The.Last.Exorcism.Part.II.2013.UNRATED.BRRip.XviD-3LT0N
2015-03-22 15:56 - 2014-11-15 20:42 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Kill Them Softly (2012) [1080p]
2015-03-22 15:56 - 2014-01-28 12:31 - 00000000 ____D () C:\Users\BEQ
2015-03-22 15:56 - 2014-01-17 20:51 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Captain Phillips (2013) DVDRip XviD-MAXSPEED
2015-03-22 15:56 - 2013-12-19 02:08 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Elysium 2013 1080p BRRip x264 AC3-JYK
2015-03-22 15:56 - 2013-12-19 02:05 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Elysium 2013 720p BRRIP  x264 AAC KiNGDOM
2015-03-22 15:56 - 2013-11-15 02:11 - 00000000 ____D () C:\Users\DWAYNE\Desktop\Trash
2015-03-22 15:56 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-22 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-22 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-22 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-22 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-22 15:55 - 2014-01-18 17:51 - 00000000 ____D () C:\Users\DWAYNE\AppData\Roaming\Audacity
2015-03-22 15:55 - 2013-12-06 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-22 15:55 - 2013-11-21 02:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
2015-03-22 15:55 - 2013-11-20 16:38 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2015-03-22 15:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-22 15:53 - 2014-01-28 12:55 - 00000000 ____D () C:\Users\BEQ\AppData\Local\Google
2015-03-22 15:53 - 2013-11-20 15:40 - 00000000 ____D () C:\Users\DWAYNE\AppData\Roaming\Skype
2015-03-22 12:42 - 2014-10-14 01:12 - 00000000 ____D () C:\Users\DWAYNE\Desktop\Jessica
2015-03-21 18:09 - 2014-10-22 20:52 - 00000000 ____D () C:\Users\DWAYNE\Desktop\folder
2015-03-11 02:10 - 2014-08-17 01:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 17:09 - 2013-11-14 21:33 - 00000000 ____D () C:\Users\DWAYNE\dwhelper
2015-03-10 12:30 - 2014-08-08 17:05 - 00000000 ____D () C:\Users\DWAYNE\Desktop\E-FAM Meeting 8.1.2014
2015-03-07 20:32 - 2015-02-16 02:11 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F02EF1C-EE84-4DB7-B84B-8E51D07EB1ED}
2015-03-07 20:24 - 2015-02-10 10:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 13:52 - 2013-12-16 06:01 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\iLivid
2015-03-05 01:09 - 2014-05-01 23:29 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\JESS
2015-03-04 21:40 - 2013-11-13 06:12 - 00000000 ____D () C:\Users\DWAYNE\AppData\Roaming\vlc
2015-03-04 18:07 - 2013-12-04 01:32 - 00037344 _____ () C:\Windows\system32\lvcoinst.log
2015-03-04 17:54 - 2013-11-21 02:11 - 00001859 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2015-03-04 17:53 - 2013-11-21 02:11 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2015-03-03 08:17 - 2014-08-19 13:39 - 00295552 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-26 01:27 - 2013-11-11 20:35 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\Print Screens
2015-02-24 16:37 - 2014-11-14 02:50 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\DAA
2015-02-24 16:23 - 2014-08-07 13:03 - 00000000 ____D () C:\Users\DWAYNE\Desktop\New
2015-02-24 06:51 - 2014-11-17 13:16 - 00000000 ____D () C:\Users\DWAYNE\Desktop\vault
 
==================== Files in the root of some directories =======
 
2013-12-29 00:09 - 2013-12-29 00:09 - 0024222 _____ () C:\Users\DWAYNE\AppData\Roaming\UserTile.png
2013-12-19 01:56 - 2015-01-12 02:07 - 0000189 _____ () C:\Users\DWAYNE\AppData\Roaming\WB.CFG
2015-02-03 03:35 - 2015-02-03 03:35 - 0000088 _____ () C:\Users\DWAYNE\AppData\Local\35cae5923814e470c74d7ab1f2195f82
2013-12-13 21:35 - 2015-02-20 14:52 - 0014336 _____ () C:\Users\DWAYNE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-10 01:07 - 2015-01-10 01:07 - 0000010 _____ () C:\Users\DWAYNE\AppData\Local\DSI.DAT
2014-01-14 03:39 - 2014-01-14 03:39 - 0007597 _____ () C:\Users\DWAYNE\AppData\Local\Resmon.ResmonCfg
2014-05-13 23:42 - 2014-09-09 22:52 - 0000630 _____ () C:\ProgramData\DEFRAG_HISTORY.xml
2013-11-17 12:54 - 2013-11-17 20:25 - 0001127 _____ () C:\ProgramData\hpzinstall.log
2014-10-27 15:17 - 2014-10-27 15:18 - 0039606 _____ () C:\ProgramData\SMRResults430.dat
2014-05-15 19:29 - 2014-07-18 00:17 - 0000455 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
 
