Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware taken out wireless internet [Solved]

Started by Jan1959 , Dec 22 2013 07:53 AM

  • This topic is locked This topic is locked

#46
Jan1959
Posted 05 January 2014 - 12:27 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Please find logs posted below.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Adam (administrator) on ADAMS-PC on 05-01-2014 18:22:09
Running from C:\Users\Adam\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-13] (AVAST Software)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-02-16] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [230696 2012-02-16] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.co...=FTSG&bmod=FTSG
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

Chrome:
=======
CHR HomePage: https://plus.google.com/u/0/
CHR RestoreOnStartup: "https://plus.google.com/u/0/"
CHR DefaultSearchKeyword: http://www.google.co.uk/ig___
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-13] (AVAST Software)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-09] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-25] ()
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S0 RapportKE64; System32\Drivers\RapportKE64.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-05 18:22 - 2014-01-05 18:22 - 00010284 _____ C:\Users\Adam\Desktop\FRST.txt
2014-01-05 18:21 - 2014-01-05 18:21 - 00000000 ____D C:\FRST
2014-01-05 18:20 - 2014-01-05 18:20 - 01931368 _____ (Farbar) C:\Users\Adam\Desktop\FRST64.exe
2014-01-04 10:13 - 2014-01-04 10:13 - 00671232 _____ C:\Users\Adam\Desktop\MicrosoftFixit50688.msi
2014-01-02 17:24 - 2014-01-02 17:24 - 00760063 _____ (Farbar) C:\Users\Adam\Desktop\MiniToolBox.exe
2014-01-02 17:19 - 2014-01-02 17:19 - 00017183 _____ C:\ComboFix.txt
2014-01-02 17:10 - 2014-01-02 17:19 - 00000000 ____D C:\Qoobox
2014-01-02 17:10 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-02 17:10 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-02 17:10 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-02 17:10 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-02 17:10 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-02 17:10 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-02 17:10 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-02 17:10 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-02 17:09 - 2014-01-02 17:17 - 00000000 ____D C:\Windows\erdnt
2014-01-02 17:08 - 2014-01-02 17:08 - 05160282 ____R (Swearware) C:\Users\Adam\Desktop\ComboFix.exe
2014-01-02 07:08 - 2014-01-02 07:08 - 00798976 _____ C:\Windows\Minidump\010214-17440-01.dmp
2014-01-01 10:54 - 2014-01-01 10:54 - 00708597 _____ (Farbar) C:\Users\Adam\Desktop\FSS.exe
2014-01-01 09:28 - 2014-01-01 09:28 - 02347384 _____ (ESET) C:\Users\Adam\Desktop\esetsmartinstaller_enu.exe
2013-12-30 22:47 - 2013-12-30 22:47 - 00197679 _____ C:\Users\Adam\Desktop\ListChkdskResult.exe
2013-12-30 08:23 - 2013-12-30 08:23 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2013-12-29 19:50 - 2013-12-29 19:50 - 01233962 _____ C:\Users\Adam\Desktop\AdwCleaner.exe
2013-12-29 19:28 - 2013-12-29 19:28 - 04745728 _____ (AVAST Software) C:\Users\Adam\Desktop\aswmbr.exe
2013-12-29 18:00 - 2013-12-29 18:00 - 00000000 ____D C:\_OTL
2013-12-29 17:42 - 2014-01-04 17:57 - 00002672 _____ C:\Windows\PFRO.log
2013-12-28 19:10 - 2013-12-28 19:10 - 00468480 _____ () C:\Users\Adam\Downloads\CKScanner.exe
2013-12-25 11:02 - 2014-01-02 07:08 - 446798112 _____ C:\Windows\MEMORY.DMP
2013-12-25 11:02 - 2013-12-25 11:03 - 00800792 _____ C:\Windows\Minidump\122513-23275-01.dmp
2013-12-22 13:08 - 2013-12-22 13:08 - 00602112 _____ (OldTimer Tools) C:\Users\Adam\Desktop\OTL.exe
2013-12-14 22:20 - 2013-11-26 11:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 22:20 - 2013-11-26 10:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 22:20 - 2013-11-26 10:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 22:20 - 2013-11-26 10:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 22:20 - 2013-11-26 09:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 22:20 - 2013-11-26 09:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 22:20 - 2013-11-26 09:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 22:20 - 2013-11-26 09:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 22:20 - 2013-11-26 09:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 22:20 - 2013-11-26 09:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 22:20 - 2013-11-26 09:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 22:20 - 2013-11-26 09:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 22:20 - 2013-11-26 09:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 22:20 - 2013-11-26 09:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 22:20 - 2013-11-26 08:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 22:20 - 2013-11-26 08:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 22:20 - 2013-11-26 08:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 22:20 - 2013-11-26 08:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 22:20 - 2013-11-26 08:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 22:20 - 2013-11-26 08:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 22:20 - 2013-11-26 08:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 22:20 - 2013-11-26 08:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 22:20 - 2013-11-26 07:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 22:20 - 2013-11-26 07:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 22:20 - 2013-11-26 07:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 22:20 - 2013-11-26 07:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 22:20 - 2013-11-26 06:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 22:20 - 2013-11-26 06:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 22:20 - 2013-11-26 06:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 22:20 - 2013-11-26 06:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 22:20 - 2013-11-26 06:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 20:26 - 2013-12-14 20:26 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 20:18 - 2013-12-14 20:18 - 01226802 _____ C:\Users\Adam\Downloads\AdwCleaner.exe
2013-12-14 17:56 - 2014-01-05 18:18 - 00366788 _____ C:\Windows\WindowsUpdate.log
2013-12-14 17:53 - 2014-01-05 12:03 - 00003764 _____ C:\Windows\setupact.log
2013-12-14 17:53 - 2013-12-14 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-12-13 10:05 - 2013-12-13 10:05 - 00003148 _____ C:\Windows\System32\Tasks\{334BAF75-174A-4C5A-A3F0-FCCFB1F13006}
2013-12-13 10:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-13 10:01 - 2013-12-13 10:02 - 18101704 _____ (Adobe Systems Inc.) C:\Users\Adam\Downloads\AdobeAIRInstaller (1).exe
2013-12-13 10:01 - 2013-12-13 10:01 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-13 10:01 - 2013-12-13 10:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-13 10:01 - 2013-12-13 10:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-13 10:01 - 2013-12-13 10:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-13 10:01 - 2013-12-13 10:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-13 10:01 - 2013-12-13 10:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-13 10:01 - 2013-12-13 10:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-12 12:01 - 2013-05-10 05:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 12:01 - 2013-05-10 05:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 12:01 - 2013-05-10 04:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 12:01 - 2013-05-10 04:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 08:39 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 08:39 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 08:38 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 08:38 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 08:38 - 2013-11-12 02:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 08:38 - 2013-11-12 02:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 08:38 - 2013-10-30 01:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 08:38 - 2013-10-19 02:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 08:38 - 2013-10-19 01:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 08:38 - 2013-10-12 02:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 08:38 - 2013-10-12 02:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 08:38 - 2013-10-12 02:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 08:38 - 2013-10-12 02:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 08:38 - 2013-10-12 01:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 08:38 - 2013-10-12 01:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 08:38 - 2013-10-12 01:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 08:38 - 2013-10-12 01:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 08:38 - 2013-10-04 02:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 08:38 - 2013-10-04 01:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-05 18:22 - 2014-01-05 18:22 - 00010284 _____ C:\Users\Adam\Desktop\FRST.txt
2014-01-05 18:21 - 2014-01-05 18:21 - 00000000 ____D C:\FRST
2014-01-05 18:20 - 2014-01-05 18:20 - 01931368 _____ (Farbar) C:\Users\Adam\Desktop\FRST64.exe
2014-01-05 18:18 - 2013-12-14 17:56 - 00366788 _____ C:\Windows\WindowsUpdate.log
2014-01-05 18:16 - 2013-07-07 15:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 18:16 - 2013-07-07 15:38 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 18:16 - 2012-04-06 13:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-05 12:42 - 2009-07-14 04:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 12:42 - 2009-07-14 04:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 12:03 - 2013-12-14 17:53 - 00003764 _____ C:\Windows\setupact.log
2014-01-05 12:03 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 11:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-05 09:44 - 2012-07-10 19:59 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-04 17:57 - 2013-12-29 17:42 - 00002672 _____ C:\Windows\PFRO.log
2014-01-04 10:13 - 2014-01-04 10:13 - 00671232 _____ C:\Users\Adam\Desktop\MicrosoftFixit50688.msi
2014-01-02 17:24 - 2014-01-02 17:24 - 00760063 _____ (Farbar) C:\Users\Adam\Desktop\MiniToolBox.exe
2014-01-02 17:19 - 2014-01-02 17:19 - 00017183 _____ C:\ComboFix.txt
2014-01-02 17:19 - 2014-01-02 17:10 - 00000000 ____D C:\Qoobox
2014-01-02 17:19 - 2011-11-07 10:03 - 00000000 ____D C:\Users\TxR
2014-01-02 17:19 - 2011-11-07 10:03 - 00000000 ____D C:\Users\systemprofile
2014-01-02 17:19 - 2011-11-07 10:03 - 00000000 ____D C:\Users\RegBack
2014-01-02 17:19 - 2011-11-07 10:03 - 00000000 ____D C:\Users\Journal
2014-01-02 17:19 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Default
2014-01-02 17:17 - 2014-01-02 17:09 - 00000000 ____D C:\Windows\erdnt
2014-01-02 17:17 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini
2014-01-02 17:08 - 2014-01-02 17:08 - 05160282 ____R (Swearware) C:\Users\Adam\Desktop\ComboFix.exe
2014-01-02 07:08 - 2014-01-02 07:08 - 00798976 _____ C:\Windows\Minidump\010214-17440-01.dmp
2014-01-02 07:08 - 2013-12-25 11:02 - 446798112 _____ C:\Windows\MEMORY.DMP
2014-01-02 07:08 - 2012-03-20 11:15 - 00000000 ____D C:\Windows\Minidump
2014-01-01 10:54 - 2014-01-01 10:54 - 00708597 _____ (Farbar) C:\Users\Adam\Desktop\FSS.exe
2014-01-01 09:28 - 2014-01-01 09:28 - 02347384 _____ (ESET) C:\Users\Adam\Desktop\esetsmartinstaller_enu.exe
2014-01-01 09:26 - 2009-07-14 05:13 - 00783360 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 22:47 - 2013-12-30 22:47 - 00197679 _____ C:\Users\Adam\Desktop\ListChkdskResult.exe
2013-12-30 08:23 - 2013-12-30 08:23 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2013-12-29 19:52 - 2013-10-25 09:33 - 00000000 ____D C:\AdwCleaner
2013-12-29 19:50 - 2013-12-29 19:50 - 01233962 _____ C:\Users\Adam\Desktop\AdwCleaner.exe
2013-12-29 19:28 - 2013-12-29 19:28 - 04745728 _____ (AVAST Software) C:\Users\Adam\Desktop\aswmbr.exe
2013-12-29 18:00 - 2013-12-29 18:00 - 00000000 ____D C:\_OTL
2013-12-29 07:51 - 2011-11-09 21:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-29 07:51 - 2011-11-07 10:01 - 00000000 ____D C:\ProgramData\Adobe
2013-12-29 07:46 - 2011-11-21 20:22 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-29 07:45 - 2011-11-21 20:26 - 00000000 ____D C:\Program Files\Adobe
2013-12-28 19:10 - 2013-12-28 19:10 - 00468480 _____ () C:\Users\Adam\Downloads\CKScanner.exe
2013-12-28 11:53 - 2011-11-07 18:35 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-12-25 11:03 - 2013-12-25 11:02 - 00800792 _____ C:\Windows\Minidump\122513-23275-01.dmp
2013-12-22 13:08 - 2013-12-22 13:08 - 00602112 _____ (OldTimer Tools) C:\Users\Adam\Desktop\OTL.exe
2013-12-14 21:02 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-14 20:56 - 2011-11-07 10:11 - 00000000 ___RD C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-14 20:30 - 2011-02-14 12:43 - 00000000 ____D C:\Windows\Panther
2013-12-14 20:26 - 2013-12-14 20:26 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 20:26 - 2012-06-27 09:30 - 00000000 ____D C:\Program Files\CCleaner
2013-12-14 20:18 - 2013-12-14 20:18 - 01226802 _____ C:\Users\Adam\Downloads\AdwCleaner.exe
2013-12-14 20:03 - 2013-03-20 13:45 - 00000000 ____D C:\Users\Adam\Documents\My Stuff
2013-12-14 17:53 - 2013-12-14 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-12-13 12:06 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 10:08 - 2011-11-07 10:11 - 00001419 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-13 10:05 - 2013-12-13 10:05 - 00003148 _____ C:\Windows\System32\Tasks\{334BAF75-174A-4C5A-A3F0-FCCFB1F13006}
2013-12-13 10:05 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-13 10:02 - 2013-12-13 10:01 - 18101704 _____ (Adobe Systems Inc.) C:\Users\Adam\Downloads\AdobeAIRInstaller (1).exe
2013-12-13 10:01 - 2013-12-13 10:01 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-13 10:01 - 2013-12-13 10:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-13 10:01 - 2013-12-13 10:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-13 10:01 - 2013-12-13 10:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-13 10:01 - 2013-12-13 10:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-13 10:01 - 2013-12-13 10:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-13 10:01 - 2013-12-13 10:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-13 10:01 - 2013-12-13 10:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-13 10:01 - 2013-12-13 10:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-13 09:01 - 2011-04-16 10:56 - 00767670 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-13 08:55 - 2013-07-24 06:17 - 00000000 ____D C:\Windows\system32\MRT
2013-12-13 08:53 - 2011-11-29 10:09 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 18:53 - 2013-04-14 10:32 - 04826928 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 18:53 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 10:23 - 2012-04-06 13:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-12 10:23 - 2012-04-06 13:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-12 10:23 - 2011-11-08 21:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 20:48 - 2011-11-11 20:44 - 00000000 ____D C:\Users\Adam\AppData\Roaming\SoftGrid Client
2013-12-11 20:24 - 2011-11-07 10:03 - 00000000 ____D C:\Users\Adam
2013-12-11 20:23 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2013-12-11 20:23 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-11 20:23 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-11 13:38 - 2013-03-29 20:29 - 02573332 _____ C:\Users\Adam\Documents\Hobbies & Interests Information 2.xlsx
2013-12-10 17:21 - 2013-04-02 19:13 - 00097948 _____ C:\Users\Adam\Documents\E-Menu Book.xlsx
2013-12-09 09:05 - 2011-12-05 21:15 - 00000000 ____D C:\Users\Adam\AppData\Roaming\U3
2013-12-07 14:03 - 2013-07-07 15:38 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-07 14:03 - 2013-07-07 15:38 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 00:03

