Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ex boyfriend possibly monitoring my activity??


  • This topic is locked This topic is locked
26 replies to this topic

#1 whosyodaddy

whosyodaddy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 11 December 2015 - 03:03 PM

This has happened in the past - my ex-boyfriend has hacked my computer and was remotely monitoring my every move.  He owns a computer repair business, so he is more the capable and knowledgeable.

 

Lately, my cursor has been moving all over the screen on my laptop, and he seems to always know where I am or where I'm going to be.  I've stopped receiving email in my Outlook acct, and when I changed my password 2 days ago, I suddenly stopped receiving the texted verification codes needed to complete the sign-in.  So, I'm assuming he has accessed my email acct as well.

 

I'm due to start a new job soon and have been waiting for an email with my start date, so his access has me quite concerned. 

 

I did a clean install of Windows 7 on my laptop in July, and reformatted the HD to make sure there was nothing left that he may have installed previously.  In the past few days, I've run a variety of security programs which showed hidden files and other abnormalities.

 

Here is the FRST64 log:  (by the way, the Addition.txt shows a number of error msgs concerning the "Sign-in Assistant", but I have never used Sign-in Assistant.)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by YoMama (administrator) on YOMAMA-PC (11-12-2015 12:02:04)
Running from C:\Users\YoMama\Downloads
Loaded Profiles: YoMama (Available Profiles: YoMama & Whosyodaddy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKU\S-1-5-21-673365390-293152479-3159748500-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-673365390-293152479-3159748500-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-673365390-293152479-3159748500-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-673365390-293152479-3159748500-1001\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{EF9BFC52-8BD2-4C35-B5EC-ABB489085C58}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-673365390-293152479-3159748500-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-673365390-293152479-3159748500-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-673365390-293152479-3159748500-1000 -> DefaultScope {5DADCA63-506F-4252-B10F-EC1D2CC8FEDE} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-673365390-293152479-3159748500-1000 -> {5DADCA63-506F-4252-B10F-EC1D2CC8FEDE} URL = hxxps://www.google.com/search?q={searchTerms}

FireFox:
========
FF ProfilePath: C:\Users\YoMama\AppData\Roaming\Mozilla\Firefox\Profiles\5zusdo9v.default
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-26] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [754120 2015-07-29] (Garmin Ltd. or its subsidiaries)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319888 2014-12-31] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3440408 2015-03-23] (Intel Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-10] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 11:58 - 2015-12-11 11:58 - 00043946 _____ C:\Users\YoMama\Desktop\121115 FRST.txt
2015-12-10 22:35 - 2015-12-10 22:35 - 00043523 _____ C:\Users\YoMama\Desktop\FRST.txt
2015-12-10 22:34 - 2015-12-10 22:34 - 00026950 _____ C:\Users\YoMama\Desktop\Addition.txt
2015-12-10 22:19 - 2015-12-11 12:02 - 00007571 _____ C:\Users\YoMama\Downloads\FRST.txt
2015-12-10 22:19 - 2015-12-10 22:19 - 00026950 _____ C:\Users\YoMama\Downloads\Addition.txt
2015-12-10 22:18 - 2015-12-11 12:02 - 00000000 ____D C:\FRST
2015-12-10 22:18 - 2015-12-10 22:18 - 02369024 _____ (Farbar) C:\Users\YoMama\Downloads\FRST64.exe
2015-12-10 22:09 - 2015-12-10 22:09 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\YoMama\Downloads\rkill.exe
2015-12-10 22:09 - 2015-12-10 22:09 - 00002120 _____ C:\Users\YoMama\Desktop\Rkill.txt
2015-12-10 21:58 - 2015-12-10 21:59 - 00000000 ____D C:\Users\YoMama\Downloads\vba32arkit
2015-12-10 21:58 - 2015-12-10 21:58 - 01472131 _____ C:\Users\YoMama\Downloads\vba32arkit.zip
2015-12-10 21:53 - 2015-12-10 21:53 - 00011198 _____ C:\Users\YoMama\Documents\combofixlog.txt
2015-12-10 21:52 - 2015-12-10 21:52 - 00011198 _____ C:\ComboFix.txt
2015-12-10 21:16 - 2015-12-10 21:16 - 00085240 _____ C:\Users\YoMama\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-10 21:14 - 2015-12-10 21:15 - 05640425 ____R (Swearware) C:\Users\YoMama\Downloads\ComboFix.exe
2015-12-10 21:10 - 2015-12-10 21:10 - 20829256 _____ C:\Users\YoMama\Downloads\RogueKiller (1).exe
2015-12-10 20:47 - 2015-12-10 21:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-10 20:47 - 2015-12-10 20:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-10 20:46 - 2015-12-10 20:46 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-10 20:45 - 2015-12-10 21:09 - 00000000 ____D C:\Users\YoMama\Desktop\mbar
2015-12-10 20:45 - 2015-12-10 20:45 - 16563352 _____ (Malwarebytes Corp.) C:\Users\YoMama\Downloads\mbar-1.09.3.1001.exe
2015-12-10 20:40 - 2015-12-10 20:40 - 00001140 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2015-12-10 20:40 - 2015-12-10 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-12-10 20:40 - 2015-12-10 20:40 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2015-12-10 20:40 - 2015-12-10 20:40 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2015-12-10 20:40 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2015-12-10 20:39 - 2015-12-10 20:39 - 03719928 _____ (Zemana Ltd. ) C:\Users\YoMama\Downloads\AntiLoggerFree_Setup.exe
2015-12-10 20:39 - 2015-12-10 20:39 - 00000000 ____D C:\Users\YoMama\AppData\Local\Zemana
2015-12-10 20:39 - 2015-12-10 20:39 - 00000000 ____D C:\Users\YoMama\AppData\Local\AntiLogger Free
2015-12-10 20:29 - 2015-12-10 20:29 - 00957952 _____ (Farbar) C:\Users\YoMama\Downloads\ListParts64.exe
2015-12-10 20:29 - 2015-12-10 20:29 - 00006123 _____ C:\Users\YoMama\Downloads\Result.txt
2015-12-10 19:59 - 2015-12-10 19:59 - 00047126 _____ C:\Users\YoMama\Desktop\startuplist.txt
2015-12-10 19:58 - 2015-12-10 19:58 - 00000000 ____D C:\Users\YoMama\Desktop\backups
2015-12-10 19:54 - 2015-12-10 19:54 - 01153912 _____ (Emsi Software GmbH) C:\Users\YoMama\Downloads\BlitzBlank.exe
2015-12-10 19:45 - 2015-12-10 19:50 - 00181854 _____ C:\TDSSKiller.3.1.0.8_10.12.2015_19.45.49_log.txt
2015-12-10 19:44 - 2015-12-10 19:44 - 04676456 _____ (Kaspersky Lab ZAO) C:\Users\YoMama\Desktop\iexploer.exe
2015-12-10 19:35 - 2015-12-10 19:35 - 00000689 _____ C:\Users\YoMama\Desktop\JRT.txt
2015-12-10 19:33 - 2015-12-10 19:33 - 00000000 ____D C:\AdwCleaner
2015-12-10 19:14 - 2015-12-10 19:14 - 20829256 _____ C:\Users\YoMama\Downloads\RogueKiller.exe
2015-12-10 16:32 - 2015-12-11 11:55 - 00051006 _____ C:\Windows\ntbtlog.txt
2015-12-10 16:32 - 2015-12-10 16:32 - 00333104 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-07 23:12 - 2015-12-07 23:12 - 00015317 _____ C:\Users\YoMama\Desktop\dds.txt
2015-12-07 23:12 - 2015-12-07 23:12 - 00012694 _____ C:\Users\YoMama\Desktop\attach.txt
2015-12-07 22:26 - 2015-12-07 22:26 - 00054462 _____ C:\Users\YoMama\Desktop\Extras.Txt
2015-12-07 22:25 - 2015-12-07 22:25 - 00329774 _____ C:\Users\YoMama\Desktop\OTL.Txt
2015-12-07 18:54 - 2015-12-07 18:54 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-07 18:54 - 2015-12-07 18:54 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-07 18:54 - 2015-12-07 18:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-07 18:53 - 2015-12-07 18:53 - 00243656 _____ C:\Users\YoMama\Downloads\Firefox Setup Stub 42.0 (1).exe
2015-11-30 14:50 - 2015-11-30 14:50 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-28 16:22 - 2015-11-28 16:22 - 00000000 ____D C:\Users\YoMama\AppData\LocalLow\Adobe
2015-11-28 16:22 - 2015-11-28 16:22 - 00000000 ____D C:\Users\YoMama\AppData\Local\CEF
2015-11-28 16:19 - 2015-11-28 16:24 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-28 16:18 - 2015-11-28 16:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-28 16:18 - 2015-11-28 16:18 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-28 16:16 - 2015-11-28 16:16 - 00332812 _____ C:\Users\YoMama\Downloads\1954-Chevrolet-Corvette.pdf
2015-11-24 21:12 - 2015-11-24 21:12 - 00000000 ____D C:\Users\YoMama\AppData\Roaming\EPSON
2015-11-24 19:40 - 2015-11-24 19:40 - 00000930 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-11-24 19:40 - 2015-11-24 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-11-24 19:40 - 2015-11-24 19:40 - 00000000 ____D C:\Program Files (x86)\epson
2015-11-24 19:40 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2015-11-24 19:40 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\Windows\system32\esxcdev.dll
2015-11-24 19:40 - 2009-03-13 00:00 - 00230912 _____ (Seiko Epson Corp.) C:\Windows\system32\esxuin7c.dll
2015-11-24 19:40 - 2009-03-13 00:00 - 00221184 _____ (Seiko Epson Corp.) C:\Windows\SysWOW64\esint7c.dll
2015-11-24 19:40 - 2009-03-13 00:00 - 00065793 _____ C:\Windows\system32\esfw7c.bin
2015-11-24 19:40 - 2007-11-29 00:00 - 00084992 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxwia7c.dll
2015-11-24 19:40 - 2006-03-10 00:00 - 00004608 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxwiaml.dll
2015-11-24 19:39 - 2015-11-24 19:40 - 11385120 _____ C:\Users\YoMama\Downloads\epson13936.exe
2015-11-24 17:50 - 2015-11-03 14:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-24 17:50 - 2015-11-03 13:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-24 17:50 - 2015-10-30 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-24 17:50 - 2015-10-30 15:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-24 17:50 - 2015-10-30 15:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-24 17:50 - 2015-10-30 15:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-24 17:50 - 2015-10-30 15:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-24 17:50 - 2015-10-30 15:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-24 17:50 - 2015-10-30 14:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-24 17:50 - 2015-10-30 14:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-24 17:50 - 2015-10-30 14:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-24 17:50 - 2015-10-30 14:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-24 17:50 - 2015-10-30 14:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-24 17:50 - 2015-10-30 14:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-24 17:50 - 2015-10-30 14:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-24 17:50 - 2015-10-30 14:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-24 17:50 - 2015-10-30 14:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-24 17:50 - 2015-10-30 14:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-24 17:50 - 2015-10-30 14:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-24 17:50 - 2015-10-30 14:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-24 17:50 - 2015-10-30 14:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-24 17:50 - 2015-10-30 14:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-24 17:50 - 2015-10-30 14:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-24 17:50 - 2015-10-30 14:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-24 17:50 - 2015-10-30 14:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-24 17:50 - 2015-10-30 14:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-24 17:50 - 2015-10-30 14:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-24 17:50 - 2015-10-30 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-24 17:50 - 2015-10-30 14:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-24 17:50 - 2015-10-30 14:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-24 17:50 - 2015-10-30 14:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-24 17:50 - 2015-10-30 14:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-24 17:50 - 2015-10-30 14:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-24 17:50 - 2015-10-30 14:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-24 17:50 - 2015-10-30 13:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-24 17:50 - 2015-10-30 13:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-24 17:49 - 2015-10-30 15:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-24 17:49 - 2015-10-30 15:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-24 17:49 - 2015-10-30 15:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-24 17:49 - 2015-10-30 15:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-24 17:49 - 2015-10-30 15:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-24 17:49 - 2015-10-30 15:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-24 17:49 - 2015-10-30 15:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-24 17:49 - 2015-10-30 15:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-24 17:49 - 2015-10-30 15:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-24 17:49 - 2015-10-30 15:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-24 17:49 - 2015-10-30 15:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-24 17:49 - 2015-10-30 15:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-24 17:49 - 2015-10-30 15:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-24 17:49 - 2015-10-30 14:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-24 17:49 - 2015-10-30 14:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-24 17:49 - 2015-10-30 14:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-24 17:49 - 2015-10-30 14:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-24 17:49 - 2015-10-30 14:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-24 17:49 - 2015-10-30 14:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-24 17:49 - 2015-10-30 14:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-24 17:49 - 2015-10-30 14:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-24 17:49 - 2015-10-30 14:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-24 17:49 - 2015-10-30 14:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-24 17:49 - 2015-10-30 14:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-24 17:49 - 2015-10-30 14:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-24 17:49 - 2015-10-30 14:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-24 17:49 - 2015-10-30 13:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-24 17:49 - 2015-10-30 13:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-24 17:49 - 2015-10-19 17:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-24 17:49 - 2015-10-19 17:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-24 17:49 - 2015-10-19 17:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-24 17:49 - 2015-10-19 17:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-24 17:49 - 2015-10-19 17:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-24 17:49 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-24 17:49 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-24 17:49 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-24 17:49 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-24 17:49 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-24 17:49 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-24 17:48 - 2015-11-03 09:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-24 17:48 - 2015-10-20 10:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-24 17:48 - 2015-10-20 10:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-24 17:48 - 2015-10-20 10:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-24 17:48 - 2015-10-20 10:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-24 17:48 - 2015-10-20 10:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-24 17:48 - 2015-10-20 10:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-24 17:48 - 2015-10-20 10:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-24 17:48 - 2015-10-20 10:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-24 17:48 - 2015-10-20 10:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-24 17:48 - 2015-10-20 10:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-24 17:48 - 2015-10-20 10:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-24 17:48 - 2015-10-20 09:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-24 17:48 - 2015-10-20 09:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-24 17:48 - 2015-10-20 09:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-24 17:48 - 2015-10-20 09:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-24 17:48 - 2015-10-20 09:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-24 17:48 - 2015-10-19 17:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-24 17:48 - 2015-10-19 17:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-24 17:48 - 2015-10-19 17:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-24 17:48 - 2015-10-19 17:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-24 17:48 - 2015-10-19 17:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-24 17:48 - 2015-10-19 17:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-24 17:48 - 2015-10-19 17:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-24 17:48 - 2015-10-19 17:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-24 17:48 - 2015-10-19 17:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-24 17:48 - 2015-10-19 17:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-24 17:48 - 2015-10-19 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-24 17:48 - 2015-10-19 17:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-24 17:48 - 2015-10-19 17:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-24 17:48 - 2015-10-19 16:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-24 17:48 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-24 17:48 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-24 17:48 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-24 17:48 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-24 17:48 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-24 17:48 - 2015-10-19 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-24 17:48 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-24 17:48 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-24 17:48 - 2015-10-19 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-24 17:48 - 2015-10-19 16:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-24 17:48 - 2015-10-19 16:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-24 17:48 - 2015-10-19 16:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-24 17:48 - 2015-10-19 16:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-24 17:48 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-24 17:48 - 2015-10-19 16:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-24 17:48 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-24 17:48 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 15:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-24 17:48 - 2015-10-19 15:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-24 17:48 - 2015-10-19 15:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-24 17:48 - 2015-10-19 15:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-24 17:48 - 2015-10-19 15:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-24 17:48 - 2015-10-19 15:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 15:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 15:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-24 17:48 - 2015-10-19 15:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-24 17:48 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-24 17:48 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-24 17:48 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-24 17:48 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-24 17:45 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-24 17:43 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-24 17:43 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-24 17:32 - 2015-11-24 17:32 - 00000000 ____D C:\$Windows.~BT
2015-11-24 17:30 - 2015-11-24 17:30 - 00000000 ____D C:\Windows\SysWOW64\syncdb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 11:15 - 2009-07-13 20:45 - 00026064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-11 11:15 - 2009-07-13 20:45 - 00026064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-11 11:14 - 2009-07-13 21:13 - 00707928 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-11 11:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-11 11:09 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-11 11:08 - 2011-04-12 00:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-11 11:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-11 11:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-10 21:52 - 2015-04-07 19:35 - 00000000 ____D C:\Qoobox
2015-12-10 21:51 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2015-12-10 21:42 - 2015-11-05 22:04 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-12-10 21:10 - 2015-09-25 19:27 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-10 20:47 - 2015-04-07 18:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-10 18:37 - 2015-10-13 12:20 - 00000000 ____D C:\Users\YoMama\AppData\Local\CrashDumps
2015-12-10 15:52 - 2015-08-14 12:56 - 00002796 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-09 17:31 - 2015-08-06 18:42 - 00085240 _____ C:\Users\Whosyodaddy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-08 19:39 - 2010-11-20 19:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 18:13 - 2015-04-21 19:33 - 00000000 ____D C:\Users\YoMama\AppData\Local\ElevatedDiagnostics
2015-12-06 18:28 - 2015-10-25 00:09 - 00000000 ____D C:\Program Files (x86)\Fotor
2015-11-29 17:56 - 2015-07-08 19:08 - 00000000 ____D C:\Users\YoMama\AppData\Local\Windows Live
2015-11-28 16:23 - 2015-09-25 16:11 - 00000000 ____D C:\ProgramData\Adobe
2015-11-28 16:22 - 2015-09-26 11:20 - 00000000 ____D C:\Users\YoMama\AppData\Local\Adobe
2015-11-28 16:22 - 2015-04-11 22:32 - 00000000 ____D C:\Users\YoMama\AppData\Roaming\Adobe
2015-11-28 16:18 - 2015-09-25 16:11 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-28 13:04 - 2015-04-05 16:41 - 00000000 ____D C:\Users\YoMama
2015-11-25 08:03 - 2015-09-26 11:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-25 08:03 - 2015-09-26 11:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-24 23:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-11-24 19:23 - 2015-09-26 11:45 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-24 19:23 - 2015-09-26 11:45 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-24 19:20 - 2015-05-08 18:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-11-24 18:10 - 2015-04-27 19:41 - 00000000 ____D C:\Windows\system32\MRT
2015-11-24 18:07 - 2015-04-11 23:32 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-24 18:00 - 2015-07-14 22:06 - 00729764 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-24 17:32 - 2015-04-05 17:13 - 00000000 ____D C:\Windows\Panther