Files to move or delete:
====================
C:\ProgramData\SMRResults430.dat
 
 
Some content of TEMP:
====================
C:\Users\DWAYNE\AppData\Local\Temp\{791A7818-5FE1-478E-8479-2CEFE9C6DAAC}.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\avchv.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-16 11:06
 
==================== End Of Log ============================


#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:27 AM

Posted 26 March 2015 - 12:31 PM

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    C:\Windows\system32\ColorMedia64.dll 
    C:\Windows\SysWOW64\ColorMedia.dll 
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
    Toolbar: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    FF SelectedSearchEngine: Binkiland
    CHR HomePage: Default -> 
    CHR StartupUrls: Default -> 
    CHR DefaultSearchKeyword: Default -> 
    CHR DefaultSearchURL: Default -> 
    CHR DefaultSuggestURL: Default -> 
    S2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [X]
    C:\ProgramData\PicColor Utility
    cmd: C:\ComboFix.txt
    Task: {38CD071B-E006-4A56-A915-D9FB155573F9} - \WSE_Vosteran No Task File <==== ATTENTION
    Task: {6D779BE4-3448-40D0-A1D4-A1AFE85C17A3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2005116030-2370162056-1101638710-1000UA => C:\Users\DWAYNE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-12] (Facebook Inc.)
    Task: {B420B954-4D64-44F3-AADA-27C80122DB38} - \LuckyTab No Task File <==== ATTENTION
    Task: {CA8DAC1D-0A72-40C5-B905-285E879C982C} - System32\Tasks\OTRIG => C:\ProgramData\e1b027fcd3704bff937400ada3efac5d\e1b027fcd3704bff937400ada3efac5d.exe
    C:\ProgramData\e1b027fcd3704bff937400ada3efac5d\
    Task: {FA43CD3E-94B7-49F7-AE0E-900719CADF0B} - System32\Tasks\UpdaterEX => C:\Users\DWAYNE\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE 
    C:\Users\DWAYNE\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE 
    AlternateDataStreams: C:\ProgramData\TEMP:08993BCD
    AlternateDataStreams: C:\ProgramData\TEMP:1EE5EBCB
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\ProgramData\TEMP:47408F84
    AlternateDataStreams: C:\ProgramData\TEMP:5D40B34A
    AlternateDataStreams: C:\ProgramData\TEMP:60723CC0
    AlternateDataStreams: C:\ProgramData\TEMP:6E897B76
    AlternateDataStreams: C:\ProgramData\TEMP:7A632F57
    AlternateDataStreams: C:\ProgramData\TEMP:8173A019
    AlternateDataStreams: C:\ProgramData\TEMP:838FECBF
    AlternateDataStreams: C:\ProgramData\TEMP:9812B773
    AlternateDataStreams: C:\ProgramData\TEMP:9BAC8B7A
    AlternateDataStreams: C:\ProgramData\TEMP:A18B7034
    AlternateDataStreams: C:\ProgramData\TEMP:ACCEFF0E
    AlternateDataStreams: C:\ProgramData\TEMP:B42826C8
    AlternateDataStreams: C:\ProgramData\TEMP:C09E92DA
    AlternateDataStreams: C:\ProgramData\TEMP:C48D4F24
    AlternateDataStreams: C:\ProgramData\TEMP:E2295807
    AlternateDataStreams: C:\Users\DWAYNE\Local Settings:init
    AlternateDataStreams: C:\Users\DWAYNE\Downloads\vhdattach390.exe:BDU
    AlternateDataStreams: C:\Users\DWAYNE\AppData\Local:init
    AlternateDataStreams: C:\Users\DWAYNE\AppData\Local\Application Data:init
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
    CreateRestorePoint:
    cmd: netsh winsock reset
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

After the Reboot:

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 hunters123

hunters123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 26 March 2015 - 01:03 PM