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by Adam at 2014-01-05 18:22:45
Running from C:\Users\Adam\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133 - Adobe Systems, Inc.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (x32 Version: 9.0.2008 - Avast Software)
Bluetooth Feature Pack 5.0 (Version: 5.0.14 - CSR Plc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (x32 Version: - )
Canon Easy-WebPrint EX (x32 Version: - )
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9 - Canon Inc.)
Canon MG5100 series MP Drivers (Version: - )
Canon MG5100 series User Registration (x32 Version: - )
Canon MOV Decoder (x32 Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (x32 Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4 - Canon Inc.)
Canon MP Navigator EX 4.0 (x32 Version: - )
Canon My Printer (x32 Version: - )
Canon Solution Menu EX (x32 Version: - )
Canon Utilities Digital Photo Professional 3.10 (x32 Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (x32 Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (x32 Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (x32 Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9 - Canon Inc.)
CCleaner (Version: 4.08 - Piriform)
CivCity (x32 Version: 1.10.0000 - Firefly Studios)
CyberLink YouCam (x32 Version: 3.1.5016 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.5016 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate (x32 Version: 4.14.0118 - Fujitsu Technology Solutions)
Dungeon Siege 2 (x32 Version: - Microsoft)
eBay (x32 Version: 1.0.1 - eBay Inc.)
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Display Manager (x32 Version: - )
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (x32 Version: - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (x32 Version: - )
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Guild Wars (x32 Version: - )
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2025 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
LifeBook Application Panel (x32 Version: - )
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Plugfree NETWORK (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Power Saving Utility (x32 Version: - )
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 (x32 Version: - Atari)
Shockwave (x32 Version: - )
Skype™ 6.1 (x32 Version: 6.1.129 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 14.0.10.0 - Synaptics Incorporated)
Test Your Aptitude (x32 Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

28-12-2013 10:45:31 Windows Update
29-12-2013 07:49:29 Removed Adobe Community Help
29-12-2013 07:50:00 Removed Adobe Media Player
29-12-2013 07:50:43 Removed Adobe Reader X (10.1.8).
29-12-2013 19:15:37 OTL Restore Point - 12/29/2013 7:15:33 PM
01-01-2014 09:26:31 Windows Update
01-01-2014 16:25:09 OTL Restore Point - 1/1/2014 4:25:05 PM
03-01-2014 09:07:51 OTL Restore Point - 1/3/2014 9:07:47 AM
04-01-2014 10:13:51 Installed Microsoft Fix it 50688
04-01-2014 10:17:16 OTL Restore Point - 1/4/2014 10:17:16 AM

==================== Hosts content: ==========================

2011-11-21 20:14 - 2013-12-29 19:16 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1092A725-B420-47B1-95EB-BD3CD194B1D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: {34951F75-68C6-488E-A6BE-0C28A42DEB49} - System32\Tasks\AdobeAAMUpdater-1.0-Adams-PC-Adam => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {383C3B50-2D52-43F2-8118-7E3A2FDCD7A8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {547AF9DF-6E22-40C9-9145-199D38205276} - \DSite No Task File
Task: {6610EF6E-0CD9-4EB7-A31F-218A6628706C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-13] (AVAST Software)
Task: {77AB11CC-C696-465D-B035-D19859344F63} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {895C0A76-84C5-4E60-80DD-68C6B20F5FF8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9F3F826A-25EB-4EF0-811F-84FF4C3AE364} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: {A9B3526F-C094-45BA-80DF-61B14C801098} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E86E59A3-F078-45CE-80EC-6CAAB7E74D6F} - System32\Tasks\Fujitsu\DeskUpdate => C:\Fujitsu\Programs\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-05 18:18 - 2014-01-05 09:48 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\14010500\algo.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-25 11:20 - 2013-10-25 11:20 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Atheros AR9285 Wireless Network Adapter
Description: Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2014 00:41:46 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (01/05/2014 11:59:30 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (01/05/2014 11:13:36 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (01/05/2014 10:28:02 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (01/05/2014 10:11:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61168

Error: (01/05/2014 10:11:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61168

Error: (01/05/2014 10:11:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/05/2014 10:11:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60170

Error: (01/05/2014 10:11:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60170

Error: (01/05/2014 10:11:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/05/2014 00:03:38 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportKE64

Error: (01/05/2014 11:46:07 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportKE64

Error: (01/05/2014 11:41:32 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportKE64

Error: (01/05/2014 11:40:43 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:35:58 on ‎05/‎01/‎2014 was unexpected.

Error: (01/05/2014 11:34:47 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportKE64

Error: (01/05/2014 11:03:36 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportKE64

Error: (01/05/2014 10:54:40 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportKE64

Error: (01/05/2014 10:54:00 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:43:33 on ‎05/‎01/‎2014 was unexpected.

