Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many programs running at once, execution is very slow, constant noise-overusage


  • This topic is locked This topic is locked
49 replies to this topic

#1 SteveSteve

SteveSteve

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 29 March 2015 - 07:01 AM

A friend, much more computer fluent than myself warned my system may be compromised (hijacked).

 

Please help



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:03 AM

Posted 29 March 2015 - 06:53 PM

Greetings SteveSteve and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 30 March 2015 - 08:10 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Nick (administrator) on NICK-PC on 30-03-2015 08:54:10
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick (Available profiles: Nick)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-16] (AVAST Software)
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {D9EDDC64-3DC1-4E66-914E-EE02617AF176} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3565968102-2038924888-3838231409-1002 -> {1B7A6B8E-6309-4CDF-9D2A-405EC040F42F} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll [2015-02-10] (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll [2015-02-10] (Microsoft Corporation)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\almop0ek.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-24] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-06]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-06] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 272C1660; C:\Windows\System32\drivers\272C1660.sys [457824 2015-03-29] (Kaspersky Lab ZAO)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-06] ()
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [213504 2011-06-10] (Huawei Technologies Co., Ltd.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )
R0 SMR311; C:\Windows\System32\drivers\SMR311.SYS [95392 2013-02-18] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-11] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 pcouffin; System32\Drivers\pcouffin.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 08:54 - 2015-03-30 08:54 - 00008125 _____ () C:\Users\Nick\Desktop\FRST.txt
2015-03-30 08:53 - 2015-03-30 08:54 - 00000000 ____D () C:\FRST
2015-03-30 08:52 - 2015-03-30 08:53 - 02095616 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2015-03-29 08:53 - 2015-03-29 08:54 - 00000000 ____D () C:\SMCLpav
2015-03-29 08:11 - 2015-03-29 08:11 - 00457824 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\272C1660.sys
2015-03-29 08:11 - 2015-03-29 08:11 - 00000000 ____D () C:\KVRT_Data
2015-03-29 08:09 - 2015-03-29 08:11 - 127399608 _____ (Kaspersky Lab ZAO) C:\Users\Nick\Desktop\KVRT.exe
2015-03-29 08:09 - 2015-03-29 08:09 - 00801384 _____ () C:\Users\Nick\Desktop\generic_uninstaller.exe
2015-03-29 08:09 - 2015-03-29 08:09 - 00650928 _____ () C:\Users\Nick\Desktop\Cloud_AV_Uninstaller.exe
2015-03-29 08:08 - 2015-03-29 08:09 - 05581328 _____ (Avast Software s.r.o.) C:\Users\Nick\Desktop\aswclear.exe
2015-03-29 08:08 - 2015-03-29 08:08 - 03480040 _____ (McAfee, Inc.) C:\Users\Nick\Desktop\MCPR.exe
2015-03-29 08:08 - 2015-03-29 08:08 - 00628584 _____ (Emsisoft GmbH) C:\Users\Nick\Desktop\emsiclean.exe
2015-03-29 08:08 - 2015-03-29 08:08 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Nick\Desktop\mbam-clean-1.60.2.0003.exe
2015-03-29 08:07 - 2015-03-29 08:07 - 00675528 _____ (ESET) C:\Users\Nick\Desktop\ESETUninstaller.exe
2015-03-29 08:05 - 2015-03-29 08:05 - 00000000 _____ () C:\ESETUninstaller.exe
2015-03-29 08:03 - 2015-03-29 08:03 - 00471040 _____ (None) C:\Users\Nick\Desktop\Antivirus Remover.exe
2015-03-24 19:16 - 2015-03-24 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-24 18:59 - 2015-03-24 18:59 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-11 20:26 - 2015-03-11 20:50 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-03-11 20:26 - 2015-03-11 20:33 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-11 20:26 - 2015-03-11 20:26 - 15625816 _____ () C:\Users\Nick\Desktop\RogueKiller.exe
2015-03-11 20:21 - 2015-03-11 20:21 - 00003256 _____ () C:\windows\System32\Tasks\avastBCLRestartS-1-5-21-3565968102-2038924888-3838231409-1002
2015-03-11 20:17 - 2015-03-11 20:17 - 00007605 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
2015-03-10 18:54 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-10 18:54 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-10 18:54 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-10 18:54 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-10 18:54 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-10 18:54 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-10 18:54 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-10 18:54 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-10 18:54 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-10 18:54 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-10 18:54 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-10 18:54 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-10 18:54 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-10 18:54 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-10 18:54 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-10 18:54 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-10 18:54 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-10 18:54 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-10 18:54 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-10 18:54 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-10 18:54 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-10 18:54 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-10 18:54 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-10 18:54 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-10 18:54 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-10 18:54 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-10 18:54 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-10 18:54 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-10 18:54 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-10 18:54 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-10 18:54 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-10 18:54 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-10 18:54 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-10 18:54 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-10 18:54 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-10 18:54 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-10 18:54 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-10 18:54 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-10 18:54 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-10 18:54 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-10 18:54 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-10 18:54 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-10 18:54 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-03-10 18:54 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 18:54 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-03-10 18:54 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-10 18:54 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-10 18:54 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-10 18:53 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-10 18:53 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-10 18:53 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-10 18:53 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-10 18:53 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-10 18:53 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-10 18:53 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-10 18:53 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-10 18:53 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-10 18:53 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-10 18:53 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-10 18:53 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-10 18:53 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-10 18:53 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-10 18:53 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-10 18:53 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-10 18:53 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-10 18:53 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-10 18:53 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-10 18:53 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-10 18:53 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-10 18:53 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-10 18:53 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-10 18:53 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-10 18:53 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-10 18:53 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-10 18:53 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-10 18:53 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-10 18:53 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-10 18:53 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-10 18:53 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-10 18:53 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-10 18:53 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-10 18:53 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-10 18:53 - 2015-02-10 12:44 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-10 18:53 - 2015-02-10 12:43 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-10 18:53 - 2015-02-10 12:43 - 00610816 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-10 18:53 - 2015-02-10 12:43 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-03-10 18:53 - 2015-02-10 12:42 - 12297728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-10 18:53 - 2015-02-10 12:42 - 09059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-10 18:53 - 2015-02-10 12:42 - 02468864 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-10 18:53 - 2015-02-10 12:42 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-10 18:53 - 2015-02-10 12:42 - 00495616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-10 18:53 - 2015-02-10 12:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-10 18:53 - 2015-02-10 12:42 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-10 18:53 - 2015-02-10 12:42 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-10 18:53 - 2015-02-10 12:42 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-03-10 18:53 - 2015-02-10 12:42 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-10 18:53 - 2015-02-10 12:41 - 00174592 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-10 18:53 - 2015-02-10 12:41 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-03-10 18:53 - 2015-02-10 12:41 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-03-10 18:53 - 2015-02-10 12:40 - 01538048 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-10 18:53 - 2015-02-10 12:21 - 01267712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-10 18:53 - 2015-02-10 12:21 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-10 18:53 - 2015-02-10 12:21 - 00428544 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-10 18:53 - 2015-02-10 12:21 - 00132096 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2015-03-10 18:53 - 2015-02-10 12:20 - 11026432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-10 18:53 - 2015-02-10 12:20 - 06030336 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-10 18:53 - 2015-02-10 12:20 - 02087424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-10 18:53 - 2015-02-10 12:20 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-10 18:53 - 2015-02-10 12:20 - 00345600 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-10 18:53 - 2015-02-10 12:20 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-10 18:53 - 2015-02-10 12:20 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-10 18:53 - 2015-02-10 12:20 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-10 18:53 - 2015-02-10 12:20 - 00064512 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2015-03-10 18:53 - 2015-02-10 12:20 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-10 18:53 - 2015-02-10 12:19 - 01466368 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-10 18:53 - 2015-02-10 12:19 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-10 18:53 - 2015-02-10 12:19 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2015-03-10 18:53 - 2015-02-10 12:19 - 00016384 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2015-03-10 18:53 - 2015-02-10 11:21 - 00482816 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-03-10 18:53 - 2015-02-10 10:59 - 00386048 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-03-10 18:53 - 2015-02-10 09:50 - 01638912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-10 18:53 - 2015-02-10 09:21 - 01638912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-10 18:53 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-10 18:53 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-10 18:53 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-10 18:53 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-10 18:53 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-10 18:53 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-10 18:53 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-10 18:53 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-10 18:53 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-05 07:38 - 2015-03-05 07:38 - 00000000 ____D () C:\SUPERDelete
2015-03-05 03:57 - 2015-03-05 03:57 - 00000000 ____D () C:\Users\Nick\AppData\Local\Hardcoded Software
2015-03-05 03:57 - 2015-03-05 03:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dupeGuru
2015-03-05 03:57 - 2015-03-05 03:57 - 00000000 ____D () C:\Program Files\Hardcoded Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 08:52 - 2014-11-16 22:29 - 01307606 _____ () C:\windows\WindowsUpdate.log
2015-03-30 08:51 - 2014-02-03 22:38 - 00015024 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 08:51 - 2014-02-03 22:38 - 00015024 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 08:46 - 2015-01-06 19:27 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-03-30 08:45 - 2015-01-15 10:26 - 00009576 _____ () C:\windows\setupact.log
2015-03-30 08:45 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-29 08:54 - 2015-01-15 12:22 - 00038756 _____ () C:\windows\PFRO.log
2015-03-29 08:54 - 2009-07-13 23:20 - 00000000 __RSD () C:\windows\Media
2015-03-28 22:54 - 2009-07-14 01:13 - 00006534 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-26 21:42 - 2014-12-28 19:17 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-24 19:01 - 2014-12-22 02:55 - 00000000 ____D () C:\Users\Nick\AppData\Local\Adobe
2015-03-24 18:59 - 2014-12-28 19:17 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-24 18:59 - 2014-12-28 19:17 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-24 18:59 - 2014-12-28 19:17 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-03-11 20:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2015-03-11 12:37 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-11 12:36 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-11 12:33 - 2009-07-14 00:45 - 00427112 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-11 12:31 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-11 12:31 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-09 11:02 - 2011-10-08 10:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-03-05 09:57 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-05 09:57 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-05 09:57 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-03-05 09:57 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Setup
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\InstallShield
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\icsxml
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\com
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Setup
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\oobe
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\migwiz
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\icsxml
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\com
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\servicing
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\Cursors
2015-03-05 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-05 09:56 - 2014-05-06 11:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-05 09:56 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\system32\WinBioPlugIns
2015-03-05 09:56 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-03-05 09:56 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-05 09:56 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-05 09:56 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-05 09:56 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-05 09:56 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\zh-HK
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\uk-UA
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\tr-TR
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\th-TH
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\sr-Latn-CS
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\sppui
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\sl-SI
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\sk-SK
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\ro-RO
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\ras
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\oobe
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\manifeststore
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\lv-LV
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\lt-LT
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\hr-HR
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\he-IL
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\et-EE
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\bg-BG
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\ar-SA
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\AdvancedInstallers
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\zh-HK
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\uk-UA
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\tr-TR
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\th-TH
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\sysprep
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\sr-Latn-CS
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\sppui
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\sl-SI
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\sk-SK
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\ro-RO
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\ras
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\manifeststore
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\lv-LV
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\lt-LT
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\hr-HR
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\he-IL
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\et-EE
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\bg-BG
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\ar-SA
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\L2Schemas
2015-03-05 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\IME
2015-03-05 09:54 - 2012-03-10 11:19 - 00000000 ____D () C:\windows\system32\SPReview
2015-03-05 09:54 - 2009-12-16 07:13 - 00000000 ____D () C:\windows\SysWOW64\Microsoft.VC80.MFC
2015-03-05 09:54 - 2009-12-16 07:13 - 00000000 ____D () C:\windows\system32\Microsoft.VC80.MFC
2015-03-05 09:54 - 2009-12-16 07:10 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2015-03-05 09:54 - 2009-12-16 07:07 - 00000000 ____D () C:\windows\SysWOW64\x64
2015-03-05 09:54 - 2009-07-14 01:37 - 00000000 ____D () C:\windows\SysWOW64\winrm
2015-03-05 09:54 - 2009-07-14 01:37 - 00000000 ____D () C:\windows\SysWOW64\WCN
2015-03-05 09:54 - 2009-07-14 01:37 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2015-03-05 09:54 - 2009-07-14 01:37 - 00000000 ____D () C:\windows\system32\winrm
2015-03-05 09:54 - 2009-07-14 01:37 - 00000000 ____D () C:\windows\system32\WCN
2015-03-05 09:54 - 2009-07-14 01:37 - 00000000 ____D () C:\windows\system32\slmgr
2015-03-05 09:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Speech
2015-03-05 09:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\MUI
2015-03-05 09:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Msdtc
2015-03-05 09:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\IME
2015-03-05 09:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Speech
2015-03-05 09:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\MUI
2015-03-05 09:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Msdtc
2015-03-05 09:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\IME
2015-03-05 09:53 - 2012-04-12 15:01 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2015-03-05 09:53 - 2009-12-16 07:13 - 00000000 ____D () C:\ProgramData\Vista32
2015-03-05 09:53 - 2009-12-16 07:12 - 00000000 ____D () C:\Program Files\Synaptics
2015-03-05 09:53 - 2009-12-16 07:10 - 00000000 ____D () C:\Program Files\Realtek
2015-03-05 09:53 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\Branding
2015-03-05 09:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-03-05 09:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-05 09:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2015-03-05 09:51 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2015-03-05 09:37 - 2014-12-20 02:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-05 09:37 - 2012-03-10 16:39 - 00000000 ___RD () C:\Users\Nick\Desktop\Desktop items
2015-03-05 07:08 - 2015-01-18 21:12 - 00000488 _____ () C:\DelFix.txt
2015-03-05 07:00 - 2010-02-20 01:19 - 00000000 ____D () C:\Users\Nick
2015-03-05 04:33 - 2015-01-07 22:15 - 00000000 ____D () C:\Users\Nick\Desktop\605
2015-03-05 04:33 - 2015-01-06 22:28 - 00000000 ____D () C:\Users\Nick\Desktop\645
2015-03-05 04:33 - 2015-01-06 22:23 - 00000000 ____D () C:\Users\Nick\Desktop\686
2015-03-05 04:33 - 2013-08-26 03:33 - 00000000 ____D () C:\ProgramData\MSScanAppDataDir

==================== Files in the root of some directories =======

2010-02-23 21:55 - 2012-09-03 22:23 - 0007859 _____ () C:\Users\Nick\AppData\Roaming\pcouffin.cat
2010-02-23 21:55 - 2012-09-03 22:23 - 0001167 _____ () C:\Users\Nick\AppData\Roaming\pcouffin.inf
2010-02-23 21:55 - 2012-09-03 22:23 - 0082816 _____ (VSO Software) C:\Users\Nick\AppData\Roaming\pcouffin.sys
2015-03-11 20:17 - 2015-03-11 20:17 - 0007605 _____ () C:\Users\Nick\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-19 11:44

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Nick at 2015-03-30 08:55:21
Running from C:\Users\Nick\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\...\Adobe Connect 9 Add-in) (Version: 11,9,970,233 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - )
Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-12-25 14:12 - 2015-03-11 20:56 - 00000768 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {19A78360-85CB-49C0-9A3A-5AD6601DEC25} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
Task: {1DE597F3-7EE8-4894-B5CD-B5CB9C606854} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-24] (Adobe Systems Incorporated)
Task: {33E405E8-58E1-41B5-BA2E-DB6F3ACF8FF5} - System32\Tasks\{73FD62AC-FA56-4176-9945-71D823AB7CC6} => C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe [2009-07-13] ()
Task: {3BC4E27A-9773-4E50-BC07-60E88E31217F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-06] (AVAST Software)
Task: {473F526D-40E3-42F8-B156-4A1FD94C1539} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {A4E2BE2C-6935-44B0-8215-B3930664E81E} - System32\Tasks\{AABF2061-78DE-4F66-BB20-97DE72387ED7} => pcalua.exe -a C:\Users\Nick\AppData\Local\Temp\jre-8u31-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {A924ABAA-77B5-46CB-9FE2-6AAAA17DEC2C} - System32\Tasks\{8F648FA5-EE68-40B8-86AD-8D9790868301} => C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe [2009-07-13] ()
Task: {AC6B326D-35B2-4686-9D7D-552BFFD3BC1E} - System32\Tasks\avastBCLRestartS-1-5-21-3565968102-2038924888-3838231409-1002 => Firefox.exe
Task: {CA005D4E-CE69-43F1-91A4-00D72D28BD0A} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D3C577B4-8D43-450C-96F9-D0D41EF082F3} - System32\Tasks\{79D3EAD8-CBEA-425F-A3FC-1E7188CEAC4C} => C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe [2009-07-13] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-29 07:54 - 2015-03-29 07:54 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15032900\algo.dll
2015-03-30 08:46 - 2015-03-30 08:46 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15033000\algo.dll
2015-03-16 11:38 - 2015-03-16 11:38 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\272C1660.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81862546.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93203563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\272C1660.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81862546.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93203563.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Gadget Service => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\startupfolder: C:^Users^Nick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HWSetup => "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TosNC => %PROGRAMFILES%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

==================== Accounts: =============================

Administrator (S-1-5-21-3565968102-2038924888-3838231409-500 - Administrator - Disabled)
Guest (S-1-5-21-3565968102-2038924888-3838231409-501 - Limited - Disabled)
Nick (S-1-5-21-3565968102-2038924888-3838231409-1002 - Administrator - Enabled) => C:\Users\Nick

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2015 08:55:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Initialize For Backup

Error: (03/30/2015 08:55:22 AM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {f5078f32-c551-11d3-89b9-0000f81fe221} and Name MSXML30 is [0x80040154, Class not registered
].


Operation:
   Initialize For Backup


System errors:
=============
Error: (03/30/2015 08:45:44 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (03/30/2015 08:45:38 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (03/30/2015 08:45:38 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (03/29/2015 08:54:46 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (03/29/2015 08:54:37 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (03/29/2015 08:54:37 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (03/29/2015 08:53:50 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Panda Security Generic Uninstaller service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/29/2015 08:50:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/29/2015 08:50:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/29/2015 08:50:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/30/2015 08:55:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80040154, Class not registered


Operation:
   Initialize For Backup

Error: (03/30/2015 08:55:22 AM) (Source: VSS) (EventID: 22) (User: )
Description: {f5078f32-c551-11d3-89b9-0000f81fe221}MSXML300x80040154, Class not registered


Operation:
   Initialize For Backup


CodeIntegrity Errors:
===================================
  Date: 2015-01-15 13:08:08.398
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-15 13:08:08.039
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-05 06:19:19.436
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-05 06:19:18.921
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 2936.89 MB
Available physical RAM: 1674.89 MB
Total Pagefile: 5871.96 MB
Available Pagefile: 4286.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI105756W0B) (Fixed) (Total:222.43 GB) (Free:178.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: CE865B76)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================

 

 

 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:03 AM

Posted 30 March 2015 - 09:23 AM

Thank you for the information. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 pcouffin; System32\Drivers\pcouffin.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • TDSSKiller log
  • aswMBR log
  • FSS report
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 30 March 2015 - 03:24 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Nick at 2015-03-30 15:49:01 Run:1
Running from C:\Users\Nick\Desktop
Loaded Profiles: Nick (Available profiles: Nick)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 pcouffin; System32\Drivers\pcouffin.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3565968102-2038924888-3838231409-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
catchme => Service deleted successfully.
cleanhlp => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
pcouffin => Service deleted successfully.
RtsUIR => Service deleted successfully.
USBCCID => Service deleted successfully.

==== End of Fixlog 15:49:01 ====

 

 

 

15:52:33.0357 0x0188  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
15:52:39.0909 0x0188  ============================================================
15:52:39.0909 0x0188  Current date / time: 2015/03/30 15:52:39.0909
15:52:39.0909 0x0188  SystemInfo:
15:52:39.0909 0x0188  
15:52:39.0909 0x0188  OS Version: 6.1.7601 ServicePack: 1.0
15:52:39.0909 0x0188  Product type: Workstation
15:52:39.0909 0x0188  ComputerName: NICK-PC
15:52:39.0909 0x0188  UserName: Nick
15:52:39.0909 0x0188  Windows directory: C:\windows
15:52:39.0909 0x0188  System windows directory: C:\windows
15:52:39.0909 0x0188  Running under WOW64
15:52:39.0909 0x0188  Processor architecture: Intel x64
15:52:39.0909 0x0188  Number of processors: 1
15:52:39.0909 0x0188  Page size: 0x1000
15:52:39.0909 0x0188  Boot type: Normal boot
15:52:39.0909 0x0188  ============================================================
15:52:40.0081 0x0188  KLMD registered as C:\windows\system32\drivers\40887059.sys
15:52:40.0486 0x0188  System UUID: {FF5CE480-C9F9-52A9-50E0-03367FB55580}
15:52:41.0188 0x0188  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:52:41.0188 0x0188  ============================================================
15:52:41.0188 0x0188  \Device\Harddisk0\DR0:
15:52:41.0188 0x0188  MBR partitions:
15:52:41.0188 0x0188  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCDE800
15:52:41.0188 0x0188  ============================================================
15:52:41.0219 0x0188  C: <-> \Device\Harddisk0\DR0\Partition1
15:52:41.0219 0x0188  ============================================================
15:52:41.0219 0x0188  Initialize success
15:52:41.0219 0x0188  ============================================================
15:52:59.0456 0x080c  ============================================================
15:52:59.0456 0x080c  Scan started
15:52:59.0456 0x080c  Mode: Manual;
15:52:59.0456 0x080c  ============================================================
15:52:59.0456 0x080c  KSN ping started
15:53:04.0588 0x080c  KSN ping finished: true
15:53:05.0072 0x080c  ================ Scan system memory ========================
15:53:05.0072 0x080c  System memory - ok
15:53:05.0072 0x080c  ================ Scan services =============================
15:53:05.0259 0x080c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
15:53:05.0259 0x080c  1394ohci - ok
15:53:05.0353 0x080c  [ 67D1F7FA1DF9502DE12027D7C7782863, BCB92C1C11A7576FD7E91B160CBC3FB5A0C31FE028305021D7C10EC40C4D5013 ] 272C1660        C:\windows\system32\drivers\272C1660.sys
15:53:05.0368 0x080c  272C1660 - ok
15:53:05.0415 0x080c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
15:53:05.0431 0x080c  ACPI - ok
15:53:05.0462 0x080c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
15:53:05.0477 0x080c  AcpiPmi - ok
15:53:05.0618 0x080c  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:53:05.0618 0x080c  AdobeARMservice - ok
15:53:05.0774 0x080c  [ B0FE8D243A4EC6727D7EC5019C4B26B1, 6A319A77E19937208237BDBD2A545367EEC7B4B7ED732E0BAF616070C2FD88A3 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:53:05.0774 0x080c  AdobeFlashPlayerUpdateSvc - ok
15:53:05.0852 0x080c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
15:53:05.0852 0x080c  adp94xx - ok
15:53:05.0914 0x080c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
15:53:05.0930 0x080c  adpahci - ok
15:53:05.0945 0x080c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
15:53:05.0961 0x080c  adpu320 - ok
15:53:05.0992 0x080c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
15:53:05.0992 0x080c  AeLookupSvc - ok
15:53:06.0055 0x080c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
15:53:06.0070 0x080c  AFD - ok
15:53:06.0164 0x080c  [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem  C:\windows\system32\DRIVERS\agrsm64.sys
15:53:06.0195 0x080c  AgereSoftModem - ok
15:53:06.0226 0x080c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
15:53:06.0242 0x080c  agp440 - ok
15:53:06.0289 0x080c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
15:53:06.0289 0x080c  ALG - ok
15:53:06.0351 0x080c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
15:53:06.0351 0x080c  aliide - ok
15:53:06.0367 0x080c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
15:53:06.0367 0x080c  amdide - ok
15:53:06.0429 0x080c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
15:53:06.0429 0x080c  AmdK8 - ok
15:53:06.0460 0x080c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
15:53:06.0460 0x080c  AmdPPM - ok
15:53:06.0523 0x080c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
15:53:06.0523 0x080c  amdsata - ok
15:53:06.0554 0x080c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
15:53:06.0554 0x080c  amdsbs - ok
15:53:06.0601 0x080c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
15:53:06.0616 0x080c  amdxata - ok
15:53:06.0647 0x080c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\windows\system32\drivers\appid.sys
15:53:06.0647 0x080c  AppID - ok
15:53:06.0694 0x080c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\windows\System32\appidsvc.dll
15:53:06.0694 0x080c  AppIDSvc - ok
15:53:06.0757 0x080c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
15:53:06.0757 0x080c  Appinfo - ok
15:53:06.0835 0x080c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\DRIVERS\arc.sys
15:53:06.0835 0x080c  arc - ok
15:53:06.0850 0x080c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
15:53:06.0850 0x080c  arcsas - ok
15:53:06.0975 0x080c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:53:06.0991 0x080c  aspnet_state - ok
15:53:07.0053 0x080c  [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\windows\system32\drivers\aswHwid.sys
15:53:07.0053 0x080c  aswHwid - ok
15:53:07.0084 0x080c  [ DE13ACC4B3EA66B4FBED7CF322807C90, E62AC03B66E69C43BBF275C10A79D88A6CCD782A8257114335464400E57A5639 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
15:53:07.0084 0x080c  aswMonFlt - ok
15:53:07.0147 0x080c  [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\windows\system32\drivers\aswRdr2.sys
15:53:07.0147 0x080c  aswRdr - ok
15:53:07.0178 0x080c  [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
15:53:07.0178 0x080c  aswRvrt - ok
15:53:07.0271 0x080c  [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
15:53:07.0303 0x080c  aswSnx - ok
15:53:07.0381 0x080c  [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\windows\system32\drivers\aswSP.sys
15:53:07.0381 0x080c  aswSP - ok
15:53:07.0459 0x080c  [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm          C:\windows\system32\drivers\aswStm.sys
15:53:07.0459 0x080c  aswStm - ok
15:53:07.0505 0x080c  [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
15:53:07.0521 0x080c  aswVmm - ok
15:53:07.0552 0x080c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
15:53:07.0552 0x080c  AsyncMac - ok
15:53:07.0568 0x080c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
15:53:07.0583 0x080c  atapi - ok
15:53:07.0646 0x080c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:53:07.0661 0x080c  AudioEndpointBuilder - ok
15:53:07.0693 0x080c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\windows\System32\Audiosrv.dll
15:53:07.0708 0x080c  AudioSrv - ok
15:53:07.0817 0x080c  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:53:07.0817 0x080c  avast! Antivirus - ok
15:53:07.0880 0x080c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
15:53:07.0880 0x080c  AxInstSV - ok
15:53:07.0942 0x080c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
15:53:07.0958 0x080c  b06bdrv - ok
15:53:08.0020 0x080c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
15:53:08.0020 0x080c  b57nd60a - ok
15:53:08.0083 0x080c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
15:53:08.0083 0x080c  BDESVC - ok
15:53:08.0129 0x080c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
15:53:08.0129 0x080c  Beep - ok
15:53:08.0192 0x080c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
15:53:08.0207 0x080c  BFE - ok
15:53:08.0270 0x080c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
15:53:08.0301 0x080c  BITS - ok
15:53:08.0348 0x080c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
15:53:08.0363 0x080c  blbdrive - ok
15:53:08.0379 0x080c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
15:53:08.0395 0x080c  bowser - ok
15:53:08.0410 0x080c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
15:53:08.0410 0x080c  BrFiltLo - ok
15:53:08.0441 0x080c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
15:53:08.0441 0x080c  BrFiltUp - ok
15:53:08.0504 0x080c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
15:53:08.0504 0x080c  BridgeMP - ok
15:53:08.0566 0x080c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
15:53:08.0566 0x080c  Browser - ok
15:53:08.0613 0x080c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
15:53:08.0613 0x080c  Brserid - ok
15:53:08.0644 0x080c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
15:53:08.0644 0x080c  BrSerWdm - ok
15:53:08.0660 0x080c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
15:53:08.0660 0x080c  BrUsbMdm - ok
15:53:08.0675 0x080c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
15:53:08.0675 0x080c  BrUsbSer - ok
15:53:08.0707 0x080c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
15:53:08.0707 0x080c  BTHMODEM - ok
15:53:08.0753 0x080c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
15:53:08.0769 0x080c  bthserv - ok
15:53:08.0800 0x080c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
15:53:08.0800 0x080c  cdfs - ok
15:53:08.0847 0x080c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
15:53:08.0863 0x080c  cdrom - ok
15:53:08.0909 0x080c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
15:53:08.0925 0x080c  CertPropSvc - ok
15:53:08.0972 0x080c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
15:53:08.0972 0x080c  circlass - ok
15:53:09.0019 0x080c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
15:53:09.0034 0x080c  CLFS - ok
15:53:09.0097 0x080c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:53:09.0097 0x080c  clr_optimization_v2.0.50727_32 - ok
15:53:09.0128 0x080c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:53:09.0128 0x080c  clr_optimization_v2.0.50727_64 - ok
15:53:09.0190 0x080c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:53:09.0221 0x080c  clr_optimization_v4.0.30319_32 - ok
15:53:09.0268 0x080c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:53:09.0315 0x080c  clr_optimization_v4.0.30319_64 - ok
15:53:09.0346 0x080c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
15:53:09.0362 0x080c  CmBatt - ok
15:53:09.0393 0x080c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
15:53:09.0393 0x080c  cmdide - ok
15:53:09.0440 0x080c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\windows\system32\Drivers\cng.sys
15:53:09.0455 0x080c  CNG - ok
15:53:09.0487 0x080c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
15:53:09.0487 0x080c  Compbatt - ok
15:53:09.0502 0x080c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
15:53:09.0518 0x080c  CompositeBus - ok
15:53:09.0533 0x080c  COMSysApp - ok
15:53:09.0549 0x080c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
15:53:09.0549 0x080c  crcdisk - ok
15:53:09.0611 0x080c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\windows\system32\cryptsvc.dll
15:53:09.0611 0x080c  CryptSvc - ok
15:53:09.0705 0x080c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
15:53:09.0721 0x080c  DcomLaunch - ok
15:53:09.0767 0x080c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
15:53:09.0783 0x080c  defragsvc - ok
15:53:09.0814 0x080c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
15:53:09.0814 0x080c  DfsC - ok
15:53:09.0861 0x080c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
15:53:09.0877 0x080c  Dhcp - ok
15:53:09.0892 0x080c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
15:53:09.0908 0x080c  discache - ok
15:53:09.0939 0x080c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\DRIVERS\disk.sys
15:53:09.0955 0x080c  Disk - ok
15:53:10.0001 0x080c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
15:53:10.0017 0x080c  Dnscache - ok
15:53:10.0064 0x080c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
15:53:10.0064 0x080c  dot3svc - ok
15:53:10.0111 0x080c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
15:53:10.0111 0x080c  DPS - ok
15:53:10.0142 0x080c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
15:53:10.0157 0x080c  drmkaud - ok
15:53:10.0204 0x080c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
15:53:10.0235 0x080c  DXGKrnl - ok
15:53:10.0282 0x080c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
15:53:10.0282 0x080c  EapHost - ok
15:53:10.0438 0x080c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
15:53:10.0547 0x080c  ebdrv - ok
15:53:10.0594 0x080c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS             C:\windows\System32\lsass.exe
15:53:10.0594 0x080c  EFS - ok
15:53:10.0688 0x080c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
15:53:10.0703 0x080c  ehRecvr - ok
15:53:10.0735 0x080c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
15:53:10.0735 0x080c  ehSched - ok
15:53:10.0797 0x080c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
15:53:10.0797 0x080c  elxstor - ok
15:53:10.0844 0x080c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
15:53:10.0844 0x080c  ErrDev - ok
15:53:10.0906 0x080c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
15:53:10.0922 0x080c  EventSystem - ok
15:53:10.0953 0x080c  [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev     C:\windows\system32\DRIVERS\ew_hwusbdev.sys
15:53:10.0969 0x080c  ew_hwusbdev - ok
15:53:11.0015 0x080c  [ 55E0EDA185869F7EA67EA97FD0655B39, D4A51E383102AA48F022EFCA08FAC389336A22C1DF60E17815117EFA60716964 ] ew_usbenumfilter C:\windows\system32\DRIVERS\ew_usbenumfilter.sys
15:53:11.0015 0x080c  ew_usbenumfilter - ok
15:53:11.0062 0x080c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
15:53:11.0078 0x080c  exfat - ok
15:53:11.0109 0x080c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
15:53:11.0125 0x080c  fastfat - ok
15:53:11.0203 0x080c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
15:53:11.0218 0x080c  Fax - ok
15:53:11.0249 0x080c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\DRIVERS\fdc.sys
15:53:11.0249 0x080c  fdc - ok
15:53:11.0281 0x080c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
15:53:11.0296 0x080c  fdPHost - ok
15:53:11.0312 0x080c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
15:53:11.0312 0x080c  FDResPub - ok
15:53:11.0359 0x080c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
15:53:11.0359 0x080c  FileInfo - ok
15:53:11.0390 0x080c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
15:53:11.0390 0x080c  Filetrace - ok
15:53:11.0421 0x080c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
15:53:11.0421 0x080c  flpydisk - ok
15:53:11.0483 0x080c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
15:53:11.0499 0x080c  FltMgr - ok
15:53:11.0577 0x080c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
15:53:11.0608 0x080c  FontCache - ok
15:53:11.0671 0x080c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:53:11.0671 0x080c  FontCache3.0.0.0 - ok
15:53:11.0702 0x080c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
15:53:11.0702 0x080c  FsDepends - ok
15:53:11.0733 0x080c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
15:53:11.0733 0x080c  Fs_Rec - ok
15:53:11.0764 0x080c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
15:53:11.0764 0x080c  fvevol - ok
15:53:11.0811 0x080c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
15:53:11.0811 0x080c  gagp30kx - ok
15:53:11.0873 0x080c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
15:53:11.0889 0x080c  gpsvc - ok
15:53:11.0936 0x080c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
15:53:11.0936 0x080c  hcw85cir - ok
15:53:11.0983 0x080c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:53:11.0983 0x080c  HdAudAddService - ok
15:53:12.0029 0x080c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
15:53:12.0029 0x080c  HDAudBus - ok
15:53:12.0061 0x080c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
15:53:12.0061 0x080c  HidBatt - ok
15:53:12.0107 0x080c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
15:53:12.0107 0x080c  HidBth - ok
15:53:12.0139 0x080c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
15:53:12.0139 0x080c  HidIr - ok
15:53:12.0185 0x080c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
15:53:12.0185 0x080c  hidserv - ok
15:53:12.0248 0x080c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
15:53:12.0248 0x080c  HidUsb - ok
15:53:12.0279 0x080c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
15:53:12.0279 0x080c  hkmsvc - ok
15:53:12.0310 0x080c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:53:12.0326 0x080c  HomeGroupListener - ok
15:53:12.0373 0x080c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:53:12.0373 0x080c  HomeGroupProvider - ok
15:53:12.0419 0x080c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
15:53:12.0419 0x080c  HpSAMD - ok
15:53:12.0466 0x080c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
15:53:12.0482 0x080c  HTTP - ok
15:53:12.0529 0x080c  [ 30516686A4ACA616AE8728BC0CB65E51, 777487702EB5668591F27EA78CDA8F493AB04F414C72198DB809EB912306CA60 ] huawei_cdcacm   C:\windows\system32\DRIVERS\ew_jucdcacm.sys
15:53:12.0529 0x080c  huawei_cdcacm - ok
15:53:12.0575 0x080c  [ E1EE74AC69C88C8379898D97E34A8852, 7F9B6CF36FDC2DE3869BDE8F2303E1ADC93F414C1D0375DFF0FC6E4A0D342510 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
15:53:12.0575 0x080c  huawei_enumerator - ok
15:53:12.0622 0x080c  [ D13B215259D8362DC1C6F8F645DF7BA9, 6235989F62C2D72072CFB0B34A6F96BC164DA6B898C4D9C8954530C195FCEB53 ] huawei_ext_ctrl C:\windows\system32\DRIVERS\ew_juextctrl.sys
15:53:12.0622 0x080c  huawei_ext_ctrl - ok
15:53:12.0669 0x080c  [ 6AF9654CEDC83CB533771C9FFC6B27B0, 8BBCD99E9C7E5734D6BD111EA2E759FFF788546B3EE5270127472603FA0E6ADE ] huawei_wwanecm  C:\windows\system32\DRIVERS\ew_juwwanecm.sys
15:53:12.0685 0x080c  huawei_wwanecm - ok
15:53:12.0716 0x080c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
15:53:12.0716 0x080c  hwpolicy - ok
15:53:12.0747 0x080c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
15:53:12.0747 0x080c  i8042prt - ok
15:53:12.0825 0x080c  [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
15:53:12.0825 0x080c  iaStor - ok
15:53:12.0872 0x080c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
15:53:12.0887 0x080c  iaStorV - ok
15:53:12.0950 0x080c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:53:12.0981 0x080c  idsvc - ok
15:53:13.0262 0x080c  [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF, 1543345ED76F0FEF907A32E0838F8B01F0FB361565B13ADD34F552FF48D38DD6 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
15:53:13.0511 0x080c  igfx - ok
15:53:13.0636 0x080c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
15:53:13.0636 0x080c  iirsp - ok
15:53:13.0699 0x080c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
15:53:13.0730 0x080c  IKEEXT - ok
15:53:13.0839 0x080c  [ 0C3CF4B3BAE28E121A1689E3538F8712, 1599785D54E8306872A1DDD8546D316C9B193A85C5AEB37CF956B8C4077B8792 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:53:13.0886 0x080c  IntcAzAudAddService - ok
15:53:13.0933 0x080c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
15:53:13.0933 0x080c  intelide - ok
15:53:13.0964 0x080c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
15:53:13.0964 0x080c  intelppm - ok
15:53:14.0011 0x080c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
15:53:14.0011 0x080c  IPBusEnum - ok
15:53:14.0042 0x080c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
15:53:14.0042 0x080c  IpFilterDriver - ok
15:53:14.0104 0x080c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
15:53:14.0120 0x080c  iphlpsvc - ok
15:53:14.0151 0x080c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
15:53:14.0151 0x080c  IPMIDRV - ok
15:53:14.0182 0x080c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
15:53:14.0198 0x080c  IPNAT - ok
15:53:14.0229 0x080c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
15:53:14.0229 0x080c  IRENUM - ok
15:53:14.0245 0x080c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
15:53:14.0245 0x080c  isapnp - ok
15:53:14.0291 0x080c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
15:53:14.0307 0x080c  iScsiPrt - ok
15:53:14.0354 0x080c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
15:53:14.0354 0x080c  kbdclass - ok
15:53:14.0401 0x080c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
15:53:14.0401 0x080c  kbdhid - ok
15:53:14.0432 0x080c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso          C:\windows\system32\lsass.exe
15:53:14.0432 0x080c  KeyIso - ok
15:53:14.0463 0x080c  [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
15:53:14.0479 0x080c  KSecDD - ok
15:53:14.0494 0x080c  [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
15:53:14.0494 0x080c  KSecPkg - ok
15:53:14.0541 0x080c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
15:53:14.0541 0x080c  ksthunk - ok
15:53:14.0588 0x080c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
15:53:14.0603 0x080c  KtmRm - ok
15:53:14.0650 0x080c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
15:53:14.0666 0x080c  LanmanServer - ok
15:53:14.0713 0x080c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:53:14.0713 0x080c  LanmanWorkstation - ok
15:53:14.0759 0x080c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
15:53:14.0759 0x080c  lltdio - ok
15:53:14.0806 0x080c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
15:53:14.0822 0x080c  lltdsvc - ok
15:53:14.0853 0x080c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
15:53:14.0853 0x080c  lmhosts - ok
15:53:14.0915 0x080c  [ 41E122F6D1448C94CC05196BC41D6BFB, DC027B897A14359669C6C93CCC7FCEEA2FDCEE281489589DDAEE008FAD0B15E2 ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
15:53:14.0915 0x080c  LPCFilter - ok
15:53:14.0962 0x080c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
15:53:14.0962 0x080c  LSI_FC - ok
15:53:14.0993 0x080c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
15:53:14.0993 0x080c  LSI_SAS - ok
15:53:15.0040 0x080c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
15:53:15.0040 0x080c  LSI_SAS2 - ok
15:53:15.0087 0x080c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
15:53:15.0087 0x080c  LSI_SCSI - ok
15:53:15.0134 0x080c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
15:53:15.0149 0x080c  luafv - ok
15:53:15.0212 0x080c  [ A401CFF74982D8DF851F20307C806073, 1D7BA90C9E77FAAE59F60AB5310EC41D9C5B98F1F9A89A3CDB9169E6DEF565DA ] LVRS64          C:\windows\system32\DRIVERS\lvrs64.sys
15:53:15.0227 0x080c  LVRS64 - ok
15:53:15.0430 0x080c  [ 13384CB5F5813E65F31078D6ABFAAF38, A6E7374C15CAECC273197BF62F8F926BA30E9509270A8470756F4710E1DEA126 ] LVUVC64         C:\windows\system32\DRIVERS\lvuvc64.sys
15:53:15.0586 0x080c  LVUVC64 - ok
15:53:15.0633 0x080c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
15:53:15.0649 0x080c  Mcx2Svc - ok
15:53:15.0680 0x080c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
15:53:15.0680 0x080c  megasas - ok
15:53:15.0711 0x080c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
15:53:15.0711 0x080c  MegaSR - ok
15:53:15.0758 0x080c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
15:53:15.0773 0x080c  MMCSS - ok
15:53:15.0789 0x080c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
15:53:15.0789 0x080c  Modem - ok
15:53:15.0851 0x080c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
15:53:15.0851 0x080c  monitor - ok
15:53:15.0898 0x080c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\drivers\mouclass.sys
15:53:15.0898 0x080c  mouclass - ok
15:53:15.0914 0x080c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
15:53:15.0914 0x080c  mouhid - ok
15:53:15.0945 0x080c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
15:53:15.0961 0x080c  mountmgr - ok
15:53:15.0992 0x080c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
15:53:16.0007 0x080c  mpio - ok
15:53:16.0039 0x080c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
15:53:16.0039 0x080c  mpsdrv - ok
15:53:16.0101 0x080c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
15:53:16.0132 0x080c  MpsSvc - ok
15:53:16.0163 0x080c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
15:53:16.0163 0x080c  MRxDAV - ok
15:53:16.0195 0x080c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
15:53:16.0195 0x080c  mrxsmb - ok
15:53:16.0226 0x080c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
15:53:16.0241 0x080c  mrxsmb10 - ok
15:53:16.0273 0x080c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
15:53:16.0288 0x080c  mrxsmb20 - ok
15:53:16.0304 0x080c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
15:53:16.0304 0x080c  msahci - ok
15:53:16.0335 0x080c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
15:53:16.0351 0x080c  msdsm - ok
15:53:16.0382 0x080c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
15:53:16.0397 0x080c  MSDTC - ok
15:53:16.0444 0x080c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
15:53:16.0444 0x080c  Msfs - ok
15:53:16.0475 0x080c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
15:53:16.0475 0x080c  mshidkmdf - ok
15:53:16.0507 0x080c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
15:53:16.0507 0x080c  msisadrv - ok
15:53:16.0553 0x080c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
15:53:16.0553 0x080c  MSiSCSI - ok
15:53:16.0569 0x080c  msiserver - ok
15:53:16.0600 0x080c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
15:53:16.0600 0x080c  MSKSSRV - ok
15:53:16.0631 0x080c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
15:53:16.0631 0x080c  MSPCLOCK - ok
15:53:16.0647 0x080c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
15:53:16.0647 0x080c  MSPQM - ok
15:53:16.0678 0x080c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
15:53:16.0694 0x080c  MsRPC - ok
15:53:16.0725 0x080c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
15:53:16.0741 0x080c  mssmbios - ok
15:53:16.0787 0x080c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
15:53:16.0787 0x080c  MSTEE - ok
15:53:16.0803 0x080c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
15:53:16.0803 0x080c  MTConfig - ok
15:53:16.0834 0x080c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
15:53:16.0834 0x080c  Mup - ok
15:53:16.0912 0x080c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
15:53:16.0928 0x080c  napagent - ok
15:53:16.0990 0x080c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
15:53:16.0990 0x080c  NativeWifiP - ok
15:53:17.0053 0x080c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
15:53:17.0084 0x080c  NDIS - ok
15:53:17.0131 0x080c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
15:53:17.0131 0x080c  NdisCap - ok
15:53:17.0162 0x080c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
15:53:17.0162 0x080c  NdisTapi - ok
15:53:17.0193 0x080c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
15:53:17.0193 0x080c  Ndisuio - ok
15:53:17.0224 0x080c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
15:53:17.0224 0x080c  NdisWan - ok
15:53:17.0240 0x080c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
15:53:17.0240 0x080c  NDProxy - ok
15:53:17.0287 0x080c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
15:53:17.0287 0x080c  NetBIOS - ok
15:53:17.0318 0x080c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
15:53:17.0318 0x080c  NetBT - ok
15:53:17.0333 0x080c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon        C:\windows\system32\lsass.exe
15:53:17.0349 0x080c  Netlogon - ok
15:53:17.0396 0x080c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
15:53:17.0411 0x080c  Netman - ok
15:53:17.0458 0x080c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:53:17.0489 0x080c  NetMsmqActivator - ok
15:53:17.0536 0x080c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:53:17.0536 0x080c  NetPipeActivator - ok
15:53:17.0599 0x080c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
15:53:17.0614 0x080c  netprofm - ok
15:53:17.0645 0x080c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:53:17.0645 0x080c  NetTcpActivator - ok
15:53:17.0661 0x080c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:53:17.0677 0x080c  NetTcpPortSharing - ok
15:53:17.0708 0x080c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
15:53:17.0708 0x080c  nfrd960 - ok
15:53:17.0755 0x080c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\windows\System32\nlasvc.dll
15:53:17.0770 0x080c  NlaSvc - ok
15:53:17.0786 0x080c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
15:53:17.0786 0x080c  Npfs - ok
15:53:17.0833 0x080c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
15:53:17.0833 0x080c  nsi - ok
15:53:17.0848 0x080c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
15:53:17.0848 0x080c  nsiproxy - ok
15:53:17.0942 0x080c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
15:53:17.0973 0x080c  Ntfs - ok
15:53:18.0020 0x080c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
15:53:18.0020 0x080c  Null - ok
15:53:18.0051 0x080c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
15:53:18.0051 0x080c  nvraid - ok
15:53:18.0082 0x080c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
15:53:18.0098 0x080c  nvstor - ok
15:53:18.0129 0x080c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
15:53:18.0129 0x080c  nv_agp - ok
15:53:18.0160 0x080c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
15:53:18.0160 0x080c  ohci1394 - ok
15:53:18.0269 0x080c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:53:18.0269 0x080c  ose - ok
15:53:18.0332 0x080c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
15:53:18.0347 0x080c  p2pimsvc - ok
15:53:18.0379 0x080c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
15:53:18.0394 0x080c  p2psvc - ok
15:53:18.0441 0x080c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\DRIVERS\parport.sys
15:53:18.0441 0x080c  Parport - ok
15:53:18.0457 0x080c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
15:53:18.0457 0x080c  partmgr - ok
15:53:18.0503 0x080c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\windows\System32\pcasvc.dll
15:53:18.0519 0x080c  PcaSvc - ok
15:53:18.0550 0x080c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
15:53:18.0566 0x080c  pci - ok
15:53:18.0597 0x080c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
15:53:18.0597 0x080c  pciide - ok
15:53:18.0628 0x080c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
15:53:18.0628 0x080c  pcmcia - ok
15:53:18.0659 0x080c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
15:53:18.0659 0x080c  pcw - ok
15:53:18.0706 0x080c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
15:53:18.0722 0x080c  PEAUTH - ok
15:53:18.0815 0x080c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
15:53:18.0815 0x080c  PerfHost - ok
15:53:18.0909 0x080c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
15:53:18.0940 0x080c  pla - ok
15:53:19.0003 0x080c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
15:53:19.0018 0x080c  PlugPlay - ok
15:53:19.0049 0x080c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
15:53:19.0065 0x080c  PNRPAutoReg - ok
15:53:19.0081 0x080c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
15:53:19.0096 0x080c  PNRPsvc - ok
15:53:19.0159 0x080c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
15:53:19.0174 0x080c  PolicyAgent - ok
15:53:19.0221 0x080c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
15:53:19.0221 0x080c  Power - ok
15:53:19.0283 0x080c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
15:53:19.0283 0x080c  PptpMiniport - ok
15:53:19.0315 0x080c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\DRIVERS\processr.sys
15:53:19.0315 0x080c  Processor - ok
15:53:19.0361 0x080c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\windows\system32\profsvc.dll
15:53:19.0377 0x080c  ProfSvc - ok
15:53:19.0424 0x080c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\windows\system32\lsass.exe
15:53:19.0424 0x080c  ProtectedStorage - ok
15:53:19.0455 0x080c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
15:53:19.0455 0x080c  Psched - ok
15:53:19.0502 0x080c  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\windows\system32\Drivers\PxHlpa64.sys
15:53:19.0502 0x080c  PxHlpa64 - ok
15:53:19.0580 0x080c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
15:53:19.0627 0x080c  ql2300 - ok
15:53:19.0658 0x080c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
15:53:19.0673 0x080c  ql40xx - ok
15:53:19.0720 0x080c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
15:53:19.0720 0x080c  QWAVE - ok
15:53:19.0751 0x080c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
15:53:19.0751 0x080c  QWAVEdrv - ok
15:53:19.0783 0x080c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
15:53:19.0783 0x080c  RasAcd - ok
15:53:19.0829 0x080c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
15:53:19.0845 0x080c  RasAgileVpn - ok
15:53:19.0876 0x080c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
15:53:19.0876 0x080c  RasAuto - ok
15:53:19.0939 0x080c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
15:53:19.0939 0x080c  Rasl2tp - ok
15:53:19.0985 0x080c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
15:53:19.0985 0x080c  RasMan - ok
15:53:20.0048 0x080c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
15:53:20.0048 0x080c  RasPppoe - ok
15:53:20.0079 0x080c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
15:53:20.0079 0x080c  RasSstp - ok
15:53:20.0110 0x080c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
15:53:20.0126 0x080c  rdbss - ok
15:53:20.0141 0x080c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
15:53:20.0157 0x080c  rdpbus - ok
15:53:20.0204 0x080c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
15:53:20.0204 0x080c  RDPCDD - ok
15:53:20.0235 0x080c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
15:53:20.0235 0x080c  RDPENCDD - ok
15:53:20.0251 0x080c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
15:53:20.0266 0x080c  RDPREFMP - ok
15:53:20.0329 0x080c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
15:53:20.0344 0x080c  RdpVideoMiniport - ok
15:53:20.0375 0x080c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
15:53:20.0375 0x080c  RDPWD - ok
15:53:20.0407 0x080c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
15:53:20.0422 0x080c  rdyboost - ok
15:53:20.0453 0x080c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
15:53:20.0469 0x080c  RemoteAccess - ok
15:53:20.0516 0x080c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
15:53:20.0516 0x080c  RemoteRegistry - ok
15:53:20.0563 0x080c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
15:53:20.0563 0x080c  RpcEptMapper - ok
15:53:20.0609 0x080c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
15:53:20.0625 0x080c  RpcLocator - ok
15:53:20.0672 0x080c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
15:53:20.0687 0x080c  RpcSs - ok
15:53:20.0734 0x080c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
15:53:20.0734 0x080c  rspndr - ok
15:53:20.0797 0x080c  [ 8C22F21C924413D4E109995F748E18BB, 021369512F4C8F34458E1CD572B3A7F2F9434CB3EA941EBA8E5525263DB38BD7 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
15:53:20.0797 0x080c  RSUSBSTOR - ok
15:53:20.0828 0x080c  [ B49DC435AE3695BAC5623DD94B05732D, D63160B09385ED31C2A479ADC5AFCA483906F38598874972025D680BDB45ECA0 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
15:53:20.0843 0x080c  RTL8167 - ok
15:53:20.0875 0x080c  [ 945AB249D12CBE044782430C6013AA1A, 912514C99A8AEEBECBFCB3632520C12F9CB8A8286BE1C70567C8E9D5416320DF ] RTL8187B        C:\windows\system32\DRIVERS\RTL8187B.sys
15:53:20.0890 0x080c  RTL8187B - ok
15:53:20.0921 0x080c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs           C:\windows\system32\lsass.exe
15:53:20.0921 0x080c  SamSs - ok
15:53:20.0953 0x080c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
15:53:20.0968 0x080c  sbp2port - ok
15:53:20.0999 0x080c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
15:53:21.0015 0x080c  SCardSvr - ok
15:53:21.0046 0x080c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
15:53:21.0046 0x080c  scfilter - ok
15:53:21.0109 0x080c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
15:53:21.0140 0x080c  Schedule - ok
15:53:21.0171 0x080c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
15:53:21.0171 0x080c  SCPolicySvc - ok
15:53:21.0218 0x080c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
15:53:21.0233 0x080c  SDRSVC - ok
15:53:21.0265 0x080c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
15:53:21.0265 0x080c  secdrv - ok
15:53:21.0296 0x080c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
15:53:21.0311 0x080c  seclogon - ok
15:53:21.0343 0x080c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\system32\sens.dll
15:53:21.0358 0x080c  SENS - ok
15:53:21.0421 0x080c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
15:53:21.0421 0x080c  SensrSvc - ok
15:53:21.0436 0x080c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
15:53:21.0436 0x080c  Serenum - ok
15:53:21.0499 0x080c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\DRIVERS\serial.sys
15:53:21.0499 0x080c  Serial - ok
15:53:21.0530 0x080c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
15:53:21.0545 0x080c  sermouse - ok
15:53:21.0592 0x080c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
15:53:21.0608 0x080c  SessionEnv - ok
15:53:21.0639 0x080c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
15:53:21.0639 0x080c  sffdisk - ok
15:53:21.0655 0x080c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
15:53:21.0655 0x080c  sffp_mmc - ok
15:53:21.0686 0x080c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
15:53:21.0686 0x080c  sffp_sd - ok
15:53:21.0717 0x080c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
15:53:21.0717 0x080c  sfloppy - ok
15:53:21.0764 0x080c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
15:53:21.0779 0x080c  SharedAccess - ok
15:53:21.0826 0x080c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:53:21.0842 0x080c  ShellHWDetection - ok
15:53:21.0873 0x080c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
15:53:21.0873 0x080c  SiSRaid2 - ok
15:53:21.0904 0x080c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
15:53:21.0904 0x080c  SiSRaid4 - ok
15:53:21.0967 0x080c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
15:53:21.0967 0x080c  Smb - ok
15:53:22.0045 0x080c  [ D48F87803F3965EE04D9BCB318791AAB, 7FC5C23D571B4A3EBBCF7BEBED9DA67FB43E5B0C7D20A3EBF37DF64BC64782A8 ] SMR311          C:\windows\system32\drivers\SMR311.SYS
15:53:22.0045 0x080c  SMR311 - ok
15:53:22.0123 0x080c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
15:53:22.0123 0x080c  SNMPTRAP - ok
15:53:22.0154 0x080c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
15:53:22.0154 0x080c  spldr - ok
15:53:22.0201 0x080c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
15:53:22.0216 0x080c  Spooler - ok
15:53:22.0372 0x080c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
15:53:22.0497 0x080c  sppsvc - ok
15:53:22.0544 0x080c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
15:53:22.0544 0x080c  sppuinotify - ok
15:53:22.0575 0x080c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
15:53:22.0591 0x080c  srv - ok
15:53:22.0637 0x080c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
15:53:22.0637 0x080c  srv2 - ok
15:53:22.0669 0x080c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
15:53:22.0669 0x080c  srvnet - ok
15:53:22.0715 0x080c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
15:53:22.0731 0x080c  SSDPSRV - ok
15:53:22.0762 0x080c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
15:53:22.0778 0x080c  SstpSvc - ok
15:53:22.0793 0x080c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
15:53:22.0793 0x080c  stexstor - ok
15:53:22.0871 0x080c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
15:53:22.0887 0x080c  stisvc - ok
15:53:22.0918 0x080c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
15:53:22.0918 0x080c  swenum - ok
15:53:22.0965 0x080c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
15:53:22.0981 0x080c  swprv - ok
15:53:23.0043 0x080c  [ BE7311DA9D6833FA69ED04B744A1C8F8, 19DD5E5DCB7F6B1584B5EEDDA8F7D05D1AB97E40E1B7C1AA29AA79B44EBCA964 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
15:53:23.0043 0x080c  SynTP - ok
15:53:23.0137 0x080c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
15:53:23.0183 0x080c  SysMain - ok
15:53:23.0215 0x080c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
15:53:23.0230 0x080c  TabletInputService - ok
15:53:23.0246 0x080c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
15:53:23.0261 0x080c  TapiSrv - ok
15:53:23.0293 0x080c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
15:53:23.0293 0x080c  TBS - ok
15:53:23.0386 0x080c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
15:53:23.0433 0x080c  Tcpip - ok
15:53:23.0511 0x080c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
15:53:23.0542 0x080c  TCPIP6 - ok
15:53:23.0589 0x080c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
15:53:23.0589 0x080c  tcpipreg - ok
15:53:23.0636 0x080c  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
15:53:23.0636 0x080c  tdcmdpst - ok
15:53:23.0667 0x080c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
15:53:23.0667 0x080c  TDPIPE - ok
15:53:23.0698 0x080c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
15:53:23.0698 0x080c  TDTCP - ok
15:53:23.0729 0x080c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
15:53:23.0745 0x080c  tdx - ok
15:53:23.0761 0x080c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
15:53:23.0761 0x080c  TermDD - ok
15:53:23.0823 0x080c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\windows\System32\termsrv.dll
15:53:23.0839 0x080c  TermService - ok
15:53:23.0885 0x080c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
15:53:23.0885 0x080c  Themes - ok
15:53:23.0917 0x080c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
15:53:23.0932 0x080c  THREADORDER - ok
15:53:24.0010 0x080c  [ 32577B987AE5401038451BB392CB8D89, 62431F26853C9C5BAAF041F8DD5378B52DC114DE4E5A0FF014D106BDE6538EB7 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
15:53:24.0010 0x080c  TMachInfo - ok
15:53:24.0057 0x080c  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
15:53:24.0073 0x080c  TODDSrv - ok
15:53:24.0151 0x080c  [ 06C61275ADC64F1E36240A2287998A5E, 3131EBB14C3297037EBB68DC4AD97FF68AC3F6393C01C7E604A392B277DD480A ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
15:53:24.0166 0x080c  TosCoSrv - ok
15:53:24.0229 0x080c  [ DD58E1250F604CBBADDA04575E5E2376, 2A5BF5903BE2CA756124FCC66ED8DFD860EC6B30997962302682BE328F9B1E0F ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
15:53:24.0229 0x080c  TOSHIBA HDD SSD Alert Service - ok
15:53:24.0275 0x080c  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys
15:53:24.0291 0x080c  tos_sps64 - ok
15:53:24.0338 0x080c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
15:53:24.0353 0x080c  TrkWks - ok
15:53:24.0400 0x080c  [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
15:53:24.0400 0x080c  TrueSight - ok
15:53:24.0463 0x080c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:53:24.0478 0x080c  TrustedInstaller - ok
15:53:24.0525 0x080c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
15:53:24.0525 0x080c  tssecsrv - ok
15:53:24.0556 0x080c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
15:53:24.0556 0x080c  TsUsbFlt - ok
15:53:24.0619 0x080c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
15:53:24.0619 0x080c  tunnel - ok
15:53:24.0665 0x080c  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
15:53:24.0665 0x080c  TVALZ - ok
15:53:24.0697 0x080c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
15:53:24.0697 0x080c  uagp35 - ok
15:53:24.0728 0x080c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
15:53:24.0743 0x080c  udfs - ok
15:53:24.0775 0x080c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
15:53:24.0790 0x080c  UI0Detect - ok
15:53:24.0837 0x080c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
15:53:24.0837 0x080c  uliagpkx - ok
15:53:24.0884 0x080c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
15:53:24.0884 0x080c  umbus - ok
15:53:24.0915 0x080c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
15:53:24.0915 0x080c  UmPass - ok
15:53:24.0962 0x080c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
15:53:24.0977 0x080c  upnphost - ok
15:53:25.0040 0x080c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
15:53:25.0040 0x080c  usbaudio - ok
15:53:25.0071 0x080c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
15:53:25.0071 0x080c  usbccgp - ok
15:53:25.0118 0x080c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
15:53:25.0118 0x080c  usbcir - ok
15:53:25.0149 0x080c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
15:53:25.0149 0x080c  usbehci - ok
15:53:25.0196 0x080c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
15:53:25.0196 0x080c  usbhub - ok
15:53:25.0227 0x080c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
15:53:25.0227 0x080c  usbohci - ok
15:53:25.0258 0x080c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
15:53:25.0258 0x080c  usbprint - ok
15:53:25.0305 0x080c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\drivers\usbscan.sys
15:53:25.0305 0x080c  usbscan - ok
15:53:25.0336 0x080c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
15:53:25.0336 0x080c  USBSTOR - ok
15:53:25.0367 0x080c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
15:53:25.0367 0x080c  usbuhci - ok
15:53:25.0414 0x080c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
15:53:25.0430 0x080c  usbvideo - ok
15:53:25.0461 0x080c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
15:53:25.0461 0x080c  UxSms - ok
15:53:25.0492 0x080c  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc        C:\windows\system32\lsass.exe
15:53:25.0492 0x080c  VaultSvc - ok
15:53:25.0523 0x080c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
15:53:25.0523 0x080c  vdrvroot - ok
15:53:25.0586 0x080c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
15:53:25.0601 0x080c  vds - ok
15:53:25.0648 0x080c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
15:53:25.0664 0x080c  vga - ok
15:53:25.0679 0x080c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
15:53:25.0679 0x080c  VgaSave - ok
15:53:25.0711 0x080c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
15:53:25.0726 0x080c  vhdmp - ok
15:53:25.0742 0x080c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
15:53:25.0742 0x080c  viaide - ok
15:53:25.0773 0x080c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
15:53:25.0773 0x080c  volmgr - ok
15:53:25.0820 0x080c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
15:53:25.0820 0x080c  volmgrx - ok
15:53:25.0851 0x080c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
15:53:25.0867 0x080c  volsnap - ok
15:53:25.0898 0x080c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
15:53:25.0913 0x080c  vsmraid - ok
15:53:25.0991 0x080c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
15:53:26.0038 0x080c  VSS - ok
15:53:26.0069 0x080c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
15:53:26.0085 0x080c  vwifibus - ok
15:53:26.0116 0x080c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
15:53:26.0116 0x080c  vwififlt - ok
15:53:26.0147 0x080c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
15:53:26.0147 0x080c  vwifimp - ok
15:53:26.0194 0x080c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
15:53:26.0210 0x080c  W32Time - ok
15:53:26.0257 0x080c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
15:53:26.0257 0x080c  WacomPen - ok
15:53:26.0288 0x080c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
15:53:26.0303 0x080c  WANARP - ok
15:53:26.0303 0x080c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
15:53:26.0303 0x080c  Wanarpv6 - ok
15:53:26.0397 0x080c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
15:53:26.0444 0x080c  WatAdminSvc - ok
15:53:26.0522 0x080c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
15:53:26.0569 0x080c  wbengine - ok
15:53:26.0615 0x080c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
15:53:26.0615 0x080c  WbioSrvc - ok
15:53:26.0693 0x080c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
15:53:26.0693 0x080c  wcncsvc - ok
15:53:26.0725 0x080c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:53:26.0725 0x080c  WcsPlugInService - ok
15:53:26.0756 0x080c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\DRIVERS\wd.sys
15:53:26.0756 0x080c  Wd - ok
15:53:26.0834 0x080c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
15:53:26.0849 0x080c  Wdf01000 - ok
15:53:26.0896 0x080c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
15:53:26.0896 0x080c  WdiServiceHost - ok
15:53:26.0912 0x080c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
15:53:26.0912 0x080c  WdiSystemHost - ok
15:53:26.0974 0x080c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
15:53:26.0974 0x080c  WebClient - ok
15:53:27.0005 0x080c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
15:53:27.0021 0x080c  Wecsvc - ok
15:53:27.0052 0x080c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
15:53:27.0068 0x080c  wercplsupport - ok
15:53:27.0099 0x080c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
15:53:27.0099 0x080c  WerSvc - ok
15:53:27.0146 0x080c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
15:53:27.0146 0x080c  WfpLwf - ok
15:53:27.0177 0x080c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
15:53:27.0177 0x080c  WIMMount - ok
15:53:27.0224 0x080c  WinDefend - ok
15:53:27.0255 0x080c  WinHttpAutoProxySvc - ok
15:53:27.0333 0x080c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
15:53:27.0333 0x080c  Winmgmt - ok
15:53:27.0458 0x080c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
15:53:27.0505 0x080c  WinRM - ok
15:53:27.0583 0x080c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
15:53:27.0583 0x080c  WinUsb - ok
15:53:27.0661 0x080c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
15:53:27.0676 0x080c  Wlansvc - ok
15:53:27.0723 0x080c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
15:53:27.0723 0x080c  WmiAcpi - ok
15:53:27.0770 0x080c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
15:53:27.0785 0x080c  wmiApSrv - ok
15:53:27.0832 0x080c  WMPNetworkSvc - ok
15:53:27.0879 0x080c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
15:53:27.0879 0x080c  WPCSvc - ok
15:53:27.0910 0x080c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
15:53:27.0910 0x080c  WPDBusEnum - ok
15:53:27.0941 0x080c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
15:53:27.0941 0x080c  ws2ifsl - ok
15:53:27.0973 0x080c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
15:53:27.0988 0x080c  wscsvc - ok
15:53:27.0988 0x080c  WSearch - ok
15:53:28.0113 0x080c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\windows\system32\wuaueng.dll
15:53:28.0207 0x080c  wuauserv - ok
15:53:28.0253 0x080c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
15:53:28.0253 0x080c  WudfPf - ok
15:53:28.0300 0x080c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
15:53:28.0316 0x080c  WUDFRd - ok
15:53:28.0347 0x080c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
15:53:28.0347 0x080c  wudfsvc - ok
15:53:28.0378 0x080c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
15:53:28.0394 0x080c  WwanSvc - ok
15:53:28.0472 0x080c  ================ Scan global ===============================
15:53:28.0487 0x080c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
15:53:28.0534 0x080c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
15:53:28.0550 0x080c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
15:53:28.0597 0x080c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
15:53:28.0659 0x080c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
15:53:28.0675 0x080c  [ Global ] - ok
15:53:28.0675 0x080c  ================ Scan MBR ==================================
15:53:28.0690 0x080c  [ AF00FC1920E1CF861B39B90A4375EDF3 ] \Device\Harddisk0\DR0
15:53:28.0909 0x080c  \Device\Harddisk0\DR0 - ok
15:53:28.0924 0x080c  ================ Scan VBR ==================================
15:53:28.0924 0x080c  [ D081F37BD3D62809C092D0AEA6AD5670 ] \Device\Harddisk0\DR0\Partition1
15:53:28.0924 0x080c  \Device\Harddisk0\DR0\Partition1 - ok
15:53:28.0924 0x080c  ================ Scan generic autorun ======================
15:53:29.0158 0x080c  [ 695BE0A3D240FFF4B876D9289110634A, C4F4A2D0E09DCA92C74C805FB77C0710213CD9DD8B6D62499373F8E56B83C8A9 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
15:53:29.0252 0x080c  AvastUI.exe - ok
15:53:29.0611 0x080c  [ B2BAE2D76FBE9FDC3F6E0D1F886DF367, 964EBF736891BE252C68FCE1F9EAD5E60E6E0C2119D21C6DF49FBD30FBB678EF ] C:\Program Files\CCleaner\CCleaner64.exe
15:53:29.0751 0x080c  CCleaner Monitoring - ok
15:53:29.0767 0x080c  Waiting for KSN requests completion. In queue: 51
15:53:30.0781 0x080c  Waiting for KSN requests completion. In queue: 51
15:53:31.0795 0x080c  Waiting for KSN requests completion. In queue: 51
15:53:32.0855 0x080c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x40000 ( disabled : updated )
15:53:32.0902 0x080c  Win FW state via NFP2: enabled
15:53:35.0757 0x080c  ============================================================
15:53:35.0757 0x080c  Scan finished
15:53:35.0757 0x080c  ============================================================
15:53:35.0757 0x092c  Detected object count: 0
15:53:35.0773 0x092c  Actual detected object count: 0
15:55:19.0841 0x093c  Deinitialize success
 

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-03-30 15:58:09
-----------------------------
15:58:09.236    OS Version: Windows x64 6.1.7601 Service Pack 1
15:58:09.236    Number of processors: 1 586 0x170A
15:58:09.236    ComputerName: NICK-PC  UserName: Nick
15:58:10.078    Initialize success
15:58:10.078    VM: initialized successfully
15:58:10.078    VM: Intel CPU virtualization not supported
15:58:14.914    AVAST engine defs: 15033001
15:59:29.312    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:59:29.327    Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
15:59:29.468    Disk 0 MBR read successfully
15:59:29.483    Disk 0 MBR scan
15:59:29.483    Disk 0 Windows 7 default MBR code
15:59:29.483    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
15:59:29.483    Disk 0 default boot code
15:59:29.530    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       227773 MB offset 3074048
15:59:29.577    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         9201 MB offset 469553152
15:59:29.733    Disk 0 scanning C:\windows\system32\drivers
15:59:39.109    Service scanning
16:00:28.327    Modules scanning
16:00:28.327    Disk 0 trace - called modules:
16:00:28.374    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
16:00:28.374    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003e0e410]
16:00:28.374    3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002cef050]
16:00:28.935    AVAST engine scan C:\windows
16:00:31.088    AVAST engine scan C:\windows\system32
16:03:14.810    AVAST engine scan C:\windows\system32\drivers
16:03:27.025    AVAST engine scan C:\Users\Nick
16:06:10.779    AVAST engine scan C:\ProgramData
16:08:19.136    Disk 0 statistics 3692861/0/0 @ 4.53 MB/s
16:08:19.136    Scan finished successfully
16:10:28.070    Disk 0 MBR has been saved successfully to "C:\Users\Nick\Desktop\MBR.dat"
16:10:28.070    The log file has been saved successfully to "C:\Users\Nick\Desktop\aswMBR.txt"

 

 

Farbar Service Scanner Version: 17-01-2015
Ran by Nick (administrator) on 30-03-2015 at 16:13:27
Running from "C:\Users\Nick\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

I am still not able to complete tasks; e.g., I right click on the desktop, select "personalize", and nothing happens.  Computer still seems like many processes are working (I am basing this soley off the noise the computer is making).



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:03 AM

Posted 30 March 2015 - 04:01 PM

Can you give me a few more examples of things that don't work?

Please describe the noise you hear.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 30 March 2015 - 05:31 PM

The noise is surely the fan.  The fan starts to be audible once I open a browswer or try to perform any task.  If I click "Start" "control Panel" not all of the options work when I click on them.  Uninstall a program seems to be the only option working.  Perhaps irrelevant, I can no longer open docx's.  I get an error message.  I have always had word 2003, yet a converter used to be able to open newer versions of word documents (docx).  Further, clicking on "User Accounts", and "default programs", from the start menu, does nothing.  Yet the calculator loads, as does documents, music,  pictures, and the computer icon.

 

Thanks for the help.  Hope this info helps you.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:03 AM

Posted 30 March 2015 - 05:44 PM

Let's run this please.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • Any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 31 March 2015 - 06:44 AM

ComboFix 15-03-29.01 - Nick 03/31/2015   7:21.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2937.2053 [GMT -4:00]
Running from: c:\users\Nick\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ESETUninstaller.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-28 to 2015-03-31  )))))))))))))))))))))))))))))))
.
.
2015-03-31 11:29 . 2015-03-31 11:29    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-03-31 11:29 . 2015-03-31 11:29    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-03-30 12:53 . 2015-03-30 19:49    --------    d-----w-    C:\FRST
2015-03-29 12:53 . 2015-03-29 12:54    --------    d-----w-    C:\SMCLpav
2015-03-29 12:11 . 2015-03-29 12:11    457824    ----a-w-    c:\windows\system32\drivers\272C1660.sys
2015-03-29 12:11 . 2015-03-29 12:11    --------    d-----w-    C:\KVRT_Data
2015-03-24 22:59 . 2015-03-24 22:59    --------    d-----w-    c:\programdata\McAfee
2015-03-12 00:26 . 2015-03-12 00:50    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-03-12 00:26 . 2015-03-12 00:33    --------    d-----w-    c:\programdata\RogueKiller
2015-03-10 22:53 . 2015-02-03 03:31    215552    ----a-w-    c:\windows\system32\ubpm.dll
2015-03-05 11:38 . 2015-03-05 11:38    --------    d-----w-    C:\SUPERDelete
2015-03-05 07:57 . 2015-03-05 07:57    --------    d-----w-    c:\users\Nick\AppData\Local\Hardcoded Software
2015-03-05 07:57 . 2015-03-05 07:57    --------    d-----w-    c:\program files\Hardcoded Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-24 22:59 . 2014-12-28 23:17    778928    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-24 22:59 . 2014-12-28 23:17    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-12 14:43 . 2010-02-23 23:29    116773704    ----a-w-    c:\windows\system32\MRT.exe
2015-01-27 10:22 . 2012-05-18 16:41    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2015-01-27 10:22 . 2012-05-15 21:02    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-01-27 10:22 . 2012-05-15 21:02    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-01-26 20:30 . 2015-01-14 23:58    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2015-01-26 03:15 . 2012-05-18 16:40    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-01-24 03:35 . 2012-05-15 21:02    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2015-01-12 03:10 . 2015-02-12 14:39    9056768    ----a-w-    c:\windows\system32\mshtml(7599).dll
2015-01-12 02:44 . 2015-02-12 14:39    1466368    ----a-w-    c:\windows\SysWow64\inetcpl(7696).cpl
2015-01-07 02:27 . 2015-01-07 02:27    3020    ----a-w-    c:\windows\system32\cc_20150106_212717.reg
2015-01-06 23:32 . 2012-05-18 16:40    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-01-06 23:32 . 2012-05-18 16:40    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-01-06 23:32 . 2012-05-15 21:01    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-01-06 23:27 . 2015-01-06 23:27    87912    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2015-01-06 23:27 . 2015-01-06 23:27    1050432    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2015-01-06 23:26 . 2015-02-26 08:29    364512    ----a-w-    c:\windows\system32\aswBoot.exe
2015-01-06 23:26 . 2015-01-06 23:27    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-01-06 23:26 . 2015-01-06 23:27    436624    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2015-01-06 23:26 . 2015-01-06 23:27    267632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-01-06 23:26 . 2015-01-06 23:27    116728    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2015-01-06 23:26 . 2015-01-06 23:27    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2015-01-06 23:26 . 2015-01-06 23:27    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-01-06 23:26 . 2015-01-06 23:26    43152    ----a-w-    c:\windows\avastSS.scr
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2014-11-26 16:40 . DADDD62BEDC91BC96CFC794A2CA0D94A . 337520 . . [34.0.5] .. c:\windows\erdnt\cache86\firefox.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-16 5227648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\272C1660.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S0 272C1660;272C1660;c:\windows\system32\drivers\272C1660.sys;c:\windows\SYSNATIVE\drivers\272C1660.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS;c:\windows\SYSNATIVE\drivers\SMR311.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-03 22:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-06 23:26    860984    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
Trusted Zone: eset.com\www
Trusted Zone: eset.eu\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-81862546.sys
SafeBoot-93203563.sys
.
.
.
Completion time: 2015-03-31  07:34:11
ComboFix-quarantined-files.txt  2015-03-31 11:34
.
Pre-Run: 191,141,744,640 bytes free
Post-Run: 190,984,597,504 bytes free
.
- - End Of File - - 98754F2C40862717BCDEAD8D700214CC
AF00FC1920E1CF861B39B90A4375EDF3
 

 

Still same issues mentioned.  Additionally when opening my "firewall status" produces no results.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:03 AM

Posted 31 March 2015 - 01:40 PM

Thanks for the update. Please do this.

===================================================

Windows Repair (All in One)

--------------------
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Download Windows Repair (All in One) and save it to your desktop
  • Double click the tweaking.com_windows_riepair_aio_setup icon
  • Continually click Next, then Finish
  • If you are running in Safe Mode click OK on the Warning screen
  • Note: If you are unable to complete one of the steps simply continue on with the next step
  • Go to Step 3 and allow it to run See if Check Disk is Needed by clicking on the Check button:
  • If your see Errors Found On The Drive! Check Disk Is Needed click Do It in the Check Disk (If Needed) box

p22012121.jpg.gif

  • Go to Step 4 and click Do It under System File Check

p22012122.jpg.gif

  • Go to Step 5 and click Create under System Restore

p22012123.jpg.gif

  • Go to the Repairs tab and click Open Repairs

p22012124.jpg.gif

  • Leave the default check marks and click Start Repairs

p22012126.jpg.gif

  • Your computer will reboot upon completion
  • Using Windows Explorer navigate to the following file location

For 64 bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
For 32 bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

  • Copy and paste (or attach if necessary) the contents of the log in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Windows Repair log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:03 AM

Posted 03 April 2015 - 07:14 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 05 April 2015 - 09:58 AM

Yes, I need help.  Sorry for the delay.  Should I download the latest version of the above?  As is, I had problems with the "do it" part of step 3.  my log will be pasted very soon.



#13 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 05 April 2015 - 09:59 AM

Meaning errors were found on the drive but the "do it" was not working.  the version i was using did not look like the one above. 



#14 SteveSteve

SteveSteve
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 05 April 2015 - 01:50 PM

Tweaking.com - Windows Repair v3.1.1
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: NICK-PC
Windows Drive: C:\
Windows Path: C:\windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Nick
Current Profile SID: S-1-5-21-3565968102-2038924888-3838231409-1002
Current Profile Classes: S-1-5-21-3565968102-2038924888-3838231409-1002_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\windows\ServiceProfiles
Local Settings AppData: C:\Users\Nick\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 02:21:36

Process Count: 40
Commit Total: 1.04 GB
Commit Limit: 5.73 GB
Commit Peak: 1.04 GB
Handle Count: 12005
Kernel Total: 359.25 MB
Kernel Paged: 304.04 MB
Kernel Non Paged: 55.21 MB
System Cache: 1.61 GB
Thread Count: 557
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.87 GB
Memory Used: 1,010.91 MB(34.421%)
Memory Avail.: 1.88 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2.87 GB
Memory Used: 909.99 MB(30.9849%)
Memory Avail.: 1.98 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (4/5/2015 2:14:33 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 6
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (4/5/2015 2:14:34 PM)

   Running Repair Under Current User Account
   Done (4/5/2015 2:15:02 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (4/5/2015 2:15:02 PM)


Decompressing & Updating Windows Permission File services.txt
Done,  0.23 seconds.

   Running Repair Under System Account
   Done (4/5/2015 2:23:55 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (4/5/2015 2:23:55 PM)

   Running Repair Under System Account
   Done (4/5/2015 2:25:58 PM)

03 - Reset Service Permissions
   Start (4/5/2015 2:25:58 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:26:09 PM)

04 - Register System Files
   Start (4/5/2015 2:26:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:26:47 PM)

05 - Repair WMI
   Start (4/5/2015 2:26:47 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   avast! Antivirus Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   avast! Antivirus Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (4/5/2015 2:29:14 PM)

06 - Repair Windows Firewall
   Start (4/5/2015 2:29:14 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.14 seconds.

   Running Repair Under System Account
   Done (4/5/2015 2:29:49 PM)

07 - Repair Internet Explorer
   Start (4/5/2015 2:29:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:30:22 PM)

08 - Repair MDAC/MS Jet
   Start (4/5/2015 2:30:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:30:35 PM)

09 - Repair Hosts File
   Start (4/5/2015 2:30:35 PM)
   Running Repair Under System Account
   Done (4/5/2015 2:30:36 PM)

10 - Remove Policies Set By Infections
   Start (4/5/2015 2:30:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:30:40 PM)

12 - Repair Icons
   Start (4/5/2015 2:30:40 PM)
   Running Repair Under Current User Account
   Done (4/5/2015 2:30:41 PM)

13 - Repair Winsock & DNS Cache
   Start (4/5/2015 2:30:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:31:00 PM)

15 - Repair Proxy Settings
   Start (4/5/2015 2:31:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:31:02 PM)

17 - Repair Windows Updates
   Start (4/5/2015 2:31:02 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.14 seconds.

   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (4/5/2015 2:31:31 PM)

18 - Repair CD/DVD Missing/Not Working
   Start (4/5/2015 2:31:31 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (4/5/2015 2:31:31 PM)

19 - Repair Volume Shadow Copy Service
   Start (4/5/2015 2:31:31 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.16 seconds.

   Running Repair Under System Account
   Done (4/5/2015 2:31:56 PM)

21 - Repair MSI (Windows Installer)
   Start (4/5/2015 2:31:56 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.14 seconds.

   Running Repair Under System Account
   Done (4/5/2015 2:32:12 PM)

23.01 - Repair bat Association
   Start (4/5/2015 2:32:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:14 PM)

23.02 - Repair cmd Association
   Start (4/5/2015 2:32:14 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:16 PM)

23.03 - Repair com Association
   Start (4/5/2015 2:32:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:19 PM)

23.04 - Repair Directory Association
   Start (4/5/2015 2:32:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:21 PM)

23.05 - Repair Drive Association
   Start (4/5/2015 2:32:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:23 PM)

23.06 - Repair exe Association
   Start (4/5/2015 2:32:23 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:25 PM)

23.07 - Repair Folder Association
   Start (4/5/2015 2:32:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:28 PM)

23.08 - Repair inf Association
   Start (4/5/2015 2:32:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:30 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (4/5/2015 2:32:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:32 PM)

23.10 - Repair msc Association
   Start (4/5/2015 2:32:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:34 PM)

23.11 - Repair reg Association
   Start (4/5/2015 2:32:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:37 PM)

23.12 - Repair scr Association
   Start (4/5/2015 2:32:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:39 PM)

24 - Repair Windows Safe Mode
   Start (4/5/2015 2:32:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:32:41 PM)

25 - Repair Print Spooler
   Start (4/5/2015 2:32:41 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.16 seconds.

   Running Repair Under System Account
   Done (4/5/2015 2:32:57 PM)

26 - Restore Important Windows Services
   Start (4/5/2015 2:32:57 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.14 seconds.

   Running Repair Under System Account
   Done (4/5/2015 2:33:10 PM)

27 - Set Windows Services To Default Startup
   Start (4/5/2015 2:33:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:33:16 PM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

31 - Repair Windows 'New' Submenu
   Start (4/5/2015 2:33:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/5/2015 2:33:18 PM)

33 - Repair Performance Counters
   Start (4/5/2015 2:33:18 PM)
   Running Repair Under Current User Account
   Done (4/5/2015 2:33:29 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (4/5/2015 2:33:30 PM)
   Total Repair Time: 00:18:59


...YOU MUST RESTART YOUR SYSTEM...

 

 

Still same issues.  I have noticed reoccuring issues with the volume bar, and I believe I have duplicate files...I hope this helps.

 

The action above also generated various other logs.  Would you like those, as well?



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,419 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:03 AM

Posted 05 April 2015 - 02:12 PM

The All in One was modified. Please do this.

===================================================

Running chkdsk with Report

--------------------
  • Copy and paste the following in the Run box and click OK

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\chkdskreport.txt"

  • A black command window will open on your desktop and remain empty for a few minutes
  • When completed a chkdskreport.txt will appear on your desktop
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • chkdsk report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users