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by DWAYNE at 2015-03-26 12:41:10 Run:1
Running from C:\Users\DWAYNE\Desktop\cleaner
Loaded Profiles: DWAYNE (Available profiles: DWAYNE & BEQ)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
C:\Windows\system32\ColorMedia64.dll 
C:\Windows\SysWOW64\ColorMedia.dll 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF SelectedSearchEngine: Binkiland
CHR HomePage: Default -> 
CHR StartupUrls: Default -> 
CHR DefaultSearchKeyword: Default -> 
CHR DefaultSearchURL: Default -> 
CHR DefaultSuggestURL: Default -> 
S2 ColorMedia; C:\ProgramData\PicColor Utility\ColorMedia.exe [X]
C:\ProgramData\PicColor Utility
cmd: C:\ComboFix.txt
Task: {38CD071B-E006-4A56-A915-D9FB155573F9} - \WSE_Vosteran No Task File <==== ATTENTION
Task: {6D779BE4-3448-40D0-A1D4-A1AFE85C17A3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2005116030-2370162056-1101638710-1000UA => C:\Users\DWAYNE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-12] (Facebook Inc.)
Task: {B420B954-4D64-44F3-AADA-27C80122DB38} - \LuckyTab No Task File <==== ATTENTION
Task: {CA8DAC1D-0A72-40C5-B905-285E879C982C} - System32\Tasks\OTRIG => C:\ProgramData\e1b027fcd3704bff937400ada3efac5d\e1b027fcd3704bff937400ada3efac5d.exe
C:\ProgramData\e1b027fcd3704bff937400ada3efac5d\
Task: {FA43CD3E-94B7-49F7-AE0E-900719CADF0B} - System32\Tasks\UpdaterEX => C:\Users\DWAYNE\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE 
C:\Users\DWAYNE\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE 
AlternateDataStreams: C:\ProgramData\TEMP:08993BCD
AlternateDataStreams: C:\ProgramData\TEMP:1EE5EBCB
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:47408F84
AlternateDataStreams: C:\ProgramData\TEMP:5D40B34A
AlternateDataStreams: C:\ProgramData\TEMP:60723CC0
AlternateDataStreams: C:\ProgramData\TEMP:6E897B76
AlternateDataStreams: C:\ProgramData\TEMP:7A632F57
AlternateDataStreams: C:\ProgramData\TEMP:8173A019
AlternateDataStreams: C:\ProgramData\TEMP:838FECBF
AlternateDataStreams: C:\ProgramData\TEMP:9812B773
AlternateDataStreams: C:\ProgramData\TEMP:9BAC8B7A
AlternateDataStreams: C:\ProgramData\TEMP:A18B7034
AlternateDataStreams: C:\ProgramData\TEMP:ACCEFF0E
AlternateDataStreams: C:\ProgramData\TEMP:B42826C8
AlternateDataStreams: C:\ProgramData\TEMP:C09E92DA
AlternateDataStreams: C:\ProgramData\TEMP:C48D4F24
AlternateDataStreams: C:\ProgramData\TEMP:E2295807
AlternateDataStreams: C:\Users\DWAYNE\Local Settings:init
AlternateDataStreams: C:\Users\DWAYNE\Downloads\vhdattach390.exe:BDU
AlternateDataStreams: C:\Users\DWAYNE\AppData\Local:init
AlternateDataStreams: C:\Users\DWAYNE\AppData\Local\Application Data:init
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
CreateRestorePoint:
cmd: netsh winsock reset
EmptyTemp:
*****************
 
Processes closed successfully.
C:\Windows\system32\ColorMedia64.dll => Moved successfully.
C:\Windows\SysWOW64\ColorMedia.dll => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. 
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
ColorMedia => Service deleted successfully.
"C:\ProgramData\PicColor Utility" => File/Directory not found.
 