Error: (01/05/2014 10:43:02 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportKE64

Error: (01/05/2014 10:32:55 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportKE64


Microsoft Office Sessions:
=========================
Error: (01/05/2014 00:41:46 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (01/05/2014 11:59:30 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (01/05/2014 11:13:36 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (01/05/2014 10:28:02 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (01/05/2014 10:11:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61168

Error: (01/05/2014 10:11:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61168

Error: (01/05/2014 10:11:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/05/2014 10:11:42 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 60170

Error: (01/05/2014 10:11:42 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 60170

Error: (01/05/2014 10:11:42 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
Date: 2014-01-04 10:10:28.884
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-04 10:10:28.728
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-04 10:10:28.526
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-04 10:10:28.385
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-04 09:56:53.190
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-04 09:56:53.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-04 09:56:52.800
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-04 09:56:52.691
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-02 13:14:48.057
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-02 13:14:47.932
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 3892.55 MB
Available physical RAM: 2754.84 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 6525.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:463.76 GB) (Free:404.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B477DB1C)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=464 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

Advertisements

#47
godawgs
Posted 06 January 2014 - 02:12 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

I don't know if this will make any difference but the FRST scan shows a missing RapportKE64.sys driver that loads at boot up. Sometimes when a driver is set to load when the system boots up and the driver is missing it can cause issues with the system. I can't find anything where this can cause the intermittent adapter issues you are having, but it won't hurt to remove it from the boot up if the driver is no longer there.
The RapportKE64.sys driver is installed by Trusteer Rapport. Basically it is a fraud prevention software used for on line banking and other financial transactions.
I don't see the software installed anywhere in any of the logs, but I wanted to ask you if your son has ever done any online banking?
I also want to search for the driver file just to male sure it isn't on the system. If it can't be found we will remove it


Farbar Search

Close all open Windows and browsers
  • Right click the FRSR64.exe file and click Run as Administrator to run the tool.
  • When the tool opens click Yes to disclaimer.
  • In the Search box, type or Copy and Paste the following:
    RapportKE64.sys
  • Press Search button.
  • You will see a progress bar, then a message pops up indicating that the search is completed and the Search.txt log is saved in the same location where FRST.exe is located.
  • Please copy and paste it to your reply.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question
2. The Search.txt log
  • 0

#48
Jan1959
Posted 06 January 2014 - 02:32 AM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Yes he does use internet banking - the banks over here recommend installing Rapport.

Log below

Farbar Recovery Scan Tool (x64) Version: 05-01-2014
Ran by Adam at 2014-01-06 08:23:58
Running from C:\Users\Adam\Desktop
Boot Mode: Normal

================== Search: "RapportK64.sys" ===================

====== End Of Search ======
  • 0

#49
godawgs
Posted 06 January 2014 - 01:53 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Yes he does use internet banking - the banks over here recommend installing Rapport.

Well the driver is not on the system and I don't see any other evidence that Rapport is installed. We are gonna remove the request to load the driver at boot up. Your son may need to re-instll Rapport. He will need to talk to his banking service about that.


Farbar Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Download the attached fixlist.txt file and save it to the same location where the program is. (It should be the desktop) [attachment=68403:fixlist.txt]
  • Please re-open the Farbar Scan tool. To do that:
  • Right click the FRSTT64.exe file to run the program.
  • Press the Fix button just once and wait. The tool will make a log (Fixlog.txt). Please post it in your next reply.
    The Fixlog.txt file can also be found in the same location that the program was run from.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Fixlog.txt log
  • 0

#50
Jan1959
Posted 07 January 2014 - 02:45 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Hi,

Sorry about the delay in replying, I was called away unexpectedly.

Log below

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014
Ran by Adam at 2014-01-07 20:42:24 Run:1
Running from C:\Users\Adam\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S0 RapportKE64; System32\Drivers\RapportKE64.sys [x]
*****************

RapportKE64 => Service deleted successfully.

==== End of Fixlog ====
  • 0

#51
godawgs
Posted 07 January 2014 - 03:50 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
No problem. I just looked back through this topic and I didn't run a tool targeted at certain rootkits. I haven't done this cause I haven't seen anything in any of the logs that would require this. But in the spirit of thoroughness I want to run it. There have been other instances where nothing has shown in any logs but this tool found an infection. I don't believe we've missed anything, I just want to be sure.
This is the last scan I will run unless something is found.


Posted Image TDSSKiller

Please read carefully and follow these steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

OR

Click here to go to the TDSSKiller download page. Click tthe Download Now EXE Version button and save the tdsskiller.exe file to the desktop.

  • Double click the TDSSKiller.exe file to run the application

    Posted Image
  • Then click on Change parameters. A settings page will open.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The TDSSKiller log
  • 0

#52
Jan1959
Posted 08 January 2014 - 02:30 AM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
The scan did find one thing but the cure option didn't come up - after I pressed skip it just went back to the start scan screen.