==================== Files in the root of some directories =======

2015-05-08 18:35 - 2015-08-05 21:22 - 0001192 _____ () C:\Users\YoMama\AppData\Roaming\wklnhst.dat
2015-10-12 21:29 - 2015-10-12 21:29 - 0007640 _____ () C:\Users\YoMama\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-11 09:54

==================== End of FRST.txt ============================


Edited by whosyodaddy, 11 December 2015 - 03:12 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 11 December 2015 - 08:16 PM

Hello whosyodaddy and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 

Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box...

Attached Images

 

Ashampoo_Snap_20140927_13h17m38s_001_Far

 

Sincerely  . :hello:

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 whosyodaddy

whosyodaddy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 12 December 2015 - 02:51 AM

Thank you, Yılmaz, for responding to my problem.  Before we go any further, I've developed a new "issue".  My son went into the Services and changed the start up type on the Group Policy service from Automatic to Disabled!  Now, I have NO administrative privileges; I cannot access the services to change the start up type back.  I can't access regedit, or system restore, nor run a command prompt as administrator. 

 

I haven't shut the laptop down since he made the change and am afraid that when/if I do, my account will be locked out.  Not sure what to do to fix it yet.  If you have any suggestions, I am open to trying about anything at this point.

 

Also, I read your instructions above and will follow them as you requested.  In return, if you could help me tell me what you see and what you find in the logs that is abnormal so I can understand and know what to look for in the future, I would greatly appreciate it.

 

In the meantime, here is the Addition.txt info:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by YoMama (2015-12-11 12:02:18)
Running from C:\Users\YoMama\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-04-06 00:41:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-673365390-293152479-3159748500-500 - Administrator - Disabled)
Guest (S-1-5-21-673365390-293152479-3159748500-501 - Limited - Disabled)
Whosyodaddy (S-1-5-21-673365390-293152479-3159748500-1001 - Limited - Enabled) => C:\Users\Whosyodaddy
YoMama (S-1-5-21-673365390-293152479-3159748500-1000 - Administrator - Enabled) => C:\Users\YoMama

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntiLogger Free version 1.8.2.320 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Fotor 2.0.3 (HKLM-x32\...\Fotor) (Version: 2.0.3 - Everimaging Co., Ltd.)
Garmin BaseCamp (HKLM-x32\...\{0D7C8884-192D-4E2D-A635-B282B3647E45}) (Version: 4.4.7 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{42f02a91-da9c-48e1-8dc5-37f4449db969}) (Version: 4.1.5.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4061 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Tweaking.com - Hardware Identify (HKLM-x32\...\Tweaking.com - Hardware Identify) (Version: 1.5.0 - Tweaking.com)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WordPerfect Office X3 (HKLM-x32\...\{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}) (Version: 13.1 - Corel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-673365390-293152479-3159748500-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

28-11-2015 15:22:40 Windows Update
29-11-2015 15:53:13 Windows Update
02-12-2015 18:12:51 Windows Update
07-12-2015 11:31:30 Windows Update
10-12-2015 15:57:14 Removed Microsoft SQL Server 2005 Compact Edition [ENU]
10-12-2015 18:45:13 Windows Update
10-12-2015 19:34:39 JRT Pre-Junkware Removal
11-12-2015 11:03:17 Windows Modules Installer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-12-10 21:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {180D8FFE-8875-4B0B-B025-ECB66B6B2617} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-26] (Google Inc.)
Task: {69432C37-D5CF-45EA-B6A2-C0EFCE415912} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {DAC18583-DD0C-48A5-A86D-DC57F0A561B7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {E7E30A61-D36F-409A-8E77-7B94C782D0D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-26] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-673365390-293152479-3159748500-1000\...\google.com -> hxxps://www.google.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-673365390-293152479-3159748500-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\YoMama\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{272938DB-1754-4511-9981-CF5C669AAE3F}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{5B45643E-D389-4671-B3D1-0CD99F765880}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{D3AE5D9D-E031-4B2D-82BD-05FC27E54CF8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F5ADC659-63E0-4830-A943-04F953F34858}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F05A29F8-E178-49A9-ACBD-DF83F2023B74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: TOSHIBA Web Camera - HD
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2015 06:37:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x900
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3

Error: (12/10/2015 06:35:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0xa7c
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3

Error: (12/10/2015 02:51:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b1c

Start Time: 01d1339a0a2ed4c4

Termination Time: 16

Application Path: C:\Windows\explorer.exe

Report Id: 78951b6f-9f90-11e5-a342-e4e34ae5afc5

Error: (12/09/2015 07:50:20 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (12/08/2015 09:16:33 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (12/08/2015 08:46:12 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (12/07/2015 11:28:32 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (12/06/2015 10:42:21 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (12/06/2015 10:27:02 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

Error: (12/06/2015 07:43:36 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x80070422

System errors:
=============
Error: (12/11/2015 11:19:20 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (12/11/2015 11:19:12 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (12/11/2015 11:15:42 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/11/2015 11:15:42 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/11/2015 11:09:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (12/11/2015 11:09:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:
%%1058

Error: (12/11/2015 11:09:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (12/11/2015 11:09:11 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (12/11/2015 11:09:11 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (12/11/2015 09:24:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

CodeIntegrity:
===================================
  Date: 2015-12-10 21:20:11.619
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-10 21:20:11.572
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-11 21:46:15.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-11 21:46:15.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-11 21:46:15.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-11 21:46:15.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-11 21:46:15.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-11 21:46:15.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 28%
Total physical RAM: 6059.79 MB
Available physical RAM: 4344.56 MB
Total Virtual: 12117.78 MB
Available Virtual: 10363.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:648.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 3FB77548)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 whosyodaddy

whosyodaddy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 12 December 2015 - 03:45 AM

UPDATE:  The Admin issue is fixed.  :bananas: 



#5 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 12 December 2015 - 11:27 AM

UPDATE:  The Admin issue is fixed.  :bananas: 

Good,

===================

It looks clean your system.

 

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   1.16KB   7 downloads and save it in the same directory as FRST.txt.gif

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 whosyodaddy

whosyodaddy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 12 December 2015 - 03:08 PM

Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by YoMama (2015-12-12 11:17:00) Run:1
Running from C:\Users\YoMama\Downloads
Loaded Profiles: YoMama (Available Profiles: YoMama & Whosyodaddy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-673365390-293152479-3159748500-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-673365390-293152479-3159748500-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-673365390-293152479-3159748500-1001\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-673365390-293152479-3159748500-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF ProfilePath: C:\Users\YoMama\AppData\Roaming\Mozilla\Firefox\Profiles\5zusdo9v.default
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U5 AppMgmt; C:\Windows\system32\svchost.exe
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\YoMama\AppData\Roaming\wklnhst.dat
cmd: type C:\Users\YoMama\Desktop\startuplist.txt
cmd: type C:\ComboFix.txt
cmd: type C:\TDSSKiller.3.1.0.8_10.12.2015_19.45.49_log.txt
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Reboot:

 
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-673365390-293152479-3159748500-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value removed successfully
HKU\S-1-5-21-673365390-293152479-3159748500-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value removed successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-673365390-293152479-3159748500-1001\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-673365390-293152479-3159748500-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
FF ProfilePath: C:\Users\YoMama\AppData\Roaming\Mozilla\Firefox\Profiles\5zusdo9v.default => FRST is scripted not to move this directory.
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
AppMgmt => service removed successfully
catchme => service removed successfully
C:\Users\YoMama\AppData\Roaming\wklnhst.dat => moved successfully

=========  type C:\Users\YoMama\Desktop\startuplist.txt =========

StartupList report, 12/10/2015, 7:59:21 PM
StartupList version: 1.52.2
Started from : C:\Users\YoMama\Desktop\HijakThis.EXE
Detected: Windows 7 SP1 (WinNT 6.00.3505)
Detected: Internet Explorer v11.0 (11.00.9600.18098)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\YoMama\Downloads\BlitzBlank.exe
C:\Users\YoMama\Desktop\HijakThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\YoMama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\SYSTEM32\Userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\PhotoScreensaver.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #5: C:\Windows\System32\mswsock.dll
NameSpace #6: C:\Windows\System32\winrnr.dll
Protocol #1: C:\Windows\system32\mswsock.dll
Protocol #2: C:\Windows\system32\mswsock.dll
Protocol #3: C:\Windows\system32\mswsock.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