=========  C:\ComboFix.txt =========
 
 
========= End of CMD: =========
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38CD071B-E006-4A56-A915-D9FB155573F9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38CD071B-E006-4A56-A915-D9FB155573F9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D779BE4-3448-40D0-A1D4-A1AFE85C17A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D779BE4-3448-40D0-A1D4-A1AFE85C17A3}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2005116030-2370162056-1101638710-1000UA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2005116030-2370162056-1101638710-1000UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B420B954-4D64-44F3-AADA-27C80122DB38}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B420B954-4D64-44F3-AADA-27C80122DB38}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA8DAC1D-0A72-40C5-B905-285E879C982C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA8DAC1D-0A72-40C5-B905-285E879C982C}" => Key deleted successfully.
C:\Windows\System32\Tasks\OTRIG => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OTRIG" => Key deleted successfully.
"C:\ProgramData\e1b027fcd3704bff937400ada3efac5d" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA43CD3E-94B7-49F7-AE0E-900719CADF0B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA43CD3E-94B7-49F7-AE0E-900719CADF0B}" => Key deleted successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key deleted successfully.
"C:\Users\DWAYNE\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE" => File/Directory not found.
C:\ProgramData\TEMP => ":08993BCD" ADS removed successfully.
C:\ProgramData\TEMP => ":1EE5EBCB" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":47408F84" ADS removed successfully.
C:\ProgramData\TEMP => ":5D40B34A" ADS removed successfully.
C:\ProgramData\TEMP => ":60723CC0" ADS removed successfully.
C:\ProgramData\TEMP => ":6E897B76" ADS removed successfully.
C:\ProgramData\TEMP => ":7A632F57" ADS removed successfully.
C:\ProgramData\TEMP => ":8173A019" ADS removed successfully.
C:\ProgramData\TEMP => ":838FECBF" ADS removed successfully.
C:\ProgramData\TEMP => ":9812B773" ADS removed successfully.
C:\ProgramData\TEMP => ":9BAC8B7A" ADS removed successfully.
C:\ProgramData\TEMP => ":A18B7034" ADS removed successfully.
C:\ProgramData\TEMP => ":ACCEFF0E" ADS removed successfully.
C:\ProgramData\TEMP => ":B42826C8" ADS removed successfully.
C:\ProgramData\TEMP => ":C09E92DA" ADS removed successfully.
C:\ProgramData\TEMP => ":C48D4F24" ADS removed successfully.
C:\ProgramData\TEMP => ":E2295807" ADS removed successfully.
"C:\Users\DWAYNE\Local Settings" => ":init" ADS not found.
C:\Users\DWAYNE\Downloads\vhdattach390.exe => ":BDU" ADS removed successfully.
C:\Users\DWAYNE\AppData\Local => ":init" ADS removed successfully.
"C:\Users\DWAYNE\AppData\Local\Application Data" => ":init" ADS not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ColorMedia" => Key deleted successfully.
Restore point was successfully created.
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 670.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 12:54:01 ====
 