08:14:12.0880 0x0fa0 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
08:14:18.0420 0x0fa0 ============================================================
08:14:18.0420 0x0fa0 Current date / time: 2014/01/08 08:14:18.0420
08:14:18.0421 0x0fa0 SystemInfo:
08:14:18.0421 0x0fa0
08:14:18.0421 0x0fa0 OS Version: 6.1.7601 ServicePack: 1.0
08:14:18.0421 0x0fa0 Product type: Workstation
08:14:18.0421 0x0fa0 ComputerName: ADAMS-PC
08:14:18.0421 0x0fa0 UserName: Adam
08:14:18.0421 0x0fa0 Windows directory: C:\Windows
08:14:18.0421 0x0fa0 System windows directory: C:\Windows
08:14:18.0421 0x0fa0 Running under WOW64
08:14:18.0421 0x0fa0 Processor architecture: Intel x64
08:14:18.0421 0x0fa0 Number of processors: 4
08:14:18.0421 0x0fa0 Page size: 0x1000
08:14:18.0421 0x0fa0 Boot type: Normal boot
08:14:18.0421 0x0fa0 ============================================================
08:14:18.0648 0x0fa0 KLMD registered as C:\Windows\system32\drivers\24844487.sys
08:14:18.0993 0x0fa0 System UUID: {FBF64805-5878-C223-6D37-2533C22CDEA8}
08:14:19.0714 0x0fa0 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:14:19.0718 0x0fa0 ============================================================
08:14:19.0718 0x0fa0 \Device\Harddisk0\DR0:
08:14:19.0719 0x0fa0 MBR partitions:
08:14:19.0719 0x0fa0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x401000, BlocksNum 0x39F84830
08:14:19.0719 0x0fa0 ============================================================
08:14:19.0750 0x0fa0 C: <-> \Device\Harddisk0\DR0\Partition1
08:14:19.0750 0x0fa0 ============================================================
08:14:19.0750 0x0fa0 Initialize success
08:14:19.0750 0x0fa0 ============================================================
08:14:59.0233 0x0714 ============================================================
08:14:59.0233 0x0714 Scan started
08:14:59.0233 0x0714 Mode: Manual; SigCheck; TDLFS;
08:14:59.0233 0x0714 ============================================================
08:14:59.0233 0x0714 KSN ping started
08:15:12.0936 0x0714 KSN ping finished: true
08:15:13.0186 0x0714 ================ Scan system memory ========================
08:15:13.0186 0x0714 System memory - ok
08:15:13.0187 0x0714 ================ Scan services =============================
08:15:13.0926 0x0714 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:15:14.0242 0x0714 1394ohci - ok
08:15:14.0438 0x0714 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:15:14.0512 0x0714 ACPI - ok
08:15:14.0617 0x0714 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:15:14.0701 0x0714 AcpiPmi - ok
08:15:15.0352 0x0714 [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:15:15.0414 0x0714 AdobeFlashPlayerUpdateSvc - ok
08:15:15.0562 0x0714 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:15:15.0656 0x0714 adp94xx - ok
08:15:15.0767 0x0714 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:15:15.0825 0x0714 adpahci - ok
08:15:15.0941 0x0714 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:15:15.0976 0x0714 adpu320 - ok
08:15:16.0051 0x0714 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:15:16.0183 0x0714 AeLookupSvc - ok
08:15:16.0494 0x0714 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
08:15:16.0598 0x0714 AFD - ok
08:15:16.0676 0x0714 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
08:15:16.0705 0x0714 agp440 - ok
08:15:16.0820 0x0714 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
08:15:16.0902 0x0714 ALG - ok
08:15:16.0999 0x0714 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
08:15:17.0054 0x0714 aliide - ok
08:15:17.0140 0x0714 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
08:15:17.0197 0x0714 amdide - ok
08:15:17.0313 0x0714 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:15:17.0400 0x0714 AmdK8 - ok
08:15:17.0445 0x0714 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:15:17.0518 0x0714 AmdPPM - ok
08:15:17.0587 0x0714 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:15:17.0643 0x0714 amdsata - ok
08:15:17.0753 0x0714 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:15:17.0815 0x0714 amdsbs - ok
08:15:17.0833 0x0714 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:15:17.0851 0x0714 amdxata - ok
08:15:17.0899 0x0714 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
08:15:18.0019 0x0714 AppID - ok
08:15:18.0061 0x0714 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:15:18.0169 0x0714 AppIDSvc - ok
08:15:18.0253 0x0714 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
08:15:18.0315 0x0714 Appinfo - ok
08:15:18.0484 0x0714 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:15:18.0508 0x0714 Apple Mobile Device - ok
08:15:18.0697 0x0714 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
08:15:18.0726 0x0714 arc - ok
08:15:18.0808 0x0714 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:15:18.0862 0x0714 arcsas - ok
08:15:19.0138 0x0714 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:15:19.0200 0x0714 aspnet_state - ok
08:15:19.0392 0x0714 [ 9C2BEA3957EFFD45F352F0938DFB3721, 7006CC604C480CF512A29AD03BA17FFA564FDDF34CE768ACBD805611503D5012 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
08:15:19.0847 0x0714 aswMonFlt - ok
08:15:19.0964 0x0714 [ 679712B7A353EE665B9301592164A172, CA3C918106A355BAFD0833BB493DF2CCBC2D0F90CA7EBF5E27CC088C7170B0E0 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
08:15:19.0992 0x0714 aswRdr - ok
08:15:20.0033 0x0714 [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
08:15:20.0055 0x0714 aswRvrt - ok
08:15:20.0356 0x0714 [ 52B5F8FAF7E78C02D26B0B6E3A05F596, 7C45BA507529F822D4397BD5F001EC861C85E9CBB1F75927E48843B15D5C0B8E ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
08:15:20.0398 0x0714 aswSnx - ok
08:15:20.0529 0x0714 [ 251360C2FCA22BAFE0583314B3262F98, 1EB1B4620E3AFA8ACDDE5F1A6EC4AAEDD40AE2FC5C013AF1B13B03C4B60F6CEB ] aswSP C:\Windows\system32\drivers\aswSP.sys
08:15:20.0555 0x0714 aswSP - ok
08:15:20.0658 0x0714 [ AAB5F5336EDBB5D99CC7E1A9F4D8F63F, 01B40475DCA40E7B426DB0578A33DB62D62640F3A7F9F95A6BBF0AD3CF0F2941 ] aswStm C:\Windows\system32\drivers\aswStm.sys
08:15:20.0689 0x0714 aswStm - ok
08:15:20.0766 0x0714 [ 90399625F341AB76BA4B85A5E860EB1F, 92DD461B14240222F451F971642844A4DAD9DF4FFEAA8F12D16EA117822BEEF3 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
08:15:20.0808 0x0714 aswVmm - ok
08:15:20.0859 0x0714 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:15:21.0010 0x0714 AsyncMac - ok
08:15:21.0062 0x0714 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
08:15:21.0088 0x0714 atapi - ok
08:15:21.0342 0x0714 [ D6CAD7E5B05055BB8226BDCB1644DA27, 053DBE95BE044C2674825561619A188660865AFCC4FD3C1D1E4F08972F5CC8DF ] athr C:\Windows\system32\DRIVERS\athrx.sys
08:15:21.0565 0x0714 athr - ok
08:15:21.0710 0x0714 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:15:21.0881 0x0714 AudioEndpointBuilder - ok
08:15:21.0907 0x0714 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:15:21.0981 0x0714 AudioSrv - ok
08:15:22.0144 0x0714 [ D74884939D53612FD84AC82C59CCFE27, 07BFB34A3748E018C0A674A6253A03FFA522B31AE1942E84B3CC4DDDED9C16A9 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:15:22.0173 0x0714 avast! Antivirus - ok
08:15:22.0246 0x0714 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:15:22.0364 0x0714 AxInstSV - ok
08:15:22.0469 0x0714 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:15:22.0561 0x0714 b06bdrv - ok
08:15:22.0642 0x0714 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:15:22.0766 0x0714 b57nd60a - ok
08:15:22.0836 0x0714 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
08:15:22.0900 0x0714 BDESVC - ok
08:15:22.0958 0x0714 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
08:15:23.0071 0x0714 Beep - ok
08:15:23.0178 0x0714 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
08:15:23.0336 0x0714 BFE - ok
08:15:23.0483 0x0714 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
08:15:23.0590 0x0714 BITS - ok
08:15:23.0657 0x0714 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:15:23.0752 0x0714 blbdrive - ok
08:15:23.0944 0x0714 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:15:23.0988 0x0714 Bonjour Service - ok
08:15:24.0046 0x0714 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:15:24.0097 0x0714 bowser - ok
08:15:24.0162 0x0714 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:15:24.0261 0x0714 BrFiltLo - ok
08:15:24.0286 0x0714 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:15:24.0384 0x0714 BrFiltUp - ok
08:15:24.0522 0x0714 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:15:24.0629 0x0714 BridgeMP - ok
08:15:24.0679 0x0714 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
08:15:24.0742 0x0714 Browser - ok
08:15:24.0797 0x0714 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:15:24.0903 0x0714 Brserid - ok
08:15:24.0921 0x0714 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:15:24.0983 0x0714 BrSerWdm - ok
08:15:25.0048 0x0714 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:15:25.0144 0x0714 BrUsbMdm - ok
08:15:25.0153 0x0714 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:15:25.0197 0x0714 BrUsbSer - ok
08:15:25.0247 0x0714 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
08:15:25.0338 0x0714 BthEnum - ok
08:15:25.0407 0x0714 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:15:25.0468 0x0714 BTHMODEM - ok
08:15:25.0542 0x0714 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
08:15:25.0612 0x0714 BthPan - ok
08:15:25.0757 0x0714 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
08:15:25.0883 0x0714 BTHPORT - ok
08:15:25.0976 0x0714 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
08:15:26.0073 0x0714 bthserv - ok
08:15:26.0108 0x0714 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
08:15:26.0206 0x0714 BTHUSB - ok
08:15:26.0283 0x0714 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:15:26.0404 0x0714 cdfs - ok
08:15:26.0501 0x0714 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:15:26.0557 0x0714 cdrom - ok
08:15:26.0651 0x0714 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
08:15:26.0758 0x0714 CertPropSvc - ok
08:15:26.0830 0x0714 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
08:15:26.0893 0x0714 circlass - ok
08:15:26.0961 0x0714 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
08:15:26.0997 0x0714 CLFS - ok
08:15:27.0157 0x0714 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:15:27.0190 0x0714 clr_optimization_v2.0.50727_32 - ok
08:15:27.0305 0x0714 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:15:27.0407 0x0714 clr_optimization_v2.0.50727_64 - ok
08:15:27.0575 0x0714 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:15:27.0869 0x0714 clr_optimization_v4.0.30319_32 - ok
08:15:27.0957 0x0714 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:15:28.0125 0x0714 clr_optimization_v4.0.30319_64 - ok
08:15:28.0200 0x0714 [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
08:15:28.0227 0x0714 clwvd - ok
08:15:28.0293 0x0714 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:15:28.0345 0x0714 CmBatt - ok
08:15:28.0378 0x0714 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:15:28.0402 0x0714 cmdide - ok
08:15:28.0522 0x0714 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
08:15:28.0591 0x0714 CNG - ok
08:15:28.0668 0x0714 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:15:28.0696 0x0714 Compbatt - ok
08:15:28.0757 0x0714 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:15:28.0869 0x0714 CompositeBus - ok
08:15:28.0890 0x0714 COMSysApp - ok
08:15:28.0941 0x0714 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:15:28.0971 0x0714 crcdisk - ok
08:15:29.0077 0x0714 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:15:29.0202 0x0714 CryptSvc - ok
08:15:29.0405 0x0714 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:15:29.0461 0x0714 cvhsvc - ok
08:15:29.0566 0x0714 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:15:29.0746 0x0714 DcomLaunch - ok
08:15:29.0841 0x0714 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
08:15:29.0976 0x0714 defragsvc - ok
08:15:30.0036 0x0714 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:15:30.0139 0x0714 DfsC - ok
08:15:30.0215 0x0714 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:15:30.0326 0x0714 Dhcp - ok
08:15:30.0366 0x0714 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
08:15:30.0513 0x0714 discache - ok
08:15:30.0595 0x0714 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
08:15:30.0626 0x0714 Disk - ok
08:15:30.0685 0x0714 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:15:30.0791 0x0714 Dnscache - ok
08:15:30.0856 0x0714 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
08:15:30.0958 0x0714 dot3svc - ok
08:15:31.0036 0x0714 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
08:15:31.0132 0x0714 DPS - ok
08:15:31.0209 0x0714 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:15:31.0239 0x0714 drmkaud - ok
08:15:31.0416 0x0714 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:15:31.0467 0x0714 DXGKrnl - ok
08:15:31.0514 0x0714 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
08:15:31.0628 0x0714 EapHost - ok
08:15:32.0417 0x0714 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:15:32.0768 0x0714 ebdrv - ok
08:15:32.0842 0x0714 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
08:15:32.0898 0x0714 EFS - ok