1394 OHCI Compliant Host Controller: \SystemRoot\system32\drivers\1394ohci.sys (manual start)
Microsoft ACPI Driver: system32\drivers\ACPI.sys (system)
ACPI Power Meter Driver: \SystemRoot\system32\drivers\acpipmi.sys (manual start)
Adobe Acrobat Update Service: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" (autostart)
adp94xx: \SystemRoot\system32\drivers\adp94xx.sys (manual start)
adpahci: \SystemRoot\system32\drivers\adpahci.sys (manual start)
adpu320: \SystemRoot\system32\drivers\adpu320.sys (manual start)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\drivers\afd.sys,-1000: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\drivers\aliide.sys (manual start)
amdide: \SystemRoot\system32\drivers\amdide.sys (manual start)
AMD K8 Processor Driver: \SystemRoot\system32\drivers\amdk8.sys (manual start)
AMD Processor Driver: \SystemRoot\system32\drivers\amdppm.sys (manual start)
amdsata: \SystemRoot\system32\drivers\amdsata.sys (manual start)
amdsbs: \SystemRoot\system32\drivers\amdsbs.sys (manual start)
amdxata: system32\drivers\amdxata.sys (system)
@%systemroot%\system32\appidsvc.dll,-102: \SystemRoot\system32\drivers\appid.sys (manual start)
@%systemroot%\system32\appidsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
arc: \SystemRoot\system32\drivers\arc.sys (manual start)
arcsas: \SystemRoot\system32\drivers\arcsas.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (manual start)
@%systemroot%\system32\rascfg.dll,-32000: system32\DRIVERS\asyncmac.sys (disabled)
IDE Channel: system32\drivers\atapi.sys (system)
Atheros Extensible Wireless LAN device driver: system32\DRIVERS\athrx.sys (manual start)
Windows Audio Endpoint Builder: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\AxInstSV.dll,-103: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup (manual start)
Broadcom NetXtreme II VBD: \SystemRoot\system32\drivers\bxvbda.sys (disabled)
Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0: system32\DRIVERS\b57nd60a.sys (disabled)
@%SystemRoot%\system32\bdesvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
blbdrive: system32\DRIVERS\blbdrive.sys (system)
@%systemroot%\system32\browser.dll,-102: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\drivers\BrFiltLo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\drivers\BrFiltUp.sys (manual start)
@%SystemRoot%\system32\bridgeres.dll,-1: system32\DRIVERS\bridge.sys (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\System32\Drivers\Brserid.sys (disabled)
Brother WDM Serial driver: \SystemRoot\System32\Drivers\BrSerWdm.sys (disabled)
Brother MFC USB Fax Only Modem: \SystemRoot\System32\Drivers\BrUsbMdm.sys (manual start)
Brother MFC USB Serial WDM Driver: \SystemRoot\System32\Drivers\BrUsbSer.sys (manual start)
Bluetooth Serial Communications Driver: \SystemRoot\system32\drivers\bthmodem.sys (manual start)
Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (disabled)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Consumer IR Devices: \SystemRoot\system32\drivers\circlass.sys (manual start)
@%SystemRoot%\system32\clfs.sys,-100: System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v2.0.50727_X64: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v4.0.30319_X86: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)
Microsoft .NET Framework NGEN v4.0.30319_X64: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (autostart)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\drivers\cmdide.sys (manual start)
: System32\Drivers\cng.sys (system)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
Composite Bus Enumerator Driver: system32\DRIVERS\CompositeBus.sys (manual start)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Intel® Content Protection HECI Service: %SystemRoot%\SysWow64\IntelCpHeciSvc.exe (manual start)
Crcdisk Filter Driver: \SystemRoot\system32\drivers\crcdisk.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\defragsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k defragsvc (manual start)
@%systemroot%\system32\drivers\dfsc.sys,-101: System32\Drivers\dfsc.sys (system)
@%SystemRoot%\system32\dhcpcore.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\UtcResources.dll,-3001: %SystemRoot%\System32\svchost.exe -k utcsvc (autostart)
@%systemroot%\system32\drivers\discache.sys,-102: System32\drivers\discache.sys (system)
Disk Driver: system32\drivers\disk.sys (system)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Microsoft Trusted Audio Drivers: \SystemRoot\system32\drivers\drmkaud.sys (manual start)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
Extensible Authentication Protocol: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Broadcom NetXtreme II 10 GigE VBD: \SystemRoot\system32\drivers\evbda.sys (disabled)
Encrypting File System (EFS): %SystemRoot%\System32\lsass.exe (autostart)
Windows Media Center Receiver Service: %systemroot%\ehome\ehRecvr.exe (disabled)
Windows Media Center Scheduler Service: %systemroot%\ehome\ehsched.exe (disabled)
elxstor: \SystemRoot\system32\drivers\elxstor.sys (disabled)
Microsoft Hardware Error Device Driver: \SystemRoot\system32\drivers\errdev.sys (manual start)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Intel® PROSet/Wireless Event Log: "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" (autostart)
Floppy Disk Controller Driver: \SystemRoot\system32\drivers\fdc.sys (manual start)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Function Discovery Resource Publication: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)
@%SystemRoot%\system32\drivers\fileinfo.sys,-100: system32\drivers\fileinfo.sys (system)
@%SystemRoot%\system32\drivers\filetrace.sys,-10001: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: \SystemRoot\system32\drivers\flpydisk.sys (manual start)
@%SystemRoot%\system32\drivers\fltmgr.sys,-10001: system32\drivers\fltmgr.sys (system)
Windows Font Cache Service: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\drivers\fsdepends.sys,-10001: System32\drivers\FsDepends.sys (manual start)
@%SystemRoot%\system32\drivers\fvevol.sys,-100: System32\DRIVERS\fvevol.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\drivers\gagp30kx.sys (manual start)
Garmin Device Interaction Service: "C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe" (disabled)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Google Update Service (gupdate): "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (disabled)
Google Update Service (gupdatem): "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (disabled)
Hauppauge Consumer Infrared Receiver: \SystemRoot\system32\drivers\hcw85cir.sys (disabled)
Microsoft 1.1 UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
HID UPS Battery Driver: \SystemRoot\system32\drivers\HidBatt.sys (manual start)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\drivers\hidbth.sys (manual start)
Microsoft Infrared HID Driver: \SystemRoot\system32\drivers\hidir.sys (manual start)
Human Interface Device Access: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HomeGroup Listener: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (disabled)
HomeGroup Provider: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (disabled)
HpSAMD: \SystemRoot\system32\drivers\HpSAMD.sys (manual start)
@%SystemRoot%\system32\drivers\http.sys,-1: system32\drivers\HTTP.sys (manual start)
@%systemroot%\system32\drivers\hwpolicy.sys,-101: System32\drivers\hwpolicy.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (manual start)
Intel RAID Controller Windows 7: \SystemRoot\system32\drivers\iaStorV.sys (manual start)
@%SystemRoot%\system32\ieetwcollectorres.dll,-1000: %SystemRoot%\system32\IEEtwCollector.exe /V (manual start)
igfx: system32\DRIVERS\igdkmd64.sys (manual start)
Intel® HD Graphics Control Panel Service: %SystemRoot%\system32\igfxCUIService.exe (disabled)
iirsp: \SystemRoot\system32\drivers\iirsp.sys (manual start)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
intelide: \SystemRoot\system32\drivers\intelide.sys (manual start)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (manual start)
PnP-X IP Bus Enumerator: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\rascfg.dll,-32013: system32\DRIVERS\ipfltdrv.sys (manual start)
IP Helper: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IPMIDRV: \SystemRoot\system32\drivers\IPMIDrv.sys (manual start)
IP Network Address Translator: System32\drivers\ipnat.sys (manual start)
@%SystemRoot%\system32\drivers\irenum.sys,-100: system32\drivers\irenum.sys (manual start)
isapnp: \SystemRoot\system32\drivers\isapnp.sys (manual start)
iScsiPort Driver: \SystemRoot\system32\drivers\msiscsi.sys (manual start)
Intel® Smart Connect Technology Device Driver: system32\DRIVERS\ISCTD64.sys (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (manual start)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (manual start)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
: System32\Drivers\ksecdd.sys (system)
: System32\Drivers\ksecpkg.sys (system)
Kernel Streaming Thunks: \SystemRoot\system32\drivers\ksthunk.sys (manual start)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Workstation: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
LSI_FC: \SystemRoot\system32\drivers\lsi_fc.sys (manual start)
LSI_SAS: \SystemRoot\system32\drivers\lsi_sas.sys (manual start)
LSI_SAS2: \SystemRoot\system32\drivers\lsi_sas2.sys (manual start)
LSI_SCSI: \SystemRoot\system32\drivers\lsi_scsi.sys (manual start)
@%systemroot%\system32\drivers\luafv.sys,-100: \SystemRoot\system32\drivers\luafv.sys (autostart)
@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)
megasas: \SystemRoot\system32\drivers\megasas.sys (manual start)
MegaSR: \SystemRoot\system32\drivers\MegaSR.sys (manual start)
Intel® Management Engine Interface : system32\DRIVERS\TeeDriverx64.sys (manual start)
Multimedia Class Scheduler: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
: system32\drivers\modem.sys (disabled)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (manual start)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
@%SystemRoot%\system32\drivers\mountmgr.sys,-100: System32\drivers\mountmgr.sys (system)
Microsoft Malware Protection Driver: system32\DRIVERS\MpFilter.sys (system)
mpio: \SystemRoot\system32\drivers\mpio.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%systemroot%\system32\webclnt.dll,-104: \SystemRoot\system32\drivers\mrxdav.sys (disabled)
@%systemroot%\system32\wkssvc.dll,-1002: system32\DRIVERS\mrxsmb.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1004: system32\DRIVERS\mrxsmb10.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1006: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: system32\drivers\msahci.sys (system)
msdsm: \SystemRoot\system32\drivers\msdsm.sys (manual start)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100: \SystemRoot\System32\drivers\mshidkmdf.sys (manual start)
msisadrv: system32\drivers\msisadrv.sys (system)
Microsoft iSCSI Initiator Service: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Antimalware Service: "c:\Program Files\Microsoft Security Client\MsMpEng.exe" (autostart)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (system)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft Input Configuration Driver: \SystemRoot\system32\drivers\MTConfig.sys (manual start)
@%systemroot%\system32\drivers\mup.sys,-101: System32\Drivers\mup.sys (system)
Wireless PAN DHCP Server: "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
@%SystemRoot%\system32\drivers\ndis.sys,-200: system32\drivers\ndis.sys (system)
NDIS Capture LightWeight Filter: system32\DRIVERS\ndiscap.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32001: system32\DRIVERS\ndistapi.sys (disabled)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32002: system32\DRIVERS\ndiswan.sys (disabled)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
@%SystemRoot%\system32\drivers\netbt.sys,-2: System32\DRIVERS\netbt.sys (manual start)
Netlogon: %SystemRoot%\system32\lsass.exe (disabled)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Net.Msmq Listener Adapter: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator (autostart)
Net.Pipe Listener Adapter: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (autostart)
@%SystemRoot%\system32\netprofm.dll,-202: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Net.Tcp Listener Adapter: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (autostart)
Net.Tcp Port Sharing Service: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)
___ Intel® Wireless Adapter Driver for Windows 7 - 64 Bit: system32\DRIVERS\Netwsw02.sys (manual start)
nfrd960: \SystemRoot\system32\drivers\nfrd960.sys (manual start)
Microsoft Network Inspection System: system32\DRIVERS\NisDrvWFP.sys (autostart)
@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243: "c:\Program Files\Microsoft Security Client\NisSrv.exe" (manual start)
Network Location Awareness: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\drivers\nsiproxy.sys,-2: system32\drivers\nsiproxy.sys (system)
nvraid: \SystemRoot\system32\drivers\nvraid.sys (manual start)
nvstor: \SystemRoot\system32\drivers\nvstor.sys (manual start)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)
1394 OHCI Compliant Host Controller (Legacy): \SystemRoot\system32\drivers\ohci1394.sys (manual start)
Peer Networking Identity Manager: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
Peer Networking Grouping: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
Parallel port driver: \SystemRoot\system32\drivers\parport.sys (manual start)
@%SystemRoot%\system32\drivers\partmgr.sys,-100: System32\drivers\partmgr.sys (system)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
PCI Bus Driver: system32\drivers\pci.sys (system)
pciide: \SystemRoot\system32\drivers\pciide.sys (manual start)
pcmcia: \SystemRoot\system32\drivers\pcmcia.sys (manual start)
Performance Counters for Windows Driver: System32\drivers\pcw.sys (system)
PEAUTH: system32\drivers\peauth.sys (autostart)
Performance Counter DLL Host: %SystemRoot%\SysWow64\perfhost.exe (disabled)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\pnrpauto.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
Peer Name Resolution Protocol: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\umpo.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%systemroot%\system32\rascfg.dll,-32006: system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\drivers\processr.sys (manual start)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
ql2300: \SystemRoot\system32\drivers\ql2300.sys (manual start)
ql40xx: \SystemRoot\system32\drivers\ql40xx.sys (manual start)
Quality Windows Audio Video Experience: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (disabled)
WAN Miniport (IKEv2): system32\DRIVERS\AgileVpn.sys (disabled)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%systemroot%\system32\rascfg.dll,-32005: system32\DRIVERS\rasl2tp.sys (disabled)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%systemroot%\system32\rascfg.dll,-32007: system32\DRIVERS\raspppoe.sys (disabled)
@%systemroot%\system32\sstpsvc.dll,-202: system32\DRIVERS\rassstp.sys (disabled)
@%systemroot%\system32\wkssvc.dll,-1000: system32\DRIVERS\rdbss.sys (system)
Remote Desktop Device Redirector Bus Driver: \SystemRoot\system32\drivers\rdpbus.sys (manual start)
@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100: System32\DRIVERS\RDPCDD.sys (system)
@%systemroot%\system32\drivers\RDPENCDD.sys,-101: system32\drivers\rdpencdd.sys (system)
@%systemroot%\system32\drivers\RdpRefMp.sys,-101: system32\drivers\rdprefmp.sys (system)
ReadyBoost: System32\drivers\rdyboost.sys (system)
Intel® PROSet/Wireless Registry Service: "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" (autostart)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k regsvc (disabled)
@%windir%\system32\RpcEpMap.dll,-1001: %SystemRoot%\system32\svchost.exe -k RPCSS (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (autostart)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
Realtek 8167 NT Driver: system32\DRIVERS\Rt64win7.sys (manual start)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
sbp2port: \SystemRoot\system32\drivers\sbp2port.sys (manual start)
Smart Card: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)
@%SystemRoot%\System32\drivers\scfilter.sys,-11: System32\DRIVERS\scfilter.sys (disabled)
@%SystemRoot%\system32\schedsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Smart Card Removal Policy: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
Secondary Logon: %windir%\system32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Adaptive Brightness: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)
Serenum Filter Driver: \SystemRoot\system32\drivers\serenum.sys (manual start)
Serial: \SystemRoot\system32\drivers\serial.sys (manual start)
Serial Mouse Driver: \SystemRoot\system32\drivers\sermouse.sys (manual start)
Remote Desktop Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
SFF Storage Class Driver: \SystemRoot\system32\drivers\sffdisk.sys (manual start)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\drivers\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\drivers\sfloppy.sys (manual start)
Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiSRaid2: \SystemRoot\system32\drivers\SiSRaid2.sys (manual start)
SiSRaid4: \SystemRoot\system32\drivers\sisraid4.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (manual start)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
Print Spooler: %SystemRoot%\System32\spoolsv.exe (disabled)
@%SystemRoot%\system32\sppsvc.exe,-101: %SystemRoot%\system32\sppsvc.exe (autostart)
@%SystemRoot%\system32\sppuinotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\srvsvc.dll,-102: System32\DRIVERS\srv.sys (manual start)
@%systemroot%\system32\srvsvc.dll,-104: System32\DRIVERS\srv2.sys (manual start)
: System32\DRIVERS\srvnet.sys (manual start)
SSDP Discovery: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Secure Socket Tunneling Protocol Service: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
stexstor: \SystemRoot\system32\drivers\stexstor.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
Superfetch: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Tablet PC Input Service: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (disabled)
Telephony: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (disabled)
Remote Desktop Services: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
@%SystemRoot%\System32\themeservice.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
TrueSight: \??\C:\Windows\System32\drivers\TrueSight.sys (manual start)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101: System32\DRIVERS\tssecsrv.sys (disabled)
: system32\drivers\tsusbflt.sys (disabled)
Remote Desktop Generic USB Device: \SystemRoot\system32\drivers\TsUsbGD.sys (disabled)
Microsoft Tunnel Miniport Adapter Driver: system32\DRIVERS\tunnel.sys (manual start)
TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver: system32\DRIVERS\TVALZ_O.SYS (system)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\drivers\uagp35.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
Interactive Services Detection: %SystemRoot%\system32\UI0Detect.exe (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)
UMBus Enumerator Driver: system32\DRIVERS\umbus.sys (manual start)
Microsoft UMPass Driver: \SystemRoot\system32\drivers\umpass.sys (manual start)
UPnP Device Host: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbohci.sys (manual start)
Microsoft USB PRINTER Class: \SystemRoot\system32\drivers\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbuhci.sys (manual start)
USB Video Device (WDM): System32\Drivers\usbvideo.sys (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\vaultsvc.dll,-1003: %SystemRoot%\system32\lsass.exe (manual start)
Microsoft Virtual Drive Enumerator Driver: system32\drivers\vdrvroot.sys (system)
Virtual Disk: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
: \SystemRoot\System32\drivers\vga.sys (system)
vhdmp: \SystemRoot\system32\drivers\vhdmp.sys (manual start)
viaide: \SystemRoot\system32\drivers\viaide.sys (manual start)
Volume Manager Driver: system32\drivers\volmgr.sys (system)
@%SystemRoot%\system32\drivers\volmgrx.sys,-100: System32\drivers\volmgrx.sys (system)
Storage volumes: system32\drivers\volsnap.sys (system)
vsmraid: \SystemRoot\system32\drivers\vsmraid.sys (manual start)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
Virtual WiFi Bus Driver: system32\DRIVERS\vwifibus.sys (manual start)
Virtual WiFi Filter Driver: system32\DRIVERS\vwififlt.sys (system)
Microsoft Virtual WiFi Miniport Service: system32\DRIVERS\vwifimp.sys (manual start)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Wacom Serial Pen HID Driver: \SystemRoot\system32\drivers\wacompen.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32011: system32\DRIVERS\wanarp.sys (disabled)
@%systemroot%\system32\rascfg.dll,-32012: system32\DRIVERS\wanarp.sys (disabled)
@%SystemRoot%\system32\Wat\WatUX.exe,-601: %SystemRoot%\system32\Wat\WatAdminSvc.exe (manual start)
@%systemroot%\system32\wbengine.exe,-104: "%systemroot%\system32\wbengine.exe" (manual start)
@%systemroot%\system32\wbiosrvc.dll,-100: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup (manual start)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Wd: \SystemRoot\system32\drivers\wd.sys (manual start)
@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Windows Event Collector: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (manual start)
WFP Lightweight Filter: system32\DRIVERS\wfplwf.sys (system)
WIMMount: system32\drivers\wimmount.sys (manual start)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (manual start)
WinHTTP Web Proxy Auto-Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Remote Management (WS-Management): %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
WinUsb: \SystemRoot\system32\drivers\WinUsb.sys (manual start)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Microsoft Windows Management Interface for ACPI: \SystemRoot\system32\drivers\wmiacpi.sys (manual start)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
Windows Media Player Network Sharing Service: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" (disabled)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\System32\drivers\ws2ifsl.sys,-1000: \SystemRoot\system32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Windows Search: %systemroot%\system32\SearchIndexer.exe /Embedding (disabled)
Windows Update: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000: system32\drivers\WudfPf.sys (manual start)
WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
WWAN AutoConfig: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (disabled)
Intel® PROSet/Wireless Zero Configuration Service: "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" (autostart)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 47,842 bytes
Report generated in 0.063 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only