 
FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by DWAYNE (administrator) on DWAYNE-PC on 26-03-2015 12:59:57
Running from C:\Users\DWAYNE\Desktop\cleaner
Loaded Profiles: DWAYNE (Available profiles: DWAYNE & BEQ)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\Run: [GoogleChromeAutoLaunch_92BF795A6B17D84362A93E38C78E6BE4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48128 2015-02-24] ()
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\BEQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
SearchScopes: HKLM -> {056DE163-7825-4BC9-B9D2-52E0C9B53008} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E417590F-C8FC-4854-971A-5F83A53F3AB9} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-25] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-25] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-25] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2005116030-2370162056-1101638710-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-25] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: WSWSVCUchrome - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\DWAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\j2ws09d9.default-1422134654309
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-13] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-13] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-13] (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-04-19] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\DWAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\j2ws09d9.default-1422134654309\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-02-13]
FF Extension: GMarks - C:\Users\DWAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\j2ws09d9.default-1422134654309\Extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}.xpi [2015-02-14]
FF Extension: Video DownloadHelper - C:\Users\DWAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\j2ws09d9.default-1422134654309\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-02]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-06]
FF HKLM-x32\...\Firefox\Extensions: [flvto@hotger.com] - C:\Users\DWAYNE\AppData\Local\Flvto Plugin for Firefox\flvto_1.7.0.xpi
FF Extension: No Name - C:\Users\DWAYNE\AppData\Local\Flvto Plugin for Firefox\flvto_1.7.0.xpi [2013-10-01]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-11-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-03]
FF HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\Firefox\Extensions: [flvto@hotger.com] - C:\Users\DWAYNE\AppData\Local\Flvto Plugin for Firefox\flvto_1.7.0.xpi
FF HKU\S-1-5-21-2005116030-2370162056-1101638710-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U31) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll No File
CHR Profile: C:\Users\DWAYNE\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 VhdAttach; C:\Program Files\Josip Medved\VHD Attach\VhdAttachService.exe [276936 2014-04-07] (Josip Medved)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2013-08-04] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-08-04] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-08-04] (Kaspersky Lab)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-09-13] ()
S3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [124176 2012-11-30] (High Criteria inc.)
U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [35064 2015-02-10] ()
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 11:28 - 2015-03-26 13:00 - 00000000 ____D () C:\FRST
2015-03-26 09:11 - 2015-03-26 09:11 - 00029056 _____ () C:\ComboFix.txt
2015-03-25 20:50 - 2015-03-26 12:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-25 10:44 - 2015-03-26 12:59 - 00000000 ____D () C:\Users\DWAYNE\Desktop\cleaner
2015-03-09 11:47 - 2015-03-09 11:47 - 00000000 __SHD () C:\Users\BEQ\AppData\Local\EmieUserList
2015-03-09 11:47 - 2015-03-09 11:47 - 00000000 __SHD () C:\Users\BEQ\AppData\Local\EmieSiteList
2015-03-09 11:47 - 2015-03-09 11:47 - 00000000 __SHD () C:\Users\BEQ\AppData\Local\EmieBrowserModeList
2015-03-08 21:27 - 2015-03-22 17:18 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\Shauna & Baby Amaka 3.7.2015
2015-03-06 01:43 - 2015-03-06 01:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-04 14:22 - 2015-03-09 00:22 - 00000000 ____D () C:\Users\DWAYNE\Desktop\Jalanei
2015-02-28 05:43 - 2015-02-28 05:48 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Sharknado 2 The Second One (2014) [1080p]
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 13:02 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 13:02 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 12:56 - 2011-04-07 23:02 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-26 12:56 - 2009-07-14 00:10 - 01593774 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 12:55 - 2015-02-13 20:31 - 00004135 _____ () C:\Windows\setupact.log
2015-03-26 12:55 - 2010-11-13 00:09 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-03-26 12:55 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 12:54 - 2015-02-14 10:28 - 00455518 _____ () C:\Windows\PFRO.log
2015-03-26 12:10 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 12:03 - 2009-07-14 00:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 11:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-26 09:39 - 2011-04-07 23:16 - 00000000 ____D () C:\ProgramData\Sonic
2015-03-26 09:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-26 09:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-03-26 09:18 - 2015-02-10 18:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 09:11 - 2013-11-27 17:46 - 00000000 ____D () C:\Qoobox
2015-03-26 09:06 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-25 21:00 - 2013-11-11 21:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-25 09:59 - 2010-11-13 00:09 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\Apps\2.0
2015-03-25 00:13 - 2013-12-30 23:49 - 00000000 ____D () C:\Program Files (x86)\Alien Stars
2015-03-24 10:05 - 2014-10-22 07:19 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\CrashDumps
2015-03-22 23:00 - 2013-11-12 20:56 - 00000000 ____D () C:\Users\DWAYNE\AppData\Roaming\uTorrent
2015-03-22 20:45 - 2014-02-02 02:21 - 00000000 ____D () C:\Users\DWAYNE\Documents\Outlook Files
2015-03-22 20:44 - 2014-02-02 02:25 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\57545CD5-18A5-4F8C-934F-9B82A1B2AE5F.aplzod
2015-03-22 17:15 - 2014-11-16 16:42 - 00000000 ____D () C:\Users\DWAYNE\Desktop\Old Skool Family!
2015-03-22 17:10 - 2015-02-14 03:07 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\Flvto Youtube Downloader
2015-03-22 16:58 - 2010-11-13 00:04 - 00000000 ____D () C:\Users\DWAYNE
2015-03-22 15:56 - 2015-01-31 21:08 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\Herman High's Going Home Celebration 1.28.2015
2015-03-22 15:56 - 2015-01-27 01:00 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Unbroken.2014.DVDSCR.XviD.AC3-EVO
2015-03-22 15:56 - 2014-11-16 01:22 - 00000000 ____D () C:\Users\DWAYNE\Downloads\The.Last.Exorcism.Part.II.2013.UNRATED.BRRip.XviD-3LT0N
2015-03-22 15:56 - 2014-11-15 20:42 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Kill Them Softly (2012) [1080p]
2015-03-22 15:56 - 2014-01-28 12:31 - 00000000 ____D () C:\Users\BEQ
2015-03-22 15:56 - 2014-01-17 20:51 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Captain Phillips (2013) DVDRip XviD-MAXSPEED
2015-03-22 15:56 - 2013-12-19 02:08 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Elysium 2013 1080p BRRip x264 AC3-JYK
2015-03-22 15:56 - 2013-12-19 02:05 - 00000000 ____D () C:\Users\DWAYNE\Downloads\Elysium 2013 720p BRRIP  x264 AAC KiNGDOM
2015-03-22 15:56 - 2013-11-15 02:11 - 00000000 ____D () C:\Users\DWAYNE\Desktop\Trash
2015-03-22 15:56 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-22 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-22 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-22 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-22 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-22 15:55 - 2014-01-18 17:51 - 00000000 ____D () C:\Users\DWAYNE\AppData\Roaming\Audacity
2015-03-22 15:55 - 2013-12-06 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-22 15:55 - 2013-11-21 02:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
2015-03-22 15:55 - 2013-11-20 16:38 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2015-03-22 15:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-22 15:53 - 2014-01-28 12:55 - 00000000 ____D () C:\Users\BEQ\AppData\Local\Google
2015-03-22 15:53 - 2013-11-20 15:40 - 00000000 ____D () C:\Users\DWAYNE\AppData\Roaming\Skype
2015-03-22 12:42 - 2014-10-14 01:12 - 00000000 ____D () C:\Users\DWAYNE\Desktop\Jessica
2015-03-21 18:09 - 2014-10-22 20:52 - 00000000 ____D () C:\Users\DWAYNE\Desktop\folder
2015-03-11 02:10 - 2014-08-17 01:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 17:09 - 2013-11-14 21:33 - 00000000 ____D () C:\Users\DWAYNE\dwhelper
2015-03-10 12:30 - 2014-08-08 17:05 - 00000000 ____D () C:\Users\DWAYNE\Desktop\E-FAM Meeting 8.1.2014
2015-03-07 20:32 - 2015-02-16 02:11 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F02EF1C-EE84-4DB7-B84B-8E51D07EB1ED}
2015-03-07 20:24 - 2015-02-10 10:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 13:52 - 2013-12-16 06:01 - 00000000 ____D () C:\Users\DWAYNE\AppData\Local\iLivid
2015-03-05 01:09 - 2014-05-01 23:29 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\JESS
2015-03-04 21:40 - 2013-11-13 06:12 - 00000000 ____D () C:\Users\DWAYNE\AppData\Roaming\vlc
2015-03-04 18:07 - 2013-12-04 01:32 - 00037344 _____ () C:\Windows\system32\lvcoinst.log
2015-03-04 17:54 - 2013-11-21 02:11 - 00001859 _____ () C:\Users\Public\Desktop\ooVoo.lnk
2015-03-04 17:53 - 2013-11-21 02:11 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2015-03-03 08:17 - 2014-08-19 13:39 - 00295552 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-26 01:27 - 2013-11-11 20:35 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\Print Screens
2015-02-24 16:37 - 2014-11-14 02:50 - 00000000 ___RD () C:\Users\DWAYNE\Desktop\DAA
2015-02-24 16:23 - 2014-08-07 13:03 - 00000000 ____D () C:\Users\DWAYNE\Desktop\New
2015-02-24 06:51 - 2014-11-17 13:16 - 00000000 ____D () C:\Users\DWAYNE\Desktop\vault
 