08:15:33.0096 0x0714 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:15:33.0230 0x0714 ehRecvr - ok
08:15:33.0310 0x0714 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
08:15:33.0441 0x0714 ehSched - ok
08:15:33.0550 0x0714 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:15:33.0608 0x0714 elxstor - ok
08:15:33.0636 0x0714 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:15:33.0688 0x0714 ErrDev - ok
08:15:33.0804 0x0714 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
08:15:33.0966 0x0714 EventSystem - ok
08:15:34.0033 0x0714 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
08:15:34.0172 0x0714 exfat - ok
08:15:34.0228 0x0714 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:15:34.0332 0x0714 fastfat - ok
08:15:34.0468 0x0714 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
08:15:34.0578 0x0714 Fax - ok
08:15:34.0624 0x0714 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
08:15:34.0716 0x0714 fdc - ok
08:15:34.0759 0x0714 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
08:15:34.0856 0x0714 fdPHost - ok
08:15:34.0906 0x0714 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
08:15:34.0978 0x0714 FDResPub - ok
08:15:35.0023 0x0714 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:15:35.0050 0x0714 FileInfo - ok
08:15:35.0079 0x0714 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:15:35.0231 0x0714 Filetrace - ok
08:15:35.0296 0x0714 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:15:35.0352 0x0714 flpydisk - ok
08:15:35.0480 0x0714 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:15:35.0515 0x0714 FltMgr - ok
08:15:35.0660 0x0714 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
08:15:35.0803 0x0714 FontCache - ok
08:15:35.0926 0x0714 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:15:35.0954 0x0714 FontCache3.0.0.0 - ok
08:15:36.0052 0x0714 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:15:36.0082 0x0714 FsDepends - ok
08:15:36.0145 0x0714 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:15:36.0172 0x0714 Fs_Rec - ok
08:15:36.0275 0x0714 [ BA0C1FFDA496D8BCBCAC63F8D98D20E3, 28D37F07A58D5AFA48A18BB4A780A36A3F8D49E94DE8CA5071071CCF16C0C090 ] FUJ02B1 C:\Windows\system32\DRIVERS\FUJ02B1.sys
08:15:36.0324 0x0714 FUJ02B1 - ok
08:15:36.0387 0x0714 [ 7135030CBF87D724B6037BB023923730, 1F6D9A7D7033226507DEDD53CB686C0F3CDC15FD7E77DBC5263256E8EB541E4E ] FUJ02E3 C:\Windows\system32\DRIVERS\FUJ02E3.sys
08:15:36.0458 0x0714 FUJ02E3 - ok
08:15:36.0593 0x0714 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:15:36.0635 0x0714 fvevol - ok
08:15:36.0745 0x0714 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:15:36.0776 0x0714 gagp30kx - ok
08:15:36.0864 0x0714 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:15:36.0887 0x0714 GEARAspiWDM - ok
08:15:37.0052 0x0714 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
08:15:37.0190 0x0714 gpsvc - ok
08:15:37.0505 0x0714 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:15:37.0531 0x0714 gupdate - ok
08:15:37.0738 0x0714 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:15:37.0763 0x0714 gupdatem - ok
08:15:37.0816 0x0714 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:15:37.0874 0x0714 hcw85cir - ok
08:15:38.0001 0x0714 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:15:38.0139 0x0714 HdAudAddService - ok
08:15:38.0233 0x0714 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:15:38.0329 0x0714 HDAudBus - ok
08:15:38.0407 0x0714 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
08:15:38.0435 0x0714 HECIx64 - ok
08:15:38.0515 0x0714 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:15:38.0598 0x0714 HidBatt - ok
08:15:38.0659 0x0714 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:15:38.0746 0x0714 HidBth - ok
08:15:38.0814 0x0714 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
08:15:38.0856 0x0714 HidIr - ok
08:15:38.0926 0x0714 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
08:15:39.0050 0x0714 hidserv - ok
08:15:39.0165 0x0714 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
08:15:39.0199 0x0714 HidUsb - ok
08:15:39.0228 0x0714 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:15:39.0326 0x0714 hkmsvc - ok
08:15:39.0384 0x0714 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:15:39.0493 0x0714 HomeGroupListener - ok
08:15:39.0555 0x0714 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:15:39.0621 0x0714 HomeGroupProvider - ok
08:15:39.0678 0x0714 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:15:39.0711 0x0714 HpSAMD - ok
08:15:39.0818 0x0714 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:15:39.0950 0x0714 HTTP - ok
08:15:39.0967 0x0714 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:15:39.0980 0x0714 hwpolicy - ok
08:15:40.0046 0x0714 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:15:40.0085 0x0714 i8042prt - ok
08:15:40.0166 0x0714 [ 2064090C9FAAD92C090D77E50E735B2E, 802BF10AF2F4B5DC93926C34DB2782DA6FD7243766D583E85603879483A592D2 ] iaStor C:\Windows\system32\drivers\iaStor.sys
08:15:40.0200 0x0714 iaStor - ok
08:15:40.0363 0x0714 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:15:40.0409 0x0714 iaStorV - ok
08:15:40.0585 0x0714 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:15:40.0639 0x0714 idsvc - ok
08:15:40.0692 0x0714 IEEtwCollectorService - ok
08:15:41.0328 0x0714 [ 8E509DE232CFA4F8A5B34F01802F500E, D7641C91BC359CF9A430811236DB4F12CCA4386CD62E7CB50FF0F8FA2F9FF2E7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:15:41.0760 0x0714 igfx - ok
08:15:41.0832 0x0714 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:15:41.0846 0x0714 iirsp - ok
08:15:41.0925 0x0714 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
08:15:42.0015 0x0714 IKEEXT - ok
08:15:42.0082 0x0714 [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
08:15:42.0135 0x0714 Impcd - ok
08:15:42.0376 0x0714 [ 42943BB3AB7A405B30EFF7C8283CC129, B914B5610565B794BE28664DE605C5726A0587F15034A026509885771C63B0D5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:15:42.0438 0x0714 IntcAzAudAddService - ok
08:15:42.0478 0x0714 [ D248AAE81C156C0D47A77CD61BC24CD4, 0601FD06C85C5ADA8EE32A195FC4FB53F76E7E46E5504DE925E4292AF1D5C4B8 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
08:15:42.0518 0x0714 IntcDAud - ok
08:15:42.0578 0x0714 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
08:15:42.0592 0x0714 intelide - ok
08:15:42.0637 0x0714 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:15:42.0687 0x0714 intelppm - ok
08:15:42.0736 0x0714 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:15:42.0840 0x0714 IPBusEnum - ok
08:15:42.0894 0x0714 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:15:42.0992 0x0714 IpFilterDriver - ok
08:15:43.0075 0x0714 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:15:43.0177 0x0714 iphlpsvc - ok
08:15:43.0215 0x0714 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:15:43.0276 0x0714 IPMIDRV - ok
08:15:43.0298 0x0714 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:15:43.0398 0x0714 IPNAT - ok
08:15:43.0483 0x0714 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:15:43.0536 0x0714 IRENUM - ok
08:15:43.0571 0x0714 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:15:43.0600 0x0714 isapnp - ok
08:15:43.0691 0x0714 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:15:43.0735 0x0714 iScsiPrt - ok
08:15:43.0792 0x0714 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:15:43.0823 0x0714 kbdclass - ok
08:15:43.0847 0x0714 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:15:43.0903 0x0714 kbdhid - ok
08:15:43.0930 0x0714 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
08:15:43.0959 0x0714 KeyIso - ok
08:15:44.0036 0x0714 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:15:44.0070 0x0714 KSecDD - ok
08:15:44.0099 0x0714 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:15:44.0128 0x0714 KSecPkg - ok
08:15:44.0164 0x0714 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:15:44.0246 0x0714 ksthunk - ok
08:15:44.0298 0x0714 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
08:15:44.0416 0x0714 KtmRm - ok
08:15:44.0487 0x0714 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:15:44.0600 0x0714 LanmanServer - ok
08:15:44.0682 0x0714 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:15:44.0777 0x0714 LanmanWorkstation - ok
08:15:44.0831 0x0714 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:15:44.0892 0x0714 lltdio - ok
08:15:44.0949 0x0714 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:15:45.0098 0x0714 lltdsvc - ok
08:15:45.0114 0x0714 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:15:45.0184 0x0714 lmhosts - ok
08:15:45.0282 0x0714 [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:15:45.0328 0x0714 LMS - detected UnsignedFile.Multi.Generic ( 1 )
08:15:47.0997 0x0714 Detect skipped due to KSN trusted
08:15:47.0997 0x0714 LMS - ok
08:15:48.0053 0x0714 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:15:48.0068 0x0714 LSI_FC - ok
08:15:48.0086 0x0714 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:15:48.0101 0x0714 LSI_SAS - ok
08:15:48.0115 0x0714 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:15:48.0129 0x0714 LSI_SAS2 - ok
08:15:48.0174 0x0714 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:15:48.0190 0x0714 LSI_SCSI - ok
08:15:48.0211 0x0714 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
08:15:48.0278 0x0714 luafv - ok
08:15:48.0327 0x0714 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:15:48.0346 0x0714 Mcx2Svc - ok
08:15:48.0379 0x0714 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
08:15:48.0393 0x0714 megasas - ok
08:15:48.0438 0x0714 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:15:48.0461 0x0714 MegaSR - ok
08:15:48.0478 0x0714 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
08:15:48.0560 0x0714 MMCSS - ok
08:15:48.0597 0x0714 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
08:15:48.0666 0x0714 Modem - ok
08:15:48.0716 0x0714 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:15:48.0761 0x0714 monitor - ok
08:15:48.0804 0x0714 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:15:48.0817 0x0714 mouclass - ok
08:15:48.0864 0x0714 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:15:48.0898 0x0714 mouhid - ok
08:15:48.0942 0x0714 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:15:48.0957 0x0714 mountmgr - ok
08:15:49.0036 0x0714 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
08:15:49.0072 0x0714 mpio - ok
08:15:49.0086 0x0714 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:15:49.0139 0x0714 mpsdrv - ok
08:15:49.0191 0x0714 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:15:49.0294 0x0714 MpsSvc - ok
08:15:49.0340 0x0714 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:15:49.0377 0x0714 MRxDAV - ok
08:15:49.0413 0x0714 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:15:49.0484 0x0714 mrxsmb - ok
08:15:49.0522 0x0714 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:15:49.0579 0x0714 mrxsmb10 - ok
08:15:49.0609 0x0714 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:15:49.0683 0x0714 mrxsmb20 - ok
08:15:49.0715 0x0714 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
08:15:49.0729 0x0714 msahci - ok
08:15:49.0760 0x0714 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:15:49.0777 0x0714 msdsm - ok
08:15:49.0804 0x0714 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
08:15:49.0865 0x0714 MSDTC - ok
08:15:49.0892 0x0714 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:15:49.0973 0x0714 Msfs - ok
08:15:49.0994 0x0714 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:15:50.0080 0x0714 mshidkmdf - ok
08:15:50.0123 0x0714 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:15:50.0140 0x0714 msisadrv - ok
08:15:50.0172 0x0714 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:15:50.0239 0x0714 MSiSCSI - ok
08:15:50.0244 0x0714 msiserver - ok
08:15:50.0300 0x0714 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:15:50.0407 0x0714 MSKSSRV - ok
08:15:50.0424 0x0714 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:15:50.0500 0x0714 MSPCLOCK - ok
08:15:50.0516 0x0714 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:15:50.0592 0x0714 MSPQM - ok
08:15:50.0659 0x0714 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:15:50.0701 0x0714 MsRPC - ok
08:15:50.0740 0x0714 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:15:50.0753 0x0714 mssmbios - ok
08:15:50.0779 0x0714 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:15:50.0847 0x0714 MSTEE - ok
08:15:50.0879 0x0714 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:15:50.0930 0x0714 MTConfig - ok
08:15:50.0974 0x0714 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
08:15:50.0989 0x0714 Mup - ok
08:15:51.0039 0x0714 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
08:15:51.0122 0x0714 napagent - ok
08:15:51.0172 0x0714 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:15:51.0221 0x0714 NativeWifiP - ok
08:15:51.0356 0x0714 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
08:15:51.0404 0x0714 NDIS - ok
08:15:51.0449 0x0714 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:15:52.0454 0x0714 NdisCap - ok
08:15:52.0564 0x0714 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:15:53.0794 0x0714 NdisTapi - ok
08:15:54.0183 0x0714 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:15:54.0338 0x0714 Ndisuio - ok