========= End of CMD: =========

=========  type C:\ComboFix.txt =========

ComboFix 15-04-01.01 - YoMama 12/10/2015  21:49:08.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6060.3755 [GMT -8:00]
Running from: c:\users\YoMama\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-11-11 to 2015-12-11  )))))))))))))))))))))))))))))))
.
.
2015-12-11 05:51 . 2015-12-11 05:51 -------- d-----w- c:\users\Whosyodaddy\AppData\Local\temp
2015-12-11 05:51 . 2015-12-11 05:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-12-11 05:51 . 2015-12-11 05:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-11 05:22 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62FAA4AB-8463-459E-AE1A-3EFCC03C5B4E}\mpengine.dll
2015-12-11 04:47 . 2015-12-11 05:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-12-11 04:47 . 2015-12-11 04:47 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-11 04:46 . 2015-12-11 04:46 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-11 04:40 . 2015-11-05 23:00 143904 ----a-w- c:\windows\system32\drivers\KeyCrypt64.sys
2015-12-11 04:40 . 2015-12-11 04:40 -------- d-----w- c:\program files (x86)\Zemana AntiLogger Free
2015-12-11 04:40 . 2015-12-11 04:40 -------- d-----w- c:\program files (x86)\KeyCryptSDK
2015-12-11 04:39 . 2015-12-11 04:39 -------- d-----w- c:\users\YoMama\AppData\Local\Zemana
2015-12-11 04:39 . 2015-12-11 04:39 -------- d-----w- c:\users\YoMama\AppData\Local\AntiLogger Free
2015-12-11 03:33 . 2015-12-11 03:33 -------- d-----w- C:\AdwCleaner
2015-12-11 02:46 . 2015-07-03 22:49 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA8C07A1-B8DB-4C3D-A69C-BE1E26CA9C93}\gapaengine.dll
2015-12-10 01:20 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-11-29 00:22 . 2015-11-29 00:22 -------- d-----w- c:\users\YoMama\AppData\Local\CEF
2015-11-25 05:12 . 2015-11-25 05:12 -------- d-----w- c:\users\YoMama\AppData\Roaming\EPSON
2015-11-25 03:40 . 2009-10-16 08:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2015-11-25 03:40 . 2009-10-16 08:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2015-11-25 03:40 . 2009-03-13 08:00 65793 ----a-w- c:\windows\system32\esfw7c.bin
2015-11-25 03:40 . 2009-03-13 08:00 230912 ----a-w- c:\windows\system32\esxuin7c.dll
2015-11-25 03:40 . 2009-03-13 08:00 221184 ----a-w- c:\windows\SysWow64\esint7c.dll
2015-11-25 03:40 . 2007-11-29 08:00 84992 ----a-w- c:\windows\system32\esxwia7c.dll
2015-11-25 03:40 . 2006-03-10 08:00 4608 ----a-w- c:\windows\system32\esxwiaml.dll
2015-11-25 03:40 . 2015-11-25 03:40 -------- d-----w- c:\program files (x86)\epson
2015-11-25 01:49 . 2015-10-30 23:25 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-11-25 01:48 . 2015-10-20 01:09 1730496 ----a-w- c:\windows\system32\ntdll.dll
2015-11-25 01:45 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-11-25 01:43 . 2015-10-01 18:00 1372160 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-11-25 01:43 . 2015-10-01 18:00 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-11-25 01:43 . 2015-10-01 18:00 2103296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2015-11-25 01:43 . 2015-10-01 17:50 939520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-11-25 01:43 . 2015-10-01 17:50 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-11-25 01:43 . 2015-10-01 17:50 1415168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
2015-11-25 01:43 . 2015-10-01 18:00 169984 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2015-11-25 01:43 . 2015-10-01 18:00 353280 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll
2015-11-25 01:43 . 2015-10-01 17:50 126464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll
2015-11-25 01:43 . 2015-10-01 17:50 274944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll
2015-11-25 01:32 . 2015-11-25 01:32 -------- d-----w- C:\$Windows.~BT
2015-11-25 01:30 . 2015-11-25 01:30 -------- d-----w- c:\windows\SysWow64\syncdb
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-11 05:10 . 2015-09-26 03:27 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-12-09 03:39 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-25 02:07 . 2015-04-12 07:32 145617392 ----a-w- c:\windows\system32\MRT.exe
2015-10-20 00:45 . 2015-11-25 01:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-13 09:29 . 2015-10-13 09:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-10-13 09:22 . 2015-10-13 09:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-01 18:06 . 2015-10-14 23:11 692672 ----a-w- c:\windows\system32\winload.efi
2015-10-01 18:04 . 2015-10-14 23:11 616360 ----a-w- c:\windows\system32\winresume.efi
2015-10-01 18:00 . 2015-10-14 23:11 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 18:00 . 2015-10-14 23:11 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 18:00 . 2015-10-14 23:11 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 18:00 . 2015-10-14 23:11 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 18:00 . 2015-10-14 23:11 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 17:50 . 2015-10-14 23:11 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-10-01 17:00 . 2015-10-14 23:11 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-18 19:22 . 2015-10-14 23:11 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 19:19 . 2015-10-14 23:11 700416 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 19:19 . 2015-10-14 23:11 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 19:19 . 2015-10-14 23:11 503808 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 19:19 . 2015-10-14 23:11 1291264 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 19:19 . 2015-10-14 23:11 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 19:09 . 2015-10-14 23:11 1163776 ----a-w- c:\windows\system32\aeinv.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZALFree"="c:\program files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" [2015-11-05 8980016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R4 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
R4 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 43452883
*NewlyCreated* - KEYCRYPT
*Deregistered* - 43452883
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-26 19:45]
.
2015-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-26 19:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: google.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\YoMama\AppData\Roaming\Mozilla\Firefox\Profiles\5zusdo9v.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-12-10  21:52:29
ComboFix-quarantined-files.txt  2015-12-11 05:52
ComboFix2.txt  2015-12-11 05:22
ComboFix3.txt  2015-04-08 03:38
.
Pre-Run: 696,951,414,784 bytes free
Post-Run: 696,887,881,728 bytes free
.
- - End Of File - - C2D8F568A55005A6F086A7376FBDC452
A36C5E4F47E84449FF07ED3517B43A31

========= End of CMD: =========

=========  type C:\TDSSKiller.3.1.0.8_10.12.2015_19.45.49_log.txt =========

19:45:49.0992 0x0e50  TDSS rootkit removing tool 3.1.0.8 Dec  5 2015 01:19:03
19:45:58.0650 0x0e50  ============================================================
19:45:58.0650 0x0e50  Current date / time: 2015/12/10 19:45:58.0650
19:45:58.0650 0x0e50  SystemInfo:
19:45:58.0650 0x0e50 
19:45:58.0650 0x0e50  OS Version: 6.1.7601 ServicePack: 1.0
19:45:58.0650 0x0e50  Product type: Workstation
19:45:58.0650 0x0e50  ComputerName: YOMAMA-PC
19:45:58.0650 0x0e50  UserName: YoMama
19:45:58.0650 0x0e50  Windows directory: C:\Windows
19:45:58.0650 0x0e50  System windows directory: C:\Windows
19:45:58.0650 0x0e50  Running under WOW64
19:45:58.0650 0x0e50  Processor architecture: Intel x64
19:45:58.0650 0x0e50  Number of processors: 4
19:45:58.0650 0x0e50  Page size: 0x1000
19:45:58.0650 0x0e50  Boot type: Normal boot
19:45:58.0650 0x0e50  ============================================================
19:46:01.0334 0x0e50  KLMD registered as C:\Windows\system32\drivers\89537229.sys
19:46:02.0348 0x0e50  System UUID: {A703D73C-F65C-7237-71B8-A23E824F73E2}
19:46:03.0174 0x0e50  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:46:03.0939 0x0e50  ============================================================
19:46:03.0939 0x0e50  \Device\Harddisk0\DR0:
19:46:03.0970 0x0e50  MBR partitions:
19:46:03.0970 0x0e50  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:46:03.0970 0x0e50  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
19:46:03.0970 0x0e50  ============================================================
19:46:04.0032 0x0e50  C: <-> \Device\Harddisk0\DR0\Partition2
19:46:04.0032 0x0e50  ============================================================
19:46:04.0032 0x0e50  Initialize success
19:46:04.0032 0x0e50  ============================================================
19:46:28.0478 0x0e0c  ============================================================
19:46:28.0478 0x0e0c  Scan started
19:46:28.0478 0x0e0c  Mode: Manual; SigCheck; TDLFS;
19:46:28.0478 0x0e0c  ============================================================
19:46:28.0478 0x0e0c  KSN ping started
19:46:30.0974 0x0e0c  KSN ping finished: true
19:46:32.0612 0x0e0c  ================ Scan system memory ========================
19:46:32.0612 0x0e0c  System memory - ok
19:46:32.0612 0x0e0c  ================ Scan services =============================
19:46:32.0752 0x0e0c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:46:32.0830 0x0e0c  1394ohci - ok
19:46:32.0861 0x0e0c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:46:32.0877 0x0e0c  ACPI - ok
19:46:32.0892 0x0e0c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:46:32.0970 0x0e0c  AcpiPmi - ok
19:46:33.0111 0x0e0c  [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:46:33.0126 0x0e0c  AdobeARMservice - ok
19:46:33.0189 0x0e0c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:46:33.0204 0x0e0c  adp94xx - ok
19:46:33.0236 0x0e0c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:46:33.0251 0x0e0c  adpahci - ok
19:46:33.0298 0x0e0c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:46:33.0298 0x0e0c  adpu320 - ok
19:46:33.0329 0x0e0c  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:46:33.0392 0x0e0c  AeLookupSvc - ok
19:46:33.0423 0x0e0c  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
19:46:33.0516 0x0e0c  AFD - ok
19:46:33.0548 0x0e0c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:46:33.0563 0x0e0c  agp440 - ok
19:46:33.0594 0x0e0c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:46:33.0641 0x0e0c  ALG - ok
19:46:33.0672 0x0e0c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:46:33.0688 0x0e0c  aliide - ok
19:46:33.0704 0x0e0c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:46:33.0719 0x0e0c  amdide - ok
19:46:33.0766 0x0e0c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:46:33.0797 0x0e0c  AmdK8 - ok
19:46:33.0813 0x0e0c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:46:33.0828 0x0e0c  AmdPPM - ok
19:46:33.0860 0x0e0c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:46:33.0875 0x0e0c  amdsata - ok
19:46:33.0891 0x0e0c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:46:33.0906 0x0e0c  amdsbs - ok
19:46:33.0922 0x0e0c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:46:33.0922 0x0e0c  amdxata - ok
19:46:33.0969 0x0e0c  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
19:46:34.0000 0x0e0c  AppID - ok
19:46:34.0031 0x0e0c  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:46:34.0062 0x0e0c  AppIDSvc - ok
19:46:34.0125 0x0e0c  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
19:46:34.0172 0x0e0c  Appinfo - ok
19:46:34.0218 0x0e0c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
19:46:34.0218 0x0e0c  arc - ok
19:46:34.0250 0x0e0c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:46:34.0265 0x0e0c  arcsas - ok
19:46:34.0359 0x0e0c  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:46:34.0374 0x0e0c  aspnet_state - ok
19:46:34.0406 0x0e0c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:46:34.0530 0x0e0c  AsyncMac - ok
19:46:34.0562 0x0e0c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:46:34.0577 0x0e0c  atapi - ok
19:46:34.0640 0x0e0c  [ E857EEE6B92AAA473EBB3465ADD8F7E7, 1C7E4737E649A025B3C4974A4F7D1353EAB85561FC8ED54E5C22A777E1A189B3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:46:34.0733 0x0e0c  athr - ok
19:46:34.0796 0x0e0c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:46:34.0874 0x0e0c  AudioEndpointBuilder - ok
19:46:34.0905 0x0e0c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:46:34.0936 0x0e0c  AudioSrv - ok
19:46:34.0983 0x0e0c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:46:35.0061 0x0e0c  AxInstSV - ok
19:46:35.0108 0x0e0c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:46:35.0170 0x0e0c  b06bdrv - ok
19:46:35.0201 0x0e0c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:46:35.0232 0x0e0c  b57nd60a - ok
19:46:35.0279 0x0e0c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:46:35.0326 0x0e0c  BDESVC - ok
19:46:35.0357 0x0e0c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:46:35.0404 0x0e0c  Beep - ok
19:46:35.0466 0x0e0c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:46:35.0544 0x0e0c  BFE - ok
19:46:35.0591 0x0e0c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
19:46:35.0685 0x0e0c  BITS - ok
19:46:35.0716 0x0e0c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:46:35.0732 0x0e0c  blbdrive - ok
19:46:35.0763 0x0e0c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:46:35.0841 0x0e0c  bowser - ok
19:46:35.0856 0x0e0c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:46:35.0872 0x0e0c  BrFiltLo - ok
19:46:35.0888 0x0e0c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:46:35.0903 0x0e0c  BrFiltUp - ok
19:46:35.0934 0x0e0c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:46:35.0981 0x0e0c  BridgeMP - ok
19:46:36.0044 0x0e0c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:46:36.0106 0x0e0c  Browser - ok
19:46:36.0122 0x0e0c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:46:36.0200 0x0e0c  Brserid - ok
19:46:36.0231 0x0e0c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:46:36.0262 0x0e0c  BrSerWdm - ok
19:46:36.0278 0x0e0c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:46:36.0309 0x0e0c  BrUsbMdm - ok
19:46:36.0340 0x0e0c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:46:36.0356 0x0e0c  BrUsbSer - ok
19:46:36.0371 0x0e0c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:46:36.0387 0x0e0c  BTHMODEM - ok
19:46:36.0402 0x0e0c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:46:36.0465 0x0e0c  bthserv - ok
19:46:36.0512 0x0e0c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:46:36.0543 0x0e0c  cdfs - ok
19:46:36.0636 0x0e0c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:46:36.0668 0x0e0c  cdrom - ok
19:46:36.0714 0x0e0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:46:36.0777 0x0e0c  CertPropSvc - ok
19:46:36.0792 0x0e0c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:46:36.0824 0x0e0c  circlass - ok
19:46:36.0870 0x0e0c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
19:46:36.0886 0x0e0c  CLFS - ok
19:46:36.0948 0x0e0c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:36.0948 0x0e0c  clr_optimization_v2.0.50727_32 - ok
19:46:36.0980 0x0e0c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:46:36.0995 0x0e0c  clr_optimization_v2.0.50727_64 - ok
19:46:37.0058 0x0e0c  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:46:37.0073 0x0e0c  clr_optimization_v4.0.30319_32 - ok
19:46:37.0089 0x0e0c  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:46:37.0104 0x0e0c  clr_optimization_v4.0.30319_64 - ok
19:46:37.0136 0x0e0c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:46:37.0151 0x0e0c  CmBatt - ok
19:46:37.0182 0x0e0c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:46:37.0198 0x0e0c  cmdide - ok
19:46:37.0245 0x0e0c  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:46:37.0260 0x0e0c  CNG - ok
19:46:37.0307 0x0e0c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:46:37.0307 0x0e0c  Compbatt - ok
19:46:37.0338 0x0e0c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:46:37.0370 0x0e0c  CompositeBus - ok
19:46:37.0401 0x0e0c  COMSysApp - ok
19:46:37.0494 0x0e0c  [ 66492FB9826C29CCD0E491AF1FDB5FDB, 34BD6D3156D9773686B86EEF6EF5BE0270A0508D26E3A55B3F2B0805B3C44E5D ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:46:37.0510 0x0e0c  cphs - ok
19:46:37.0526 0x0e0c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:46:37.0541 0x0e0c  crcdisk - ok
19:46:37.0604 0x0e0c  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:46:37.0635 0x0e0c  CryptSvc - ok
19:46:37.0666 0x0e0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:46:37.0728 0x0e0c  DcomLaunch - ok
19:46:37.0775 0x0e0c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:46:37.0838 0x0e0c  defragsvc - ok
19:46:37.0884 0x0e0c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:46:37.0931 0x0e0c  DfsC - ok
19:46:37.0994 0x0e0c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:46:38.0072 0x0e0c  Dhcp - ok
19:46:38.0228 0x0e0c  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
19:46:38.0337 0x0e0c  DiagTrack - ok
19:46:38.0352 0x0e0c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:46:38.0399 0x0e0c  discache - ok
19:46:38.0462 0x0e0c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
19:46:38.0477 0x0e0c  Disk - ok
19:46:38.0493 0x0e0c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:46:38.0555 0x0e0c  Dnscache - ok
19:46:38.0571 0x0e0c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:46:38.0618 0x0e0c  dot3svc - ok
19:46:38.0633 0x0e0c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:46:38.0696 0x0e0c  DPS - ok
19:46:38.0742 0x0e0c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:46:38.0789 0x0e0c  drmkaud - ok
19:46:38.0852 0x0e0c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:46:38.0883 0x0e0c  DXGKrnl - ok
19:46:38.0945 0x0e0c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:46:38.0992 0x0e0c  EapHost - ok
19:46:39.0101 0x0e0c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:46:39.0195 0x0e0c  ebdrv - ok
19:46:39.0257 0x0e0c  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS             C:\Windows\System32\lsass.exe
19:46:39.0288 0x0e0c  EFS - ok
19:46:39.0382 0x0e0c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:46:39.0460 0x0e0c  ehRecvr - ok
19:46:39.0460 0x0e0c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:46:39.0507 0x0e0c  ehSched - ok
19:46:39.0569 0x0e0c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:46:39.0600 0x0e0c  elxstor - ok
19:46:39.0600 0x0e0c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:46:39.0632 0x0e0c  ErrDev - ok
19:46:39.0694 0x0e0c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:46:39.0725 0x0e0c  EventSystem - ok
19:46:39.0866 0x0e0c  [ 9D78D6D795393291029A587D25F65949, 76570673AA788A8F725EDA2A7B991F8E12D66ADE5F12E38D87E85C5E6CCD140E ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:46:39.0881 0x0e0c  EvtEng - ok
19:46:39.0912 0x0e0c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:46:39.0944 0x0e0c  exfat - ok
19:46:39.0975 0x0e0c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:46:40.0022 0x0e0c  fastfat - ok
19:46:40.0053 0x0e0c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
19:46:40.0084 0x0e0c  fdc - ok
19:46:40.0115 0x0e0c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:46:40.0178 0x0e0c  fdPHost - ok
19:46:40.0193 0x0e0c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:46:40.0256 0x0e0c  FDResPub - ok
19:46:40.0302 0x0e0c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:46:40.0318 0x0e0c  FileInfo - ok
19:46:40.0318 0x0e0c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:46:40.0380 0x0e0c  Filetrace - ok
19:46:40.0427 0x0e0c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:46:40.0458 0x0e0c  flpydisk - ok
19:46:40.0490 0x0e0c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:46:40.0521 0x0e0c  FltMgr - ok
19:46:40.0583 0x0e0c  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
19:46:40.0692 0x0e0c  FontCache - ok
19:46:40.0708 0x0e0c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:46:40.0724 0x0e0c  FsDepends - ok
19:46:40.0755 0x0e0c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:46:40.0755 0x0e0c  Fs_Rec - ok
19:46:40.0802 0x0e0c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:46:40.0817 0x0e0c  fvevol - ok
19:46:40.0848 0x0e0c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:46:40.0864 0x0e0c  gagp30kx - ok
19:46:40.0989 0x0e0c  [ F51B9E62A3B99AB8487499D2783D5A9F, 834C06B84141907F4620D631D87F7F688226C9C7B6189D1CE900055B6775B760 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
19:46:41.0004 0x0e0c  Garmin Device Interaction Service - ok
19:46:41.0067 0x0e0c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:46:41.0145 0x0e0c  gpsvc - ok
19:46:41.0223 0x0e0c  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:46:41.0223 0x0e0c  gupdate - ok
19:46:41.0254 0x0e0c  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:46:41.0254 0x0e0c  gupdatem - ok
19:46:41.0270 0x0e0c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:46:41.0301 0x0e0c  hcw85cir - ok
19:46:41.0348 0x0e0c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:46:41.0363 0x0e0c  HdAudAddService - ok
19:46:41.0394 0x0e0c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:46:41.0426 0x0e0c  HDAudBus - ok
19:46:41.0441 0x0e0c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:46:41.0472 0x0e0c  HidBatt - ok
19:46:41.0504 0x0e0c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:46:41.0519 0x0e0c  HidBth - ok
19:46:41.0535 0x0e0c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:46:41.0566 0x0e0c  HidIr - ok
19:46:41.0613 0x0e0c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
19:46:41.0660 0x0e0c  hidserv - ok
19:46:41.0722 0x0e0c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:46:41.0753 0x0e0c  HidUsb - ok
19:46:41.0784 0x0e0c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:46:41.0816 0x0e0c  hkmsvc - ok
19:46:41.0831 0x0e0c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:46:41.0862 0x0e0c  HomeGroupListener - ok
19:46:41.0894 0x0e0c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:46:41.0909 0x0e0c  HomeGroupProvider - ok
19:46:41.0940 0x0e0c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:46:41.0956 0x0e0c  HpSAMD - ok
19:46:42.0003 0x0e0c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:46:42.0065 0x0e0c  HTTP - ok
19:46:42.0065 0x0e0c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:46:42.0081 0x0e0c  hwpolicy - ok
19:46:42.0096 0x0e0c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:46:42.0112 0x0e0c  i8042prt - ok
19:46:42.0174 0x0e0c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:46:42.0190 0x0e0c  iaStorV - ok
19:46:42.0190 0x0e0c  IEEtwCollectorService - ok
19:46:42.0346 0x0e0c  [ 3203DD8BBB0E8E26550C4D7B58617F3C, 5A4BABE3EEFD06F05538407E31873536EA47C4FD66C960611A73AC395DFB292A ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:46:42.0471 0x0e0c  igfx - ok
19:46:42.0549 0x0e0c  [ 361529DF1EBD05E0B15E1026DCCC1885, 8D3182D3861F4854E6C169701BE74015EF941004A538B1971C8FE853CE84AC20 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
19:46:42.0564 0x0e0c  igfxCUIService1.0.0.0 - ok
19:46:42.0596 0x0e0c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:46:42.0611 0x0e0c  iirsp - ok
19:46:42.0674 0x0e0c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:46:42.0720 0x0e0c  IKEEXT - ok
19:46:42.0752 0x0e0c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:46:42.0752 0x0e0c  intelide - ok
19:46:42.0783 0x0e0c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:46:42.0830 0x0e0c  intelppm - ok
19:46:42.0876 0x0e0c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:46:42.0923 0x0e0c  IPBusEnum - ok
19:46:42.0954 0x0e0c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:46:42.0986 0x0e0c  IpFilterDriver - ok
19:46:43.0032 0x0e0c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:46:43.0110 0x0e0c  iphlpsvc - ok
19:46:43.0126 0x0e0c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:46:43.0142 0x0e0c  IPMIDRV - ok
19:46:43.0157 0x0e0c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:46:43.0188 0x0e0c  IPNAT - ok
19:46:43.0204 0x0e0c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:46:43.0251 0x0e0c  IRENUM - ok
19:46:43.0282 0x0e0c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:46:43.0298 0x0e0c  isapnp - ok
19:46:43.0329 0x0e0c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:46:43.0329 0x0e0c  iScsiPrt - ok
19:46:43.0376 0x0e0c  [ 4EE2423C38F43D37F8497A672FD10BDC, 031C5272DD28809255CF4FA8E6DE45DBFBD9A363BBD5156D0AEE0787C4297980 ] ISCT            C:\Windows\system32\DRIVERS\ISCTD64.sys
19:46:43.0391 0x0e0c  ISCT - ok
19:46:43.0407 0x0e0c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:46:43.0407 0x0e0c  kbdclass - ok
19:46:43.0438 0x0e0c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:46:43.0469 0x0e0c  kbdhid - ok
19:46:43.0500 0x0e0c  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso          C:\Windows\system32\lsass.exe
19:46:43.0516 0x0e0c  KeyIso - ok
19:46:43.0547 0x0e0c  [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:46:43.0547 0x0e0c  KSecDD - ok
19:46:43.0563 0x0e0c  [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:46:43.0578 0x0e0c  KSecPkg - ok
19:46:43.0610 0x0e0c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:46:43.0641 0x0e0c  ksthunk - ok
19:46:43.0672 0x0e0c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:46:43.0719 0x0e0c  KtmRm - ok
19:46:43.0766 0x0e0c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:46:43.0812 0x0e0c  LanmanServer - ok
19:46:43.0828 0x0e0c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:46:43.0875 0x0e0c  LanmanWorkstation - ok
19:46:43.0937 0x0e0c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:46:43.0968 0x0e0c  lltdio - ok
19:46:43.0984 0x0e0c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:46:44.0046 0x0e0c  lltdsvc - ok
19:46:44.0093 0x0e0c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:46:44.0124 0x0e0c  lmhosts - ok
19:46:44.0156 0x0e0c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:46:44.0156 0x0e0c  LSI_FC - ok
19:46:44.0187 0x0e0c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:46:44.0187 0x0e0c  LSI_SAS - ok
19:46:44.0202 0x0e0c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:46:44.0218 0x0e0c  LSI_SAS2 - ok
19:46:44.0234 0x0e0c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:46:44.0249 0x0e0c  LSI_SCSI - ok
19:46:44.0265 0x0e0c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:46:44.0343 0x0e0c  luafv - ok
19:46:44.0390 0x0e0c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:46:44.0390 0x0e0c  Mcx2Svc - ok
19:46:44.0421 0x0e0c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:46:44.0436 0x0e0c  megasas - ok
19:46:44.0468 0x0e0c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:46:44.0483 0x0e0c  MegaSR - ok
19:46:44.0514 0x0e0c  [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
19:46:44.0514 0x0e0c  MEIx64 - ok
19:46:44.0546 0x0e0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:46:44.0592 0x0e0c  MMCSS - ok
19:46:44.0639 0x0e0c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:46:44.0702 0x0e0c  Modem - ok
19:46:44.0733 0x0e0c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:46:44.0748 0x0e0c  monitor - ok
19:46:44.0780 0x0e0c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:46:44.0795 0x0e0c  mouclass - ok
19:46:44.0811 0x0e0c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:46:44.0811 0x0e0c  mouhid - ok
19:46:44.0858 0x0e0c  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:46:44.0858 0x0e0c  mountmgr - ok
19:46:44.0904 0x0e0c  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:46:44.0920 0x0e0c  MpFilter - ok
19:46:44.0951 0x0e0c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:46:44.0967 0x0e0c  mpio - ok
19:46:44.0982 0x0e0c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:46:45.0045 0x0e0c  mpsdrv - ok
19:46:45.0092 0x0e0c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:46:45.0170 0x0e0c  MpsSvc - ok
19:46:45.0201 0x0e0c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:46:45.0263 0x0e0c  MRxDAV - ok
19:46:45.0294 0x0e0c  [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:46:45.0310 0x0e0c  mrxsmb - ok
19:46:45.0326 0x0e0c  [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:46:45.0357 0x0e0c  mrxsmb10 - ok
19:46:45.0388 0x0e0c  [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:46:45.0419 0x0e0c  mrxsmb20 - ok
19:46:45.0450 0x0e0c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:46:45.0466 0x0e0c  msahci - ok
19:46:45.0497 0x0e0c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:46:45.0513 0x0e0c  msdsm - ok
19:46:45.0528 0x0e0c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:46:45.0575 0x0e0c  MSDTC - ok
19:46:45.0606 0x0e0c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:46:45.0669 0x0e0c  Msfs - ok
19:46:45.0684 0x0e0c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:46:45.0747 0x0e0c  mshidkmdf - ok
19:46:45.0778 0x0e0c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:46:45.0794 0x0e0c  msisadrv - ok
19:46:45.0825 0x0e0c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:46:45.0872 0x0e0c  MSiSCSI - ok
19:46:45.0887 0x0e0c  msiserver - ok
19:46:45.0918 0x0e0c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:46:45.0965 0x0e0c  MSKSSRV - ok
19:46:46.0043 0x0e0c  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:46:46.0059 0x0e0c  MsMpSvc - ok
19:46:46.0106 0x0e0c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:46:46.0168 0x0e0c  MSPCLOCK - ok
19:46:46.0168 0x0e0c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:46:46.0230 0x0e0c  MSPQM - ok
19:46:46.0262 0x0e0c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:46:46.0293 0x0e0c  MsRPC - ok
19:46:46.0308 0x0e0c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:46:46.0324 0x0e0c  mssmbios - ok
19:46:46.0340 0x0e0c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:46:46.0371 0x0e0c  MSTEE - ok
19:46:46.0386 0x0e0c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:46:46.0418 0x0e0c  MTConfig - ok
19:46:46.0449 0x0e0c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:46:46.0449 0x0e0c  Mup - ok
19:46:46.0511 0x0e0c  [ D7817027F42377B94F53A8F9CDF6A3D3, F7A707E383732A1F6283F0C79591C7D4CC32EAA58F071E7E930E57AC820F55D5 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:46:46.0511 0x0e0c  MyWiFiDHCPDNS - ok
19:46:46.0558 0x0e0c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:46:46.0620 0x0e0c  napagent - ok
19:46:46.0714 0x0e0c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:46:46.0730 0x0e0c  NativeWifiP - ok
19:46:46.0792 0x0e0c  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:46:46.0823 0x0e0c  NDIS - ok
19:46:46.0839 0x0e0c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:46:46.0886 0x0e0c  NdisCap - ok
19:46:46.0917 0x0e0c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:46:46.0948 0x0e0c  NdisTapi - ok
19:46:46.0964 0x0e0c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:46:46.0995 0x0e0c  Ndisuio - ok
19:46:47.0010 0x0e0c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:46:47.0073 0x0e0c  NdisWan - ok
19:46:47.0104 0x0e0c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:46:47.0151 0x0e0c  NDProxy - ok
19:46:47.0182 0x0e0c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:46:47.0229 0x0e0c  NetBIOS - ok
19:46:47.0244 0x0e0c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:46:47.0276 0x0e0c  NetBT - ok
19:46:47.0307 0x0e0c  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon        C:\Windows\system32\lsass.exe
19:46:47.0322 0x0e0c  Netlogon - ok
19:46:47.0338 0x0e0c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:46:47.0385 0x0e0c  Netman - ok
19:46:47.0416 0x0e0c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:47.0432 0x0e0c  NetMsmqActivator - ok
19:46:47.0432 0x0e0c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:47.0447 0x0e0c  NetPipeActivator - ok
19:46:47.0463 0x0e0c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:46:47.0510 0x0e0c  netprofm - ok
19:46:47.0525 0x0e0c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:47.0525 0x0e0c  NetTcpActivator - ok
19:46:47.0556 0x0e0c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:46:47.0572 0x0e0c  NetTcpPortSharing - ok
19:46:47.0697 0x0e0c  [ 773D7C904DFF2167FC3B1995728E5A5C, A5F0274861A376BBDC1F5312EA7FD7CEF6911EA2CB9E82317A54662D6437FCFD ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw02.sys
19:46:47.0790 0x0e0c  NETwNs64 - ok
19:46:47.0837 0x0e0c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:46:47.0853 0x0e0c  nfrd960 - ok
19:46:47.0884 0x0e0c  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:46:47.0900 0x0e0c  NisDrv - ok
19:46:47.0931 0x0e0c  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
19:46:47.0962 0x0e0c  NisSrv - ok
19:46:48.0009 0x0e0c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:46:48.0040 0x0e0c  NlaSvc - ok
19:46:48.0056 0x0e0c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:46:48.0087 0x0e0c  Npfs - ok
19:46:48.0118 0x0e0c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:46:48.0180 0x0e0c  nsi - ok
19:46:48.0212 0x0e0c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:46:48.0274 0x0e0c  nsiproxy - ok
19:46:48.0352 0x0e0c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:46:48.0399 0x0e0c  Ntfs - ok
19:46:48.0414 0x0e0c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:46:48.0446 0x0e0c  Null - ok
19:46:48.0477 0x0e0c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:46:48.0477 0x0e0c  nvraid - ok
19:46:48.0508 0x0e0c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:46:48.0508 0x0e0c  nvstor - ok
19:46:48.0539 0x0e0c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:46:48.0539 0x0e0c  nv_agp - ok
19:46:48.0570 0x0e0c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:46:48.0602 0x0e0c  ohci1394 - ok
19:46:48.0633 0x0e0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:46:48.0726 0x0e0c  p2pimsvc - ok
19:46:48.0742 0x0e0c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:46:48.0758 0x0e0c  p2psvc - ok
19:46:48.0789 0x0e0c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
19:46:48.0820 0x0e0c  Parport - ok
19:46:48.0851 0x0e0c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:46:48.0867 0x0e0c  partmgr - ok
19:46:48.0898 0x0e0c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:46:48.0960 0x0e0c  PcaSvc - ok
19:46:49.0007 0x0e0c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:46:49.0023 0x0e0c  pci - ok
19:46:49.0038 0x0e0c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:46:49.0054 0x0e0c  pciide - ok
19:46:49.0070 0x0e0c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:46:49.0070 0x0e0c  pcmcia - ok
19:46:49.0101 0x0e0c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:46:49.0101 0x0e0c  pcw - ok
19:46:49.0148 0x0e0c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:46:49.0194 0x0e0c  PEAUTH - ok
19:46:49.0272 0x0e0c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:46:49.0288 0x0e0c  PerfHost - ok
19:46:49.0382 0x0e0c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:46:49.0475 0x0e0c  pla - ok
19:46:49.0522 0x0e0c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:46:49.0569 0x0e0c  PlugPlay - ok
19:46:49.0584 0x0e0c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:46:49.0631 0x0e0c  PNRPAutoReg - ok
19:46:49.0662 0x0e0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:46:49.0678 0x0e0c  PNRPsvc - ok
19:46:49.0725 0x0e0c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:46:49.0772 0x0e0c  PolicyAgent - ok
19:46:49.0803 0x0e0c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:46:49.0865 0x0e0c  Power - ok
19:46:49.0912 0x0e0c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:46:49.0974 0x0e0c  PptpMiniport - ok
19:46:50.0006 0x0e0c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
19:46:50.0037 0x0e0c  Processor - ok
19:46:50.0068 0x0e0c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:46:50.0115 0x0e0c  ProfSvc - ok
19:46:50.0115 0x0e0c  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:46:50.0130 0x0e0c  ProtectedStorage - ok
19:46:50.0162 0x0e0c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:46:50.0208 0x0e0c  Psched - ok
19:46:50.0271 0x0e0c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:46:50.0318 0x0e0c  ql2300 - ok
19:46:50.0364 0x0e0c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:46:50.0364 0x0e0c  ql40xx - ok
19:46:50.0411 0x0e0c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:46:50.0427 0x0e0c  QWAVE - ok
19:46:50.0442 0x0e0c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:46:50.0474 0x0e0c  QWAVEdrv - ok
19:46:50.0505 0x0e0c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:46:50.0552 0x0e0c  RasAcd - ok
19:46:50.0598 0x0e0c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:46:50.0676 0x0e0c  RasAgileVpn - ok
19:46:50.0708 0x0e0c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:46:50.0739 0x0e0c  RasAuto - ok
19:46:50.0770 0x0e0c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:46:50.0817 0x0e0c  Rasl2tp - ok
19:46:50.0848 0x0e0c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:46:50.0910 0x0e0c  RasMan - ok
19:46:50.0942 0x0e0c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:46:51.0004 0x0e0c  RasPppoe - ok
19:46:51.0020 0x0e0c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:46:51.0066 0x0e0c  RasSstp - ok
19:46:51.0098 0x0e0c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:46:51.0144 0x0e0c  rdbss - ok
19:46:51.0176 0x0e0c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:46:51.0207 0x0e0c  rdpbus - ok
19:46:51.0238 0x0e0c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:46:51.0300 0x0e0c  RDPCDD - ok
19:46:51.0316 0x0e0c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:46:51.0378 0x0e0c  RDPENCDD - ok
19:46:51.0410 0x0e0c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:46:51.0456 0x0e0c  RDPREFMP - ok
19:46:51.0488 0x0e0c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:46:51.0550 0x0e0c  RDPWD - ok
19:46:51.0566 0x0e0c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:46:51.0581 0x0e0c  rdyboost - ok
19:46:51.0628 0x0e0c  [ A2F664C5556A37F60D9DE89A0AE3510C, 630AB93C1BC8EBF1EA9CAFF644EE09E41AD45695AA9AC09DDA67B4ADB23CC5BC ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:46:51.0644 0x0e0c  RegSrvc - ok
19:46:51.0675 0x0e0c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:46:51.0722 0x0e0c  RemoteAccess - ok
19:46:51.0768 0x0e0c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:46:51.0800 0x0e0c  RemoteRegistry - ok
19:46:51.0815 0x0e0c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:46:51.0846 0x0e0c  RpcEptMapper - ok
19:46:51.0862 0x0e0c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:46:51.0878 0x0e0c  RpcLocator - ok
19:46:51.0909 0x0e0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
19:46:51.0956 0x0e0c  RpcSs - ok
19:46:51.0987 0x0e0c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:46:52.0034 0x0e0c  rspndr - ok
19:46:52.0112 0x0e0c  [ DCF7221D6588EDA8CD77CB27AE9B1844, 7741A4F513952CC3C4D5056958D0D50F8F2A9D3142C7478707F73A83D3CDE01C ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:46:52.0143 0x0e0c  RTL8167 - ok
19:46:52.0158 0x0e0c  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs           C:\Windows\system32\lsass.exe
19:46:52.0158 0x0e0c  SamSs - ok
19:46:52.0174 0x0e0c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:46:52.0190 0x0e0c  sbp2port - ok
19:46:52.0236 0x0e0c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:46:52.0299 0x0e0c  SCardSvr - ok
19:46:52.0346 0x0e0c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:46:52.0377 0x0e0c  scfilter - ok
19:46:52.0439 0x0e0c  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
19:46:52.0517 0x0e0c  Schedule - ok
19:46:52.0548 0x0e0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:46:52.0580 0x0e0c  SCPolicySvc - ok
19:46:52.0595 0x0e0c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:46:52.0658 0x0e0c  SDRSVC - ok
19:46:52.0689 0x0e0c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:46:52.0704 0x0e0c  secdrv - ok
19:46:52.0736 0x0e0c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:46:52.0767 0x0e0c  seclogon - ok
19:46:52.0782 0x0e0c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
19:46:52.0814 0x0e0c  SENS - ok
19:46:52.0845 0x0e0c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:46:52.0907 0x0e0c  SensrSvc - ok
19:46:52.0923 0x0e0c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:46:52.0938 0x0e0c  Serenum - ok
19:46:52.0970 0x0e0c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
19:46:53.0001 0x0e0c  Serial - ok
19:46:53.0048 0x0e0c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:46:53.0079 0x0e0c  sermouse - ok
19:46:53.0110 0x0e0c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:46:53.0172 0x0e0c  SessionEnv - ok
19:46:53.0188 0x0e0c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:46:53.0219 0x0e0c  sffdisk - ok
19:46:53.0219 0x0e0c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:46:53.0235 0x0e0c  sffp_mmc - ok
19:46:53.0250 0x0e0c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:46:53.0266 0x0e0c  sffp_sd - ok
19:46:53.0282 0x0e0c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:46:53.0313 0x0e0c  sfloppy - ok
19:46:53.0360 0x0e0c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:46:53.0422 0x0e0c  SharedAccess - ok
19:46:53.0453 0x0e0c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:46:53.0500 0x0e0c  ShellHWDetection - ok
19:46:53.0547 0x0e0c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:46:53.0578 0x0e0c  SiSRaid2 - ok
19:46:53.0594 0x0e0c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:46:53.0609 0x0e0c  SiSRaid4 - ok
19:46:53.0625 0x0e0c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:46:53.0656 0x0e0c  Smb - ok
19:46:53.0703 0x0e0c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:46:53.0734 0x0e0c  SNMPTRAP - ok
19:46:53.0765 0x0e0c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:46:53.0781 0x0e0c  spldr - ok
19:46:53.0812 0x0e0c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
19:46:53.0859 0x0e0c  Spooler - ok
19:46:53.0984 0x0e0c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:46:54.0108 0x0e0c  sppsvc - ok
19:46:54.0140 0x0e0c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:46:54.0186 0x0e0c  sppuinotify - ok
19:46:54.0233 0x0e0c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:46:54.0280 0x0e0c  srv - ok
19:46:54.0311 0x0e0c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:46:54.0342 0x0e0c  srv2 - ok
19:46:54.0358 0x0e0c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:46:54.0389 0x0e0c  srvnet - ok
19:46:54.0420 0x0e0c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:46:54.0483 0x0e0c  SSDPSRV - ok
19:46:54.0498 0x0e0c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:46:54.0530 0x0e0c  SstpSvc - ok
19:46:54.0561 0x0e0c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:46:54.0561 0x0e0c  stexstor - ok
19:46:54.0608 0x0e0c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:46:54.0639 0x0e0c  stisvc - ok
19:46:54.0654 0x0e0c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:46:54.0654 0x0e0c  swenum - ok
19:46:54.0701 0x0e0c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:46:54.0764 0x0e0c  swprv - ok
19:46:54.0842 0x0e0c  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
19:46:54.0951 0x0e0c  SysMain - ok
19:46:54.0982 0x0e0c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:46:55.0013 0x0e0c  TabletInputService - ok
19:46:55.0044 0x0e0c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:46:55.0091 0x0e0c  TapiSrv - ok
19:46:55.0122 0x0e0c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:46:55.0169 0x0e0c  TBS - ok
19:46:55.0278 0x0e0c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:46:55.0325 0x0e0c  Tcpip - ok
19:46:55.0388 0x0e0c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:46:55.0450 0x0e0c  TCPIP6 - ok
19:46:55.0466 0x0e0c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:46:55.0481 0x0e0c  tcpipreg - ok
19:46:55.0497 0x0e0c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:46:55.0512 0x0e0c  TDPIPE - ok
19:46:55.0544 0x0e0c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:46:55.0559 0x0e0c  TDTCP - ok
19:46:55.0590 0x0e0c  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:46:55.0622 0x0e0c  tdx - ok
19:46:55.0668 0x0e0c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:46:55.0668 0x0e0c  TermDD - ok
19:46:55.0715 0x0e0c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
19:46:55.0793 0x0e0c  TermService - ok
19:46:55.0840 0x0e0c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:46:55.0871 0x0e0c  Themes - ok
19:46:55.0902 0x0e0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:46:55.0934 0x0e0c  THREADORDER - ok
19:46:55.0965 0x0e0c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:46:56.0043 0x0e0c  TrkWks - ok
19:46:56.0121 0x0e0c  [ 5BD389925662396A52AEB64901D3C952, 8B6C99ADA6B39E16D055F18DB220C90AEE67E36B08AE5E117103D86C9A138834 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
19:46:56.0136 0x0e0c  TrueSight - ok
19:46:56.0199 0x0e0c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:46:56.0230 0x0e0c  TrustedInstaller - ok
19:46:56.0261 0x0e0c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:46:56.0277 0x0e0c  tssecsrv - ok
19:46:56.0308 0x0e0c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:46:56.0355 0x0e0c  TsUsbFlt - ok
19:46:56.0386 0x0e0c  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:46:56.0417 0x0e0c  TsUsbGD - ok
19:46:56.0464 0x0e0c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:46:56.0495 0x0e0c  tunnel - ok
19:46:56.0526 0x0e0c  [ 9A744CC3D804EC38A6C2C65BC3C6FCD8, 28CDF1A8614444F4A7249FB7189B423579CA91D1373138CD3E6C048CE6D2799F ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:46:56.0542 0x0e0c  TVALZ - ok
19:46:56.0573 0x0e0c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:46:56.0589 0x0e0c  uagp35 - ok
19:46:56.0604 0x0e0c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:46:56.0651 0x0e0c  udfs - ok
19:46:56.0698 0x0e0c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:46:56.0729 0x0e0c  UI0Detect - ok
19:46:56.0760 0x0e0c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:46:56.0776 0x0e0c  uliagpkx - ok
19:46:56.0792 0x0e0c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:46:56.0823 0x0e0c  umbus - ok
19:46:56.0838 0x0e0c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:46:56.0885 0x0e0c  UmPass - ok
19:46:56.0932 0x0e0c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:46:56.0963 0x0e0c  upnphost - ok
19:46:56.0994 0x0e0c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:46:57.0057 0x0e0c  usbccgp - ok
19:46:57.0072 0x0e0c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:46:57.0088 0x0e0c  usbcir - ok
19:46:57.0119 0x0e0c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:46:57.0119 0x0e0c  usbehci - ok
19:46:57.0166 0x0e0c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:46:57.0182 0x0e0c  usbhub - ok
19:46:57.0197 0x0e0c  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:46:57.0244 0x0e0c  usbohci - ok
19:46:57.0275 0x0e0c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:46:57.0291 0x0e0c  usbprint - ok
19:46:57.0338 0x0e0c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:46:57.0353 0x0e0c  usbscan - ok
19:46:57.0384 0x0e0c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:46:57.0431 0x0e0c  USBSTOR - ok
19:46:57.0462 0x0e0c  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:46:57.0478 0x0e0c  usbuhci - ok
19:46:57.0494 0x0e0c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:46:57.0525 0x0e0c  usbvideo - ok
19:46:57.0556 0x0e0c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:46:57.0603 0x0e0c  UxSms - ok
19:46:57.0618 0x0e0c  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc        C:\Windows\system32\lsass.exe
19:46:57.0634 0x0e0c  VaultSvc - ok
19:46:57.0634 0x0e0c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:46:57.0650 0x0e0c  vdrvroot - ok
19:46:57.0665 0x0e0c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:46:57.0712 0x0e0c  vds - ok
19:46:57.0743 0x0e0c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:46:57.0759 0x0e0c  vga - ok
19:46:57.0774 0x0e0c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:46:57.0806 0x0e0c  VgaSave - ok
19:46:57.0821 0x0e0c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:46:57.0837 0x0e0c  vhdmp - ok
19:46:57.0868 0x0e0c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:46:57.0868 0x0e0c  viaide - ok
19:46:57.0884 0x0e0c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:46:57.0884 0x0e0c  volmgr - ok
19:46:57.0915 0x0e0c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:46:57.0930 0x0e0c  volmgrx - ok
19:46:57.0977 0x0e0c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:46:57.0993 0x0e0c  volsnap - ok
19:46:58.0040 0x0e0c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:46:58.0040 0x0e0c  vsmraid - ok
19:46:58.0118 0x0e0c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:46:58.0211 0x0e0c  VSS - ok
19:46:58.0227 0x0e0c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:46:58.0242 0x0e0c  vwifibus - ok
19:46:58.0274 0x0e0c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:46:58.0289 0x0e0c  vwififlt - ok
19:46:58.0320 0x0e0c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:46:58.0336 0x0e0c  vwifimp - ok
19:46:58.0367 0x0e0c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:46:58.0430 0x0e0c  W32Time - ok
19:46:58.0461 0x0e0c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:46:58.0492 0x0e0c  WacomPen - ok
19:46:58.0523 0x0e0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:46:58.0570 0x0e0c  WANARP - ok
19:46:58.0586 0x0e0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:46:58.0617 0x0e0c  Wanarpv6 - ok
19:46:58.0679 0x0e0c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:46:58.0726 0x0e0c  WatAdminSvc - ok
19:46:58.0788 0x0e0c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:46:58.0866 0x0e0c  wbengine - ok
19:46:58.0882 0x0e0c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:46:58.0898 0x0e0c  WbioSrvc - ok
19:46:58.0929 0x0e0c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:46:58.0960 0x0e0c  wcncsvc - ok
19:46:58.0976 0x0e0c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:46:59.0022 0x0e0c  WcsPlugInService - ok
19:46:59.0038 0x0e0c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
19:46:59.0054 0x0e0c  Wd - ok
19:46:59.0116 0x0e0c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:46:59.0132 0x0e0c  Wdf01000 - ok
19:46:59.0163 0x0e0c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:46:59.0194 0x0e0c  WdiServiceHost - ok
19:46:59.0194 0x0e0c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:46:59.0210 0x0e0c  WdiSystemHost - ok
19:46:59.0241 0x0e0c  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
19:46:59.0272 0x0e0c  WebClient - ok
19:46:59.0303 0x0e0c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:46:59.0366 0x0e0c  Wecsvc - ok
19:46:59.0397 0x0e0c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:46:59.0428 0x0e0c  wercplsupport - ok
19:46:59.0459 0x0e0c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:46:59.0506 0x0e0c  WerSvc - ok
19:46:59.0537 0x0e0c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:46:59.0584 0x0e0c  WfpLwf - ok
19:46:59.0600 0x0e0c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:46:59.0615 0x0e0c  WIMMount - ok
19:46:59.0646 0x0e0c  WinDefend - ok
19:46:59.0662 0x0e0c  WinHttpAutoProxySvc - ok
19:46:59.0724 0x0e0c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:46:59.0771 0x0e0c  Winmgmt - ok
19:46:59.0834 0x0e0c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
19:46:59.0958 0x0e0c  WinRM - ok
19:47:00.0021 0x0e0c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
19:47:00.0036 0x0e0c  WinUsb - ok
19:47:00.0083 0x0e0c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:47:00.0146 0x0e0c  Wlansvc - ok
19:47:00.0177 0x0e0c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:47:00.0192 0x0e0c  WmiAcpi - ok
19:47:00.0239 0x0e0c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:47:00.0270 0x0e0c  wmiApSrv - ok
19:47:00.0302 0x0e0c  WMPNetworkSvc - ok
19:47:00.0333 0x0e0c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:47:00.0364 0x0e0c  WPCSvc - ok
19:47:00.0364 0x0e0c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:47:00.0395 0x0e0c  WPDBusEnum - ok
19:47:00.0426 0x0e0c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:47:00.0489 0x0e0c  ws2ifsl - ok
19:47:00.0520 0x0e0c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
19:47:00.0536 0x0e0c  wscsvc - ok
19:47:00.0551 0x0e0c  WSearch - ok
19:47:00.0645 0x0e0c  [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:47:00.0754 0x0e0c  wuauserv - ok
19:47:00.0785 0x0e0c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:47:00.0848 0x0e0c  WudfPf - ok
19:47:00.0894 0x0e0c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:47:00.0941 0x0e0c  WUDFRd - ok
19:47:00.0972 0x0e0c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:47:01.0004 0x0e0c  wudfsvc - ok
19:47:01.0050 0x0e0c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:47:01.0082 0x0e0c  WwanSvc - ok
19:47:01.0253 0x0e0c  [ 51842449D6076C512D626C77E2665167, 2409BDEE5F607DE651A190C3DFAAB8EE0EEF18F04E6B2F34A7FF855021D5ED66 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
19:47:01.0347 0x0e0c  ZeroConfigService - ok
19:47:01.0362 0x0e0c  ================ Scan global ===============================
19:47:01.0394 0x0e0c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
19:47:01.0425 0x0e0c  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
19:47:01.0440 0x0e0c  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
19:47:01.0456 0x0e0c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:47:01.0487 0x0e0c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
19:47:01.0487 0x0e0c  [ Global ] - ok
19:47:01.0487 0x0e0c  ================ Scan MBR ==================================
19:47:01.0503 0x0e0c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:47:01.0971 0x0e0c  \Device\Harddisk0\DR0 - ok
19:47:01.0971 0x0e0c  ================ Scan VBR ==================================
19:47:01.0971 0x0e0c  [ 947D2E1D86038C7B505E12D5CE3EFA54 ] \Device\Harddisk0\DR0\Partition1
19:47:01.0971 0x0e0c  \Device\Harddisk0\DR0\Partition1 - ok
19:47:01.0971 0x0e0c  [ 1F66840C6053E91C5B50ED9C933A3E36 ] \Device\Harddisk0\DR0\Partition2
19:47:01.0971 0x0e0c  \Device\Harddisk0\DR0\Partition2 - ok
19:47:01.0971 0x0e0c  ================ Scan generic autorun ======================
19:47:02.0033 0x0e0c  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe
19:47:02.0080 0x0e0c  MSC - ok
19:47:02.0080 0x0e0c  Sidebar - ok
19:47:02.0080 0x0e0c  Waiting for KSN requests completion. In queue: 27
19:47:03.0094 0x0e0c  Waiting for KSN requests completion. In queue: 27
19:47:04.0108 0x0e0c  Waiting for KSN requests completion. In queue: 27
19:47:05.0122 0x0e0c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
19:47:05.0184 0x0e0c  Win FW state via NFP2: enabled ( trusted )
19:47:07.0805 0x0e0c  ============================================================
19:47:07.0805 0x0e0c  Scan finished
19:47:07.0805 0x0e0c  ============================================================
19:47:07.0805 0x06fc  Detected object count: 0
19:47:07.0805 0x06fc  Actual detected object count: 0
19:50:36.0612 0x08c0  Deinitialize success

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

EmptyTemp: => 154.7 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 11:17:36 ====

 

 

 

mbam log:  (didn't detect anything)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/12/2015
Scan Time: 11:33 AM
Logfile: 121215 mbamlog.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.12.05
Rootkit Database: v2015.12.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: YoMama

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368499
Time Elapsed: 18 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

By the way, I don't use my laptop as most people do, in that I don't do any social media, nor do I access it remotely for any reason.  The majority of the my use is restricted to checking my Outlook acct (although I haven't been able to do that lately with the website saying I had to allow cookies and my setting showing that cookies were allowed), looking things up on Google and scanning and working on my photographs.  Any services or apps that have to do with Bluetooth, remote access or anything similar should be disabled.



#7 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 13 December 2015 - 12:58 PM

Hi whosyodaddy,

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

===================================================
Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

=========================================================================
Things I would like to see in your next reply. :thumbup2:

  • Eset report
  • Emsisoft report

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 whosyodaddy

whosyodaddy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 13 December 2015 - 01:59 PM

Before we go further, I wanted to let you know that, in the past, he has set up a VPN connection on my old laptop to run all of my Internet activity through a server at his house.  So, if we can check that possibility as well, I'd appreciate it.  If you can tell from the scans we've done already, please point that out to me so I will know what to look for in the future.  Thank you.
 
Emsisoft results:

 

Emsisoft Emergency Kit - Version 10.0
Last update: 12/13/2015 10:44:57 AM
User account: YoMama-PC\YoMama

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    12/13/2015 10:48:09 AM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    69681
Found    1

Scan end:    12/13/2015 10:51:24 AM
Scan time:    0:03:15

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)

Quarantined    1
 

I will post the next scan results shortly.



#9 whosyodaddy

whosyodaddy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 13 December 2015 - 03:00 PM

Here is the ESETscan results:

 

C:\Users\YoMama\Downloads\ccsetup508.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\YoMama\Downloads\ccsetup510.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\YoMama\Downloads\ccsetup511.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\YoMama\Downloads\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 



#10 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 13 December 2015 - 03:13 PM

Hi whosyodaddy,

Before we go further, I wanted to let you know that, in the past, he has set up a VPN connection on my old laptop to run all of my Internet activity through a server at his house.  So, if we can check that possibility as well, I'd appreciate it.

I do not see the VPN information in the system already.
No problem.

=================================================

The software version can be changed.

 

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.

1406373241-3-o.png


Once the above is done, go to Step 4 and allow it to run System File Check by clicking on the Do It button.

1406373250-4-o.png


Go to Step 5 and under"System Restore" click on Create button.

1406373259-5-o.png


Go to Start Repairs tab and click the Start button.

1406373267-start1-o.png


Leave the check marks as they are.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start Repairs button.

1406373275-start2-o.png


After the repair finished, you may be prompted to restart the computer. Please allow it to do so.

Please post the Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 whosyodaddy

whosyodaddy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 13 December 2015 - 03:35 PM

My version doesn't show the same window as yours, nor the option to "Do It" when it found errors.  See attached ....
 

Attached Files



#12 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 13 December 2015 - 04:09 PM

Okay.

 

System File Check
          For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"

Within the opening window, write the following:

sfc /scannow

(See the blank within)

  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 whosyodaddy

whosyodaddy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 13 December 2015 - 05:34 PM

I read through the numerous other logs produced and in the "Drive C Permissions Error Log" it shows over a full page of items where "Access Denied" is listed after each item.  This is just one example of what these logs produced that seem a bit concerning to me.  Are these other logs even looked at, or read??

 

windows repair log:

 

Tweaking.com - Windows Repair v3.7.1
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: YOMAMA-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\YoMama
Current Profile SID: S-1-5-21-673365390-293152479-3159748500-1000
Current Profile Classes: S-1-5-21-673365390-293152479-3159748500-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\YoMama\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:41:18

Process Count: 40
Commit Total: 1.48 GB
Commit Limit: 11.83 GB
Commit Peak: 1.59 GB
Handle Count: 11295
Kernel Total: 318.92 MB
Kernel Paged: 259.21 MB
Kernel Non Paged: 59.71 MB
System Cache: 2.61 GB
Thread Count: 479
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.92 GB
Memory Used: 1.53 GB(25.802%)
Memory Avail.: 4.39 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.92 GB
Memory Used: 1.31 GB(22.069%)
Memory Avail.: 4.61 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (12/13/2015 1:21:17 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 42
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (12/13/2015 1:21:21 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hku.7z
Done,  0.22 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hklm.7z
Done,  1.91 seconds.

   Running Repair Under System Account
   Done (12/13/2015 1:24:42 PM)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (12/13/2015 1:24:42 PM)

   Running Repair Under Current User Account
   Done (12/13/2015 1:30:34 PM)

02 - Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (12/13/2015 1:30:34 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\default.7z
Done,  0.19 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\profile.7z
Done,  0.18 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\program_files.7z
Done,  0.19 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\program_files_x86.7z
Done,  0.17 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\programdata.7z
Done,  0.17 seconds.

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\windows.7z
Done,  1.6 seconds.

   Running Repair Under Current User Account
   Done (12/13/2015 1:34:01 PM)

02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (12/13/2015 1:34:01 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:34:05 PM)

03 - Reset Service Permissions
   Start (12/13/2015 1:34:05 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:35:37 PM)

04 - Register System Files
   Start (12/13/2015 1:35:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:36:33 PM)

05 - Repair WMI
   Start (12/13/2015 1:36:33 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Microsoft Security Essentials Exported.

   Exporting AntiSpyware Info...
   Microsoft Security Essentials Exported.
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (12/13/2015 1:40:03 PM)

06 - Repair Windows Firewall
   Start (12/13/2015 1:40:03 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.19 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:40:24 PM)

07 - Repair Internet Explorer
   Start (12/13/2015 1:40:24 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:40:51 PM)

08 - Repair MDAC/MS Jet
   Start (12/13/2015 1:40:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:40:59 PM)

09 - Repair Hosts File
   Start (12/13/2015 1:40:59 PM)
   Running Repair Under System Account
   Done (12/13/2015 1:41:00 PM)

10 - Remove Policies Set By Infections
   Start (12/13/2015 1:41:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:41:04 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (12/13/2015 1:41:04 PM)
   Running Repair Under System Account
   Done (12/13/2015 1:41:06 PM)

12 - Repair Icons
   Start (12/13/2015 1:41:06 PM)
   Running Repair Under Current User Account
   Done (12/13/2015 1:41:07 PM)

13 - Repair Network
   Start (12/13/2015 1:41:08 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.2 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:41:33 PM)

14 - Remove Temp Files
   Start (12/13/2015 1:41:34 PM)
   Running Repair Under System Account
   Done (12/13/2015 1:41:36 PM)

15 - Repair Proxy Settings
   Start (12/13/2015 1:41:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:41:38 PM)

16 - Unhide Non System Files
   Start (12/13/2015 1:41:38 PM)
   C:\ - Total Files Unhidden: 904 out of 156403 searched. - Check Unhidden_Files.txt for list of files unhidden
   Done (12/13/2015 1:41:46 PM)

17 - Repair Windows Updates
   Start (12/13/2015 1:41:46 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.17 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (12/13/2015 1:42:23 PM)

18 - Repair CD/DVD Missing/Not Working
   Start (12/13/2015 1:42:23 PM)
   iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
   Done (12/13/2015 1:42:23 PM)

19 - Repair Volume Shadow Copy Service
   Start (12/13/2015 1:42:24 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.2 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:42:47 PM)

20 - Repair Windows Sidebar/Gadgets
   Start (12/13/2015 1:42:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:42:51 PM)

21 - Repair MSI (Windows Installer)
   Start (12/13/2015 1:42:51 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.19 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:06 PM)

22 - Repair Windows Snipping Tool
   Start (12/13/2015 1:43:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:09 PM)

23.01 - Repair bat Association
   Start (12/13/2015 1:43:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:12 PM)

23.02 - Repair cmd Association
   Start (12/13/2015 1:43:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:14 PM)

23.03 - Repair com Association
   Start (12/13/2015 1:43:14 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:16 PM)

23.04 - Repair Directory Association
   Start (12/13/2015 1:43:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:19 PM)

23.05 - Repair Drive Association
   Start (12/13/2015 1:43:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:21 PM)

23.06 - Repair exe Association
   Start (12/13/2015 1:43:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:23 PM)

23.07 - Repair Folder Association
   Start (12/13/2015 1:43:23 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:25 PM)

23.08 - Repair inf Association
   Start (12/13/2015 1:43:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:28 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (12/13/2015 1:43:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:31 PM)

23.10 - Repair msc Association
   Start (12/13/2015 1:43:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:33 PM)

23.11 - Repair reg Association
   Start (12/13/2015 1:43:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:35 PM)

23.12 - Repair scr Association
   Start (12/13/2015 1:43:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:38 PM)

24 - Repair Windows Safe Mode
   Start (12/13/2015 1:43:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:40 PM)

25 - Repair Print Spooler
   Start (12/13/2015 1:43:40 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.2 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:43:48 PM)

26 - Restore Important Windows Services
   Start (12/13/2015 1:43:48 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0.19 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:44:00 PM)

27 - Set Windows Services To Default Startup
   Start (12/13/2015 1:44:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:44:20 PM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601

31 - Repair Windows 'New' Submenu
   Start (12/13/2015 1:44:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:44:23 PM)

32 - Restore UAC (User Account Control) Settings
   Start (12/13/2015 1:44:23 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/13/2015 1:44:26 PM)

33 - Repair Performance Counters
   Start (12/13/2015 1:44:26 PM)
   Running Repair Under Current User Account
   Done (12/13/2015 1:44:38 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (12/13/2015 1:44:38 PM)
   Total Repair Time: 00:23:22

...YOU MUST RESTART YOUR SYSTEM...



#14 whosyodaddy

whosyodaddy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 13 December 2015 - 05:39 PM

One other thing:  I had disabled the 6to4, isatap and teredo adapters because I do not need them.  The same goes for a some of the Windows services, such as the print spooler (don't have a printer), Remote Desktop Connection/Connection Manager (will never access my desktop remotely, not allow anyone else to do so), Secondary Logon, etc. Seeing one of the logs mention that Windows services were reset to "default", I'm assuming, means that I need to go back into services and disable all of those that I had disabled previously, correct?



#15 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 13 December 2015 - 06:14 PM

Seeing one of the logs mention that Windows services were reset to "default", I'm assuming, means that I need to go back into services and disable all of those that I had disabled previously, correct?

You should not  make yourself such transactions.

=============================================

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users