==================== Files in the root of some directories =======
 
2013-12-29 00:09 - 2013-12-29 00:09 - 0024222 _____ () C:\Users\DWAYNE\AppData\Roaming\UserTile.png
2013-12-19 01:56 - 2015-01-12 02:07 - 0000189 _____ () C:\Users\DWAYNE\AppData\Roaming\WB.CFG
2015-02-03 03:35 - 2015-02-03 03:35 - 0000088 _____ () C:\Users\DWAYNE\AppData\Local\35cae5923814e470c74d7ab1f2195f82
2013-12-13 21:35 - 2015-02-20 14:52 - 0014336 _____ () C:\Users\DWAYNE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-10 01:07 - 2015-01-10 01:07 - 0000010 _____ () C:\Users\DWAYNE\AppData\Local\DSI.DAT
2014-01-14 03:39 - 2014-01-14 03:39 - 0007597 _____ () C:\Users\DWAYNE\AppData\Local\Resmon.ResmonCfg
2014-05-13 23:42 - 2014-09-09 22:52 - 0000630 _____ () C:\ProgramData\DEFRAG_HISTORY.xml
2013-11-17 12:54 - 2013-11-17 20:25 - 0001127 _____ () C:\ProgramData\hpzinstall.log
2014-10-27 15:17 - 2014-10-27 15:18 - 0039606 _____ () C:\ProgramData\SMRResults430.dat
2014-05-15 19:29 - 2014-07-18 00:17 - 0000455 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
 
Files to move or delete:
====================
C:\ProgramData\SMRResults430.dat
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\avchv.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-16 11:06
 
==================== End Of Log ============================


#15 hunters123

hunters123
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 26 March 2015 - 01:05 PM

Btw deeprybka, thank you VERY much for your quick responses today!!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users