08:15:54.0411 0x0714 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:15:54.0531 0x0714 NdisWan - ok
08:15:54.0830 0x0714 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:15:54.0918 0x0714 NDProxy - ok
08:15:55.0035 0x0714 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:15:55.0150 0x0714 NetBIOS - ok
08:15:55.0237 0x0714 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:15:55.0390 0x0714 NetBT - ok
08:15:55.0741 0x0714 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
08:15:55.0773 0x0714 Netlogon - ok
08:15:55.0945 0x0714 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
08:15:56.0073 0x0714 Netman - ok
08:15:56.0139 0x0714 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:15:56.0159 0x0714 NetMsmqActivator - ok
08:15:56.0216 0x0714 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:15:56.0250 0x0714 NetPipeActivator - ok
08:15:56.0478 0x0714 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
08:15:56.0673 0x0714 netprofm - ok
08:15:56.0782 0x0714 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:15:56.0821 0x0714 NetTcpActivator - ok
08:15:56.0830 0x0714 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:15:56.0851 0x0714 NetTcpPortSharing - ok
08:15:57.0017 0x0714 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:15:57.0049 0x0714 nfrd960 - ok
08:15:57.0202 0x0714 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:15:57.0251 0x0714 NlaSvc - ok
08:15:57.0295 0x0714 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:15:57.0379 0x0714 Npfs - ok
08:15:57.0474 0x0714 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
08:15:57.0552 0x0714 nsi - ok
08:15:57.0592 0x0714 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:15:57.0697 0x0714 nsiproxy - ok
08:15:58.0012 0x0714 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:15:58.0124 0x0714 Ntfs - ok
08:15:58.0175 0x0714 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
08:15:58.0302 0x0714 Null - ok
08:15:58.0353 0x0714 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:15:58.0376 0x0714 nvraid - ok
08:15:58.0452 0x0714 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:15:58.0490 0x0714 nvstor - ok
08:15:58.0544 0x0714 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:15:58.0578 0x0714 nv_agp - ok
08:15:58.0610 0x0714 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:15:58.0635 0x0714 ohci1394 - ok
08:15:58.0726 0x0714 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:15:58.0759 0x0714 ose - ok
08:15:59.0450 0x0714 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:15:59.0695 0x0714 osppsvc - ok
08:16:00.0079 0x0714 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:16:00.0217 0x0714 p2pimsvc - ok
08:16:00.0348 0x0714 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
08:16:00.0468 0x0714 p2psvc - ok
08:16:00.0568 0x0714 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
08:16:00.0630 0x0714 Parport - ok
08:16:00.0660 0x0714 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:16:00.0714 0x0714 partmgr - ok
08:16:00.0777 0x0714 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
08:16:00.0849 0x0714 PcaSvc - ok
08:16:00.0943 0x0714 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
08:16:00.0990 0x0714 pci - ok
08:16:01.0035 0x0714 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
08:16:01.0067 0x0714 pciide - ok
08:16:01.0137 0x0714 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:16:01.0172 0x0714 pcmcia - ok
08:16:01.0219 0x0714 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
08:16:01.0249 0x0714 pcw - ok
08:16:01.0370 0x0714 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:16:01.0618 0x0714 PEAUTH - ok
08:16:01.0839 0x0714 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:16:01.0899 0x0714 PerfHost - ok
08:16:02.0144 0x0714 [ C0F1CFCEE7E8AFF3AE0A7F54A7D3D6BE, 683CE2CC459448F2388DD9A9400D021A5ADD2149AA26245910C36D6417FB0D65 ] PFNService C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
08:16:02.0190 0x0714 PFNService - detected UnsignedFile.Multi.Generic ( 1 )
08:16:04.0890 0x0714 Detect skipped due to KSN trusted
08:16:04.0890 0x0714 PFNService - ok
08:16:05.0362 0x0714 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
08:16:05.0658 0x0714 pla - ok
08:16:05.0877 0x0714 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:16:06.0114 0x0714 PlugPlay - ok
08:16:06.0162 0x0714 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:16:06.0208 0x0714 PNRPAutoReg - ok
08:16:06.0258 0x0714 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:16:06.0283 0x0714 PNRPsvc - ok
08:16:06.0377 0x0714 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:16:06.0458 0x0714 PolicyAgent - ok
08:16:06.0530 0x0714 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
08:16:06.0602 0x0714 Power - ok
08:16:06.0691 0x0714 [ 843BA5F09A391D52AC1F8486C5FC3D4F, 55952EB06CA88955F8A33856E161D808918B05B143287E267EB69963238F1B98 ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
08:16:06.0704 0x0714 PowerSavingUtilityService - ok
08:16:06.0791 0x0714 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:16:06.0891 0x0714 PptpMiniport - ok
08:16:06.0946 0x0714 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
08:16:07.0019 0x0714 Processor - ok
08:16:07.0102 0x0714 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
08:16:07.0158 0x0714 ProfSvc - ok
08:16:07.0184 0x0714 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
08:16:07.0201 0x0714 ProtectedStorage - ok
08:16:07.0237 0x0714 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:16:07.0282 0x0714 Psched - ok
08:16:07.0642 0x0714 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:16:07.0719 0x0714 ql2300 - ok
08:16:07.0817 0x0714 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:16:07.0837 0x0714 ql40xx - ok
08:16:07.0878 0x0714 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
08:16:07.0910 0x0714 QWAVE - ok
08:16:07.0943 0x0714 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:16:07.0990 0x0714 QWAVEdrv - ok
08:16:08.0041 0x0714 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:16:08.0118 0x0714 RasAcd - ok
08:16:08.0166 0x0714 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:16:08.0263 0x0714 RasAgileVpn - ok
08:16:08.0376 0x0714 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
08:16:08.0475 0x0714 RasAuto - ok
08:16:08.0524 0x0714 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:16:08.0585 0x0714 Rasl2tp - ok
08:16:08.0735 0x0714 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
08:16:08.0890 0x0714 RasMan - ok
08:16:08.0938 0x0714 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:16:09.0042 0x0714 RasPppoe - ok
08:16:09.0075 0x0714 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:16:09.0140 0x0714 RasSstp - ok
08:16:09.0191 0x0714 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:16:09.0270 0x0714 rdbss - ok
08:16:09.0368 0x0714 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:16:09.0420 0x0714 rdpbus - ok
08:16:09.0495 0x0714 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:16:09.0561 0x0714 RDPCDD - ok
08:16:09.0619 0x0714 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:16:09.0693 0x0714 RDPENCDD - ok
08:16:09.0730 0x0714 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:16:09.0800 0x0714 RDPREFMP - ok
08:16:09.0992 0x0714 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:16:10.0156 0x0714 RdpVideoMiniport - ok
08:16:10.0288 0x0714 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:16:10.0376 0x0714 RDPWD - ok
08:16:10.0572 0x0714 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:16:10.0594 0x0714 rdyboost - ok
08:16:10.0639 0x0714 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:16:10.0779 0x0714 RemoteAccess - ok
08:16:10.0843 0x0714 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:16:10.0919 0x0714 RemoteRegistry - ok
08:16:10.0979 0x0714 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
08:16:11.0027 0x0714 RFCOMM - ok
08:16:11.0094 0x0714 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:16:11.0144 0x0714 RpcEptMapper - ok
08:16:11.0199 0x0714 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
08:16:11.0247 0x0714 RpcLocator - ok
08:16:11.0284 0x0714 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\System32\rpcss.dll
08:16:11.0348 0x0714 RpcSs - ok
08:16:11.0416 0x0714 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:16:11.0470 0x0714 rspndr - ok
08:16:11.0691 0x0714 [ 4A25DC970C58104602ED274DACAFD784, 38377570346385E9035568694638719475607B62968C5E3D0D9CBCDD04A5BD52 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
08:16:11.0759 0x0714 RSUSBSTOR - ok
08:16:11.0809 0x0714 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A, 9F6CFBE7E64A63E0AFEF546C4B8D889657B2055CE80279EA1B63EB5650E730F8 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:16:11.0829 0x0714 RTL8167 - ok
08:16:11.0847 0x0714 RtsUIR - ok
08:16:11.0862 0x0714 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
08:16:11.0880 0x0714 SamSs - ok
08:16:11.0903 0x0714 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:16:11.0919 0x0714 sbp2port - ok
08:16:12.0019 0x0714 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:16:12.0101 0x0714 SCardSvr - ok
08:16:12.0249 0x0714 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:16:12.0350 0x0714 scfilter - ok
08:16:12.0708 0x0714 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
08:16:12.0815 0x0714 Schedule - ok
08:16:12.0848 0x0714 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:16:12.0891 0x0714 SCPolicySvc - ok
08:16:12.0970 0x0714 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:16:13.0051 0x0714 SDRSVC - ok
08:16:13.0088 0x0714 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:16:13.0163 0x0714 secdrv - ok
08:16:13.0192 0x0714 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
08:16:13.0271 0x0714 seclogon - ok
08:16:13.0308 0x0714 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
08:16:13.0405 0x0714 SENS - ok
08:16:13.0461 0x0714 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:16:13.0504 0x0714 SensrSvc - ok
08:16:13.0551 0x0714 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
08:16:13.0585 0x0714 Serenum - ok
08:16:13.0627 0x0714 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
08:16:13.0664 0x0714 Serial - ok
08:16:13.0723 0x0714 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:16:13.0757 0x0714 sermouse - ok
08:16:13.0815 0x0714 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
08:16:13.0884 0x0714 SessionEnv - ok
08:16:13.0912 0x0714 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:16:13.0935 0x0714 sffdisk - ok
08:16:14.0055 0x0714 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:16:14.0121 0x0714 sffp_mmc - ok
08:16:14.0158 0x0714 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:16:14.0217 0x0714 sffp_sd - ok
08:16:14.0277 0x0714 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:16:14.0360 0x0714 sfloppy - ok
08:16:14.0434 0x0714 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
08:16:14.0479 0x0714 Sftfs - ok
08:16:14.0618 0x0714 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
08:16:14.0662 0x0714 sftlist - ok
08:16:14.0703 0x0714 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
08:16:14.0721 0x0714 Sftplay - ok
08:16:14.0745 0x0714 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
08:16:14.0757 0x0714 Sftredir - ok
08:16:14.0789 0x0714 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
08:16:14.0803 0x0714 Sftvol - ok
08:16:14.0909 0x0714 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
08:16:14.0927 0x0714 sftvsa - ok
08:16:15.0002 0x0714 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:16:15.0076 0x0714 SharedAccess - ok
08:16:15.0156 0x0714 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:16:15.0264 0x0714 ShellHWDetection - ok
08:16:15.0328 0x0714 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:16:15.0342 0x0714 SiSRaid2 - ok
08:16:15.0405 0x0714 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:16:15.0422 0x0714 SiSRaid4 - ok
08:16:15.0483 0x0714 [ 8C4F0DCC6A5100D48F9B2F950CDD220F, 7B66C259BEBFEA527BFEC2B69E8224EE2277CB736EF9E0F5A92C932657EC8351 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:16:15.0498 0x0714 SkypeUpdate - ok
08:16:15.0529 0x0714 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:16:15.0598 0x0714 Smb - ok
08:16:15.0664 0x0714 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:16:15.0681 0x0714 SNMPTRAP - ok
08:16:15.0721 0x0714 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
08:16:15.0733 0x0714 spldr - ok
08:16:15.0862 0x0714 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
08:16:15.0994 0x0714 Spooler - ok
08:16:16.0595 0x0714 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
08:16:16.0895 0x0714 sppsvc - ok
08:16:16.0955 0x0714 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:16:17.0026 0x0714 sppuinotify - ok
08:16:17.0134 0x0714 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:16:17.0215 0x0714 srv - ok
08:16:17.0288 0x0714 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:16:17.0362 0x0714 srv2 - ok
08:16:17.0397 0x0714 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:16:17.0418 0x0714 srvnet - ok
08:16:17.0463 0x0714 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:16:17.0548 0x0714 SSDPSRV - ok
08:16:17.0578 0x0714 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:16:17.0675 0x0714 SstpSvc - ok
08:16:17.0696 0x0714 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:16:17.0731 0x0714 stexstor - ok
08:16:17.0783 0x0714 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
08:16:17.0860 0x0714 stisvc - ok
08:16:17.0898 0x0714 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:16:17.0911 0x0714 swenum - ok
08:16:18.0136 0x0714 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
08:16:18.0232 0x0714 swprv - ok
08:16:18.0319 0x0714 [ 2F827BB08CC7F1A17DF2EAD7B424D731, A4F58318A3439A734425C95A2ABC6D7A8B816BD8563DF272EBB5B7420A7D99BE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
08:16:18.0337 0x0714 SynTP - ok
08:16:18.0898 0x0714 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
08:16:19.0106 0x0714 SysMain - ok
08:16:19.0197 0x0714 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:16:19.0241 0x0714 TabletInputService - ok
08:16:19.0278 0x0714 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
08:16:19.0375 0x0714 TapiSrv - ok
08:16:19.0409 0x0714 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
08:16:19.0471 0x0714 TBS - ok
08:16:19.0645 0x0714 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:16:19.0739 0x0714 Tcpip - ok
08:16:19.0848 0x0714 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:16:19.0917 0x0714 TCPIP6 - ok
08:16:19.0951 0x0714 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:16:20.0003 0x0714 tcpipreg - ok
08:16:20.0046 0x0714 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:16:20.0092 0x0714 TDPIPE - ok
08:16:20.0204 0x0714 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:16:20.0255 0x0714 TDTCP - ok
08:16:20.0297 0x0714 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:16:20.0420 0x0714 tdx - ok
08:16:20.0465 0x0714 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:16:20.0486 0x0714 TermDD - ok
08:16:20.0714 0x0714 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
08:16:20.0805 0x0714 TermService - ok
08:16:20.0850 0x0714 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
08:16:20.0924 0x0714 Themes - ok
08:16:21.0043 0x0714 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
08:16:21.0087 0x0714 THREADORDER - ok
08:16:21.0154 0x0714 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
08:16:21.0186 0x0714 TPM - ok
08:16:21.0225 0x0714 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
08:16:21.0295 0x0714 TrkWks - ok
08:16:21.0424 0x0714 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:16:21.0477 0x0714 TrustedInstaller - ok
08:16:21.0531 0x0714 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:16:21.0610 0x0714 tssecsrv - ok
08:16:21.0685 0x0714 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:16:21.0723 0x0714 TsUsbFlt - ok
08:16:21.0792 0x0714 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:16:21.0832 0x0714 TsUsbGD - ok
08:16:21.0990 0x0714 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:16:22.0060 0x0714 tunnel - ok
08:16:22.0124 0x0714 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:16:22.0137 0x0714 uagp35 - ok
08:16:22.0241 0x0714 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:16:22.0355 0x0714 udfs - ok
08:16:22.0381 0x0714 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:16:22.0400 0x0714 UI0Detect - ok
08:16:22.0424 0x0714 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:16:22.0441 0x0714 uliagpkx - ok
08:16:22.0475 0x0714 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:16:22.0510 0x0714 umbus - ok
08:16:22.0542 0x0714 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
08:16:22.0597 0x0714 UmPass - ok
08:16:23.0091 0x0714 [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:16:23.0256 0x0714 UNS - detected UnsignedFile.Multi.Generic ( 1 )
08:16:33.0384 0x0714 UNS ( UnsignedFile.Multi.Generic ) - warning
08:16:38.0204 0x0714 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
08:16:38.0341 0x0714 upnphost - ok
08:16:38.0490 0x0714 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:16:38.0558 0x0714 usbaudio - ok
08:16:38.0605 0x0714 [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:16:38.0632 0x0714 usbccgp - ok
08:16:38.0637 0x0714 USBCCID - ok
08:16:38.0668 0x0714 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:16:38.0714 0x0714 usbcir - ok
08:16:38.0756 0x0714 [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:16:38.0788 0x0714 usbehci - ok
08:16:39.0005 0x0714 [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:16:39.0078 0x0714 usbhub - ok
08:16:39.0125 0x0714 [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:16:39.0173 0x0714 usbohci - ok
08:16:39.0213 0x0714 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:16:39.0245 0x0714 usbprint - ok
08:16:39.0296 0x0714 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
08:16:39.0342 0x0714 usbscan - ok
08:16:39.0402 0x0714 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:16:39.0492 0x0714 USBSTOR - ok
08:16:39.0670 0x0714 [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:16:39.0776 0x0714 usbuhci - ok
08:16:39.0829 0x0714 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
08:16:39.0904 0x0714 usbvideo - ok
08:16:39.0964 0x0714 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
08:16:40.0097 0x0714 UxSms - ok
08:16:40.0127 0x0714 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
08:16:40.0160 0x0714 VaultSvc - ok
08:16:40.0261 0x0714 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:16:40.0290 0x0714 vdrvroot - ok
08:16:40.0342 0x0714 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
08:16:40.0493 0x0714 vds - ok
08:16:40.0613 0x0714 [ D9656445499625B0ED88C0B203F3C16F, D8F9BD924A7200A09C2866C9FB39FE000CCC9F96DA4336903A5EDFF1D33E6627 ] VFPRadioSupportService C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
08:16:40.0643 0x0714 VFPRadioSupportService - ok
08:16:40.0676 0x0714 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:16:40.0711 0x0714 vga - ok
08:16:40.0743 0x0714 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:16:40.0827 0x0714 VgaSave - ok
08:16:41.0078 0x0714 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:16:41.0118 0x0714 vhdmp - ok
08:16:41.0307 0x0714 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
08:16:41.0358 0x0714 viaide - ok
08:16:41.0439 0x0714 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:16:41.0512 0x0714 volmgr - ok
08:16:41.0720 0x0714 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:16:41.0778 0x0714 volmgrx - ok
08:16:41.0820 0x0714 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:16:41.0868 0x0714 volsnap - ok
08:16:41.0936 0x0714 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:16:41.0984 0x0714 vsmraid - ok
08:16:42.0088 0x0714 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
08:16:42.0229 0x0714 VSS - ok
08:16:42.0408 0x0714 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:16:42.0475 0x0714 vwifibus - ok
08:16:42.0551 0x0714 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:16:42.0615 0x0714 vwififlt - ok
08:16:42.0652 0x0714 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:16:42.0693 0x0714 vwifimp - ok
08:16:42.0744 0x0714 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
08:16:42.0855 0x0714 W32Time - ok
08:16:42.0884 0x0714 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:16:42.0935 0x0714 WacomPen - ok
08:16:43.0003 0x0714 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:16:43.0100 0x0714 WANARP - ok
08:16:43.0167 0x0714 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:16:43.0244 0x0714 Wanarpv6 - ok
08:16:43.0939 0x0714 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:16:44.0064 0x0714 WatAdminSvc - ok
08:16:44.0635 0x0714 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
08:16:44.0801 0x0714 wbengine - ok
08:16:44.0832 0x0714 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:16:44.0884 0x0714 WbioSrvc - ok
08:16:44.0952 0x0714 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:16:45.0112 0x0714 wcncsvc - ok
08:16:45.0140 0x0714 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:16:45.0191 0x0714 WcsPlugInService - ok
08:16:45.0242 0x0714 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
08:16:45.0269 0x0714 Wd - ok
08:16:45.0372 0x0714 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:16:45.0434 0x0714 Wdf01000 - ok
08:16:45.0460 0x0714 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:16:45.0504 0x0714 WdiServiceHost - ok
08:16:45.0509 0x0714 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:16:45.0537 0x0714 WdiSystemHost - ok
08:16:45.0640 0x0714 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
08:16:45.0716 0x0714 WebClient - ok
08:16:45.0855 0x0714 [ D5BA7D43FA2EF656BF7E98A188391E40, 56CF132B7C43A0F9C7C4D070730315FE7AFD2E87E94014DFC3D7107BB52B9C64 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:16:45.0898 0x0714 Wecsvc - ok
08:16:45.0971 0x0714 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:16:46.0055 0x0714 wercplsupport - ok
08:16:46.0090 0x0714 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
08:16:46.0139 0x0714 WerSvc - ok
08:16:46.0185 0x0714 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:16:46.0268 0x0714 WfpLwf - ok
08:16:46.0305 0x0714 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:16:46.0335 0x0714 WIMMount - ok
08:16:46.0403 0x0714 WinDefend - ok
08:16:46.0449 0x0714 WinHttpAutoProxySvc - ok
08:16:46.0511 0x0714 [ 136760C1E9697BAF4ECDEAE5590A0806, 12E80D0923D794F4C520FEA7CB98EF581231B996FB1876EB20995E6E457EFF56 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:16:46.0573 0x0714 Winmgmt - ok
08:16:46.0870 0x0714 [ 3BB6B401A780BF434C8F58137DE10BF7, 1A377C39B78B92A1A1FED699EE5E5ED0271A6FFAC143F1D29FC1FDF4D726A522 ] WinRM C:\Windows\system32\WsmSvc.dll
08:16:47.0064 0x0714 WinRM - ok
08:16:47.0126 0x0714 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:16:47.0183 0x0714 WinUsb - ok
08:16:47.0279 0x0714 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:16:47.0440 0x0714 Wlansvc - ok
08:16:47.0497 0x0714 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:16:47.0523 0x0714 wlcrasvc - ok
08:16:47.0819 0x0714 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:16:47.0901 0x0714 wlidsvc - ok
08:16:47.0977 0x0714 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:16:48.0035 0x0714 WmiAcpi - ok
08:16:48.0120 0x0714 [ 4DF841632B62A7CF19A79A05046A8AB1, D80F28FD7FEB95DB83976EAFECB2E9AE1423DA4D34EC5D820FC39A33444B82DA ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:16:48.0181 0x0714 wmiApSrv - ok
08:16:48.0235 0x0714 WMPNetworkSvc - ok
08:16:48.0268 0x0714 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:16:48.0300 0x0714 WPCSvc - ok
08:16:48.0337 0x0714 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:16:48.0378 0x0714 WPDBusEnum - ok
08:16:48.0468 0x0714 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:16:48.0573 0x0714 ws2ifsl - ok
08:16:48.0623 0x0714 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
08:16:48.0694 0x0714 wscsvc - ok
08:16:48.0699 0x0714 WSearch - ok
08:16:49.0163 0x0714 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
08:16:49.0352 0x0714 wuauserv - ok
08:16:49.0541 0x0714 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:16:49.0621 0x0714 WudfPf - ok
08:16:49.0752 0x0714 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:16:49.0810 0x0714 WUDFRd - ok
08:16:49.0875 0x0714 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:16:49.0959 0x0714 wudfsvc - ok
08:16:50.0044 0x0714 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
08:16:50.0089 0x0714 WwanSvc - ok
08:16:50.0150 0x0714 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
08:16:50.0201 0x0714 xusb21 - ok
08:16:50.0245 0x0714 ================ Scan global ===============================
08:16:50.0290 0x0714 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
08:16:50.0325 0x0714 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:16:50.0358 0x0714 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:16:50.0413 0x0714 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:16:50.0465 0x0714 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
08:16:50.0508 0x0714 [ Global ] - ok
08:16:50.0509 0x0714 ================ Scan MBR ==================================
08:16:50.0530 0x0714 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:16:54.0129 0x0714 \Device\Harddisk0\DR0 - ok
08:16:54.0130 0x0714 ================ Scan VBR ==================================
08:16:54.0151 0x0714 [ E7F895AB43B0F6F01930006396FF9612 ] \Device\Harddisk0\DR0\Partition1
08:16:54.0156 0x0714 \Device\Harddisk0\DR0\Partition1 - ok
08:16:54.0157 0x0714 Waiting for KSN requests completion. In queue: 65
08:16:55.0230 0x0714 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2011.263 ), 0x41000 ( enabled : updated )
08:16:55.0258 0x0714 Win FW state via NFP2: enabled
08:16:57.0967 0x0714 ============================================================
08:16:57.0967 0x0714 Scan finished
08:16:57.0967 0x0714 ============================================================
08:16:57.0981 0x10cc Detected object count: 1
08:16:57.0981 0x10cc Actual detected object count: 1
08:17:43.0975 0x10cc UNS ( UnsignedFile.Multi.Generic ) - skipped by user
08:17:43.0975 0x10cc UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:25:20.0592 0x04f0 Deinitialize success
  • 0

#53
godawgs
Posted 08 January 2014 - 10:10 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

What TDSSKiller found was just an unsigned file. No evidence of a TDL rootkit. So I don't see any evidence of malware left on the system, but sadly I am out of ideas as to why the wireless adapter comes and goes.
We are going to clean up the tools we used and the logs they generated. After that If you want to start a topic in the Networking forum click here. After you have given a brief expanation of the problem please add that you have been to the malware removal forum and given a clean bill of health. And add a link to this topic so they can see what we have tried.
Then send me a PM letting me know that you have started the topic there and I will ask some of our Techs to look at it.


OK! Well done. :thumbsup: Here is the best part of the process! Your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ESET

3. Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (86)\ESET

2. Close Windows Explorer.

Step-2.

Uninstall AdwCleaner

Re-open AdwCleaner
  • Click the Uninstall button
  • Confirm with yes
Posted Image

Step-3.

Uninstall ComboFix
  • Click the Start Orb and click Run. This will display the Run dialogue box .
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen.
  • A message should appear confirming that ComboFix was uninstalled
Step-4.

OTL Cleanup

1. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-5.

Delete the following Files and Folders (If Present):

MBR.dat
ListChkdskResult,exe
ListChkdskResult.txt
esetsmartinstaller_enu.exe (If you used Firefox to do the scan)
fixlist.txt

Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-6.

Reset Hidden Files and Folders

1. Click the Start Orb and click Computer.
2. In the Menu bar at the top click the Tools menu and click Folder Oprtions...
3. On the Folder Options window click the View tab.
4. In the Advanced settings: box, Under Hidden files and folders, click the Do not show hidden files and folders button.
5. Click the Hide protected operating system files (Recommended) box.
6. Click Apply and then OK

Step-7.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

  • Click the Start Orb. Click Control Panel. Click System and Maintenance
  • Click System
  • In the left column under Tasks, click Advance System Settings and accept the warning if you get one
  • Click the System Protection Tab
  • Windows Vista: In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?
    Windows 7/8: In the Protection Settings section, make sure the protection for the System drive is ON. If it isn't, click the Configure button and turn it on.

    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • Type in a name fo the restore point, i.e: Clean
  • Click Create
  • A small System Protection window will come up telling you a Restore Point is being created.
  • Another System Protection window will come up telling you the Restore Point has been created, click OK
  • Click OK again.
  • Close the Control Panel
Now we can purge the old Restore Points
  • Click Start(Windows 7 Orb), click Run (or press the Windows key and R together) to bring up the Run box.
  • Copy and Paste the following in the Run box:
    cleanmgr
  • Click OK
    A Disk Cleanup Options popup will open
    Posted Image
  • Click Files from all users on this computer

    A Drive Selection popup will open
    NOTE: You will not see this window unless you have more than one drive or partition on your computer.
    Posted Image
    If you chose Files from all users on this computer above, then click on Continue for UAC prompt.
  • Select the system drive, C:\ and click OK.
  • For a few moments the system will make some calculations
    Posted Image
  • The Disk Cleanup Window will open:
    Posted Image
  • Click the More Options tab.
    NOTE: If there isn't a More Options button then click the Clean up system files button at the bottom of the window. Disk Cleanup will reload and the More Options button should be visible.
  • Click the Clean up button under the System Restore and Shadow Copies section. (See screenshot below)
    Posted Image
  • In the Disk Cleanup dialog box, click Delete (See screenshot below).
    Posted Image
  • You will get a Disk Cleanup confirmation (See screenshot below)
    Posted Image
  • Click Delete Files, and then click OK.


Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable.
Please either enable Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

1. Click Start> All Programs, from the list find Windows Update and click it.

:Turn On Automatic Updates:

1. Click Start> Control Panel. Click Security. Under Windows Update, Click Turn automatic on or off.
2. On the next page, under Important Updates, Click the Drop down arrow on the right side of the box and Click Install Updates Automatically(recommended).
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your task bar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

NOTE: Many installers offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

This webpage is worth bookmarking/reading for future reference:
Securing Your Web Browser

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
:Install the MVPs Hosts File:
  • MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
NOTE: Please read all of the information on the MVP Hosts page before you install the HOSTS file. This file will may result in some of the web sites you visit not working as expected or not at all. There are work arounds for this but you will need to read about them on the web page. If you install the MVP HOSTS file and decide you don't want it you can replace it with the HOSTS file that you were using before. The web page has directions for this.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.
SPECIAL NOTICE

“CryptoLocker” is the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts the files on your computer until you pay a ransom. Some variants encrypt you personal files(MP3s, photos, doc files,ect;). But ither variants encrypy virtually every file, including system files. According to reports from security firms, CryptoLocker is most often spread through booby-trapped email attachments, but the malware also can be deployed by hacked and malicious Web sites by exploiting outdated browser plugins.
Unfortunately, there isn't a way to recover the files short of paying the ransom because the encryption uses 2048-bit RSA keys that would take like a quadrillion years to decrypt.
We haven't seen a lot of the CryptoLocker ransomeware in the wild yet, but if enough people pay the ransom to get their files back it will become more prevelant. You can read more about the CryptoLocker ransomware here

Fortunately there is a program that will help prevent this type of ransomeware and other malware. You should download it and install it now.
Click here to go to the CryptoPrevent web page. You can read about the program. There are also a couple of videos toward the end of the page that show the program in action.
Scroll to the bottom of the page and click the Download "CryptoPrevent Installer" button and download the file to the desktop. Close the browser and all open programs.
Double click the CryptoPreventSetup.exe file to install it.
Right click the CryptoPreventSetup.exe file and click Run as Administrator and OK ant UAC prompts to install the program.
Next, Double click the CryptoPrevent icon on the desktop to run the program.
Next, Right click the Cryptoprevent icon on the desktop and click Run as Administrator and OK any UAC prompt to run the program.

Posted Image

When the program opens make sure all boxes are checked and then click the Block button to apply the protection.

NOTE: I don't think the free version has an update tab so you will need to check the web site from time to time to check for newer versions of the program. Or you can pay a one time fee of $15 and get the Premium Edition which includes an automatic updating function.


It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
========BACKUPS================
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • Tweaking.com's Registry Backup - Download the installer for Registry Backup from the link below and save it to the desktop :
    Link
  • Click one of the Download buttons under Installer
    A tutorial for Registry Backup explaining the various features can be viewed here
========Keep Installed Programs Up to Date========
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I get infected in the first place? by Mr. Tony Cline

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

IF I have helped you and you want to say "thanks", you can do that by clicking the Rep+ button at the bottom right of this post. :)

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 1

#54
Jan1959
Posted 08 January 2014 - 03:44 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Thank you very much godawgs,

You have been a great help! It's been very clear that you've spent a lot of time trying to resolve all my problems.

It's ironic that I thought that the wireless internet problem was malware related but it ended up being hardware even though there was malware on the laptop.

I will clean up as you have instructed and I will post the problem to your Tech guys but it's nice to know that the laptop is now free of 'bugs'

Thanks again for all your help and patience!

Cheers! :-)
  • 0

#55
godawgs
Posted 08 January 2014 - 10:50 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You are welcome. I'm sorry I wasn't able to resolve the issue with the wireless adapter. When you get the new topic posted just leave ma a PM with a link to the new topic and I will ask the Techs to take a gander.

If you need us in the future just give us a yell. Stay safe. :geek:
  • 0

Advertisements

#56
godawgs
Posted 09 January 2014 - 12:25 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP