Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware? [Solved]


  • This topic is locked This topic is locked

#1
showup

showup

    Member

  • Member
  • PipPip
  • 10 posts

Hithere: I suspect that my laptop is infected with malware/adware.

It opens several chrome tabs on itself. Although the tabs are blank pages i suspect that it slows the system.

I also found the 'SOE web installer' which i tried to uninstall, But i could not.

 

Here is the OTL.txt output:

=====================

 

OTL logfile created on: 7/30/2014 7:26:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thiyagi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 3.34 Gb Available Physical Memory | 42.30% Memory free
15.81 Gb Paging File | 9.80 Gb Available in Paging File | 61.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 886.32 Gb Total Space | 669.60 Gb Free Space | 75.55% Space Free | Partition Type: NTFS
Drive D: | 25.47 Gb Total Space | 21.09 Gb Free Space | 82.79% Space Free | Partition Type: NTFS
 
Computer Name: THIYAGI_LENOVO | User Name: Thiyagi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/30 19:24:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thiyagi\Downloads\OTL.exe
PRC - [2014/07/22 22:28:30 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
PRC - [2014/07/21 17:02:50 | 035,464,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thiyagi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/07/15 05:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/07/02 05:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/06/07 16:30:31 | 000,874,144 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
PRC - [2014/05/27 17:15:44 | 000,118,056 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2014/03/26 11:00:06 | 001,004,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2014/03/26 11:00:06 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2014/02/07 16:51:58 | 000,435,712 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
PRC - [2014/01/07 08:44:00 | 000,148,480 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2013/11/08 16:14:26 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/18 23:07:06 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2012/05/27 21:28:28 | 001,622,016 | ---- | M] (Don HO [email protected]) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2012/05/21 02:51:24 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012/05/21 02:49:36 | 000,099,680 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2012/03/11 20:59:30 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/28 05:20:02 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/28 05:19:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/28 05:19:46 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/09 14:20:40 | 001,682,536 | ---- | M] (NaturalSoft Co. Ltd.) -- C:\Program Files (x86)\naturalsoft\free10\NaturalReader10.exe
PRC - [2011/12/08 14:12:40 | 000,291,272 | ---- | M] () -- C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
PRC - [2011/11/29 23:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 23:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/10/13 00:11:34 | 002,068,856 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2011/10/13 00:11:32 | 001,446,264 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2011/08/25 23:43:44 | 000,337,776 | ---- | M] ( ) -- C:\Program Files (x86)\LockKey\LockKey.exe
PRC - [2011/01/29 02:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/11/20 23:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/09/29 11:41:00 | 000,465,728 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe
PRC - [2010/06/15 00:11:48 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe
PRC - [2010/06/15 00:10:00 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/03/05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfPro5Hook.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/30 10:47:43 | 000,043,008 | ---- | M] () -- c:\Users\Thiyagi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkq3fb3.dll
MOD - [2014/07/22 22:28:30 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
MOD - [2014/07/22 22:26:14 | 004,792,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2014/07/21 16:53:38 | 003,610,624 | ---- | M] () -- C:\Users\Thiyagi\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/07/15 05:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 05:24:46 | 014,664,008 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
MOD - [2014/07/15 05:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 05:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 05:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 05:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2014/05/18 16:30:09 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359e693030a92977455667e67fb74267\Microsoft.VisualBasic.ni.dll
MOD - [2014/05/18 16:28:37 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6b81a58601cb555dd9e63bc05557751b\IAStorUtil.ni.dll
MOD - [2014/05/18 16:00:01 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\15c45f1932751583dc3c2d49e5786acd\System.Web.Services.ni.dll
MOD - [2014/05/18 15:59:55 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/05/18 15:58:55 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/05/18 15:58:42 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll
MOD - [2014/03/05 03:36:11 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/03/04 12:02:42 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/03/04 12:01:57 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014/03/04 12:01:21 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/03/03 10:26:12 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/03/03 10:25:46 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/03/03 10:25:46 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/03/03 10:25:43 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/03/03 10:25:35 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/03/03 10:25:34 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/03/03 10:25:32 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/03/03 10:25:32 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/03/03 10:25:29 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/03/03 10:25:28 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/03/03 10:25:27 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/03/03 10:25:17 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/13 08:16:13 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d682d06abf8257c72ce11cefd1d74cf5\CustomMarshalers.ni.dll
MOD - [2014/02/13 07:17:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/13 07:17:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33f1f62a80540af6dba6af268692c041\IAStorCommon.ni.dll
MOD - [2014/02/12 09:28:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 09:28:18 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 09:28:17 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c233151b685c540524f87931632423a\System.Deployment.ni.dll
MOD - [2014/02/12 09:28:15 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014/02/12 09:28:01 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 09:27:53 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 09:27:48 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 09:27:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 09:27:36 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/07 08:40:42 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\Virtual Account Numbers\VANRes.dll
MOD - [2013/10/18 19:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Thiyagi\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/06/17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
MOD - [2012/05/21 02:51:24 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012/05/21 02:49:36 | 000,099,680 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011/12/08 14:12:40 | 000,291,272 | ---- | M] () -- C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
MOD - [2011/09/21 16:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
MOD - [2011/07/18 17:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
MOD - [2011/06/02 16:58:18 | 000,132,448 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011/06/02 16:57:44 | 000,161,120 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/20 23:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2006/12/04 22:02:22 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\naturalsoft\free10\OpenNLP.dll
MOD - [2006/12/04 22:02:22 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\naturalsoft\free10\SharpEntropy.dll
MOD - [2003/10/21 09:33:12 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\naturalsoft\Paul\lib\voicetext_eng.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/03 01:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/02/01 21:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/12/23 21:51:22 | 000,120,160 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Windows\SysNative\NSDSvc.exe -- (NSDSvc)
SRV:64bit: - [2011/12/08 13:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011/12/08 13:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/08 13:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/12/08 13:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/12/05 12:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/12/05 11:55:36 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/07/09 10:16:33 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/02 05:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/05/27 17:15:44 | 000,118,056 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2014/03/26 11:00:06 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2013/11/08 16:14:26 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/30 15:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/18 23:07:06 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2012/05/21 02:51:58 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2012/03/02 17:48:54 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/28 05:20:02 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/28 05:19:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/28 05:19:46 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 23:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/28 11:32:46 | 000,090,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe -- (DLNADB)
SRV - [2010/06/15 00:10:00 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/01 05:08:24 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2014/03/26 11:00:02 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2014/03/26 11:00:00 | 000,625,248 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/03/26 11:00:00 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2014/03/26 11:00:00 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014/03/26 11:00:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2014/03/26 11:00:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013/08/28 21:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013/05/14 17:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2012/08/30 15:14:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/06/01 18:18:04 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/21 02:53:02 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012/05/21 02:53:02 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012/05/21 02:52:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/05/21 02:52:34 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/04/13 10:05:16 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2012/04/13 10:05:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2012/03/11 20:59:32 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/03/11 20:59:32 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/03/11 20:59:32 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/17 13:28:54 | 014,692,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/01 23:07:18 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012/02/01 23:07:18 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012/02/01 23:07:12 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/02/01 23:07:12 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/02/01 23:07:12 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012/02/01 23:07:12 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/01/27 13:00:28 | 000,109,056 | ---- | M] (Ozmo Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hswpan.sys -- (hswpan)
DRV:64bit: - [2012/01/26 21:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/01/26 21:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/23 20:45:50 | 000,024,160 | ---- | M] (Lenovo Corporation") [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nsd.sys -- (NSD)
DRV:64bit: - [2011/12/22 00:57:42 | 000,059,488 | ---- | M] (Lenovo Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Nsdfltr.sys -- (Nsdfltr)
DRV:64bit: - [2011/12/15 21:04:02 | 000,411,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/12/06 07:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/05 12:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/12/05 12:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/02 01:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/14 23:12:10 | 000,111,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/11/09 13:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/10 03:56:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/10 03:56:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/06 11:28:38 | 008,208,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2011/08/24 22:21:00 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/01/29 02:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2009/07/21 17:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://rocket-find.c...=1080624742&ir=
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.c...=1080624742&ir=
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...NN_enUS486US486
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.co...NN_enUS486US486
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@alternatiff.com/AlternaTIFF: C:\Program Files\MIE\AlternaTIFF\npatif64.dll (Medical Informatics Engineering, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Thiyagi\AppData\LocalLow\Sony Online Entertainment\npsoe.dll File not found
FF - HKCU\Software\MozillaPlugins\media.mit.edu/ScratchDevicePlugin: C:\Users\Thiyagi\AppData\Roaming\MITMediaLab\Scratch Device Plugin\1.0.0.0\npScratchDevicePlugin.dll (MIT Media Lab)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/07/18 22:54:16 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Virtual Account Numbers [2014/05/17 06:04:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/29 09:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/29 09:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/29 09:12:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/29 09:12:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/29 09:12:30 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Translate = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Kaspersky Protection = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa\3.1.0.122_0\
CHR - Extension: YouTube = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: eBay = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\2.0.0_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0\
CHR - Extension: Google News = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc\3.0_0\
CHR - Extension: Google Tasks (by Google) = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: Timer = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd\1.8.0.4_0\
CHR - Extension: Google Calendar = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Google Finance = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: Craigslist = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdhaeeonmpmichefmfkgnacphnkpdbb\1.3_0\
CHR - Extension: Full Screen Weather = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: AdBlock = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.8_0\
CHR - Extension: AdBlock = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.9_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.4.7.2_0\
CHR - Extension: Yahoo! Mail = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhmflokkipfgcajmajneeebfjhkidlo\2.1_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Scholar search = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoheikkcfcbplmldmgogdooknbbbcnf\1.2_0\
CHR - Extension: Yet Another Google Bookmarks Extension = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnejaepfmacfdmhkplckpfdcjgbeode\2.0.3_0\
CHR - Extension: Instructables All Steps = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdienlhmljjenacnoefndffppmdmdll\2.0_0\
CHR - Extension: Google Play = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: India Rail Info = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgcaihcaldinjhbbkbjhfibpplmfkgik\4.145_0\
CHR - Extension: Picasa Extension (by Google) = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhlohbbihddnfcehbijmlnpkafmmkfp\0.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: Google Maps = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Dragon NaturallySpeaking Rich Internet Application Support = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0\
CHR - Extension: Google Play Books = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.10_0\
CHR - Extension: Wikipedia = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjmmmgjohbjkgopkiceapjefmaidibl\1.2_0\
CHR - Extension: QR Code Generator = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanmadekhdoofgmhichkcjlgiofmofbl\1.0.0.5_0\
CHR - Extension: Google Wallet = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll (Nuance Communications, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Dell 1355 MFP Launcher] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe ()
O4 - HKLM..\Run: [Dell 1355 MFP RUN] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe (Dell)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Intelligent Touchpad] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe ()
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe ( )
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RUNUPDATER] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe (Dell Inc.)
O4 - HKLM..\Run: [StatusAutoRun] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe (Dell Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [Virtual Account Numbers] C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [eyeBeam SIP Client] C:\Program Files (x86)\CounterPath\eyeBeam 1.5\eyeBeam.exe ()
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_A6887837C6737F3E967A0AC35E152386] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
O4 - Startup: C:\Users\Thiyagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thiyagi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Thiyagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32E09866-1323-4D2E-9D93-98BE5B42DD29}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{381b7403-ae87-11e3-9b53-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{381b7403-ae87-11e3-9b53-001e101f8924}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5f0bae02-43d5-11e2-b10b-e6aed2964203}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0bae02-43d5-11e2-b10b-e6aed2964203}\Shell\AutoRun\command - "" = Iomega Encryption Utility.exe
O33 - MountPoints2\{db13cbcd-84a0-11e3-875e-446d5785cb5f}\Shell - "" = AutoRun
O33 - MountPoints2\{db13cbcd-84a0-11e3-875e-446d5785cb5f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/30 12:33:49 | 000,000,000 | ---D | C] -- C:\FRST
[2014/07/26 12:30:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/07/23 19:31:24 | 000,000,000 | ---D | C] -- C:\Users\Thiyagi\AppData\Roaming\RocketUpdater
[2014/07/23 19:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/07/23 19:30:34 | 000,000,000 | ---D | C] -- C:\Users\Thiyagi\AppData\Roaming\Systweak
[2014/07/23 17:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TradeStation Archives
[2014/07/23 17:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014/07/23 17:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeStation 9.5
[2014/07/23 17:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TradeStation 9.5
[2014/07/23 17:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014/07/22 22:29:01 | 000,000,000 | ---D | C] -- C:\Users\Thiyagi\AppData\Roaming\com.zoosk.Desktop
[2014/07/22 22:28:55 | 000,000,000 | ---D | C] -- C:\Users\Thiyagi\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2014/07/22 22:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZooskMessenger
[2014/07/22 22:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/07/13 20:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/07/09 13:57:48 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/07/09 13:57:38 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/07/09 13:57:38 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/07/09 13:57:38 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/07/07 20:14:38 | 000,000,000 | ---D | C] -- C:\Users\Thiyagi\AppData\Roaming\MITMediaLab
[2014/07/07 08:31:56 | 000,000,000 | R--D | C] -- C:\Users\Thiyagi\Documents\Scanned Documents
[2014/07/07 08:31:54 | 000,000,000 | ---D | C] -- C:\Users\Thiyagi\Documents\Fax
[1 C:\Users\Thiyagi\*.tmp files -> C:\Users\Thiyagi\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/30 19:31:07 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Rocket Updater.job
[2014/07/30 19:18:33 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/30 19:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/30 14:31:31 | 000,000,047 | ---- | M] () -- C:\Users\Thiyagi\AppData\Roaming\WB.CFG
[2014/07/30 10:53:43 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/30 10:53:43 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/30 10:47:07 | 000,001,010 | ---- | M] () -- C:\Users\Thiyagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2014/07/30 10:46:09 | 000,647,870 | ---- | M] () -- C:\Windows\SysNative\fastboot.set
[2014/07/30 10:44:13 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/30 10:43:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/30 10:42:52 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/30 10:34:50 | 000,786,558 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/30 10:34:50 | 000,665,576 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/30 10:34:50 | 000,123,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/26 05:55:16 | 000,000,606 | ---- | M] () -- C:\Windows\tasks\TradeStation Backup - Monthly.job
[2014/07/23 17:22:41 | 000,002,022 | ---- | M] () -- C:\Users\Thiyagi\Application Data\Microsoft\Internet Explorer\Quick Launch\TradeStation 9.5.lnk
[2014/07/23 17:22:41 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\TradeStation 9.5.lnk
[2014/07/23 15:42:38 | 000,001,069 | ---- | M] () -- C:\Users\Thiyagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/07/23 15:42:17 | 000,001,041 | ---- | M] () -- C:\Users\Thiyagi\Desktop\Dropbox.lnk
[2014/07/23 10:42:41 | 000,467,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/19 07:59:52 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/16 16:43:14 | 000,020,280 | ---- | M] () -- C:\Windows\SysNative\roboot64.exe
[2014/07/13 20:57:24 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/07/10 08:42:19 | 000,002,026 | -H-- | M] () -- C:\Users\Thiyagi\Documents\Default.rdp
[2014/07/09 10:16:32 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/09 10:16:32 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/08 19:33:02 | 003,943,128 | ---- | M] (MetaQuotes Software Corp.) -- C:\Windows\SysNative\MetaViewer64.dll
[2014/07/02 01:29:10 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/07/02 01:21:20 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/07/02 01:21:12 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/07/02 01:20:42 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[1 C:\Users\Thiyagi\*.tmp files -> C:\Users\Thiyagi\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/30 14:31:31 | 000,000,047 | ---- | C] () -- C:\Users\Thiyagi\AppData\Roaming\WB.CFG
[2014/07/23 19:31:24 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\Rocket Updater.job
[2014/07/23 19:30:29 | 000,020,280 | ---- | C] () -- C:\Windows\SysNative\roboot64.exe
[2014/07/23 18:27:37 | 000,000,606 | ---- | C] () -- C:\Windows\tasks\TradeStation Backup - Monthly.job
[2014/07/23 17:22:41 | 000,002,022 | ---- | C] () -- C:\Users\Thiyagi\Application Data\Microsoft\Internet Explorer\Quick Launch\TradeStation 9.5.lnk
[2014/07/23 17:22:41 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\TradeStation 9.5.lnk
[2014/07/22 22:28:55 | 000,001,010 | ---- | C] () -- C:\Users\Thiyagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2014/07/22 22:28:46 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZooskMessenger.lnk
[2014/07/13 20:57:24 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/07/13 20:57:24 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/05/13 10:33:07 | 000,000,320 | ---- | C] () -- C:\Users\Thiyagi\AppData\Roaming\SEC2785036.trad
[2014/01/23 22:49:02 | 000,000,218 | ---- | C] () -- C:\Users\Thiyagi\.recently-used.xbel
[2013/12/22 11:44:59 | 000,014,938 | ---- | C] () -- C:\Users\Thiyagi\AppData\Roaming\ekiga.conf
[2013/08/29 19:43:04 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2013/08/18 18:06:51 | 000,000,008 | RH-- | C] () -- C:\Users\Thiyagi\hwid
[2013/04/25 07:50:25 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/04/07 09:22:51 | 000,000,920 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/02/14 09:17:31 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\dlnafJBF.DLL
[2012/07/10 19:25:02 | 000,017,408 | ---- | C] () -- C:\Users\Thiyagi\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
==================
 
Please help. Thank you.

 

 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hi :) There was another log produced when you ran OTL for the first time called. Extras.txt. It will be located in the same place as where you ran OTL from. In this case here: C:\Users\Thiyagi\Downloads Please post that log in your next reply. Also, please move OTL.exe from the C:\Users\Thiyagi\Downloads directory to your desktop. It runs better from there.

I'm not seeing a lot in the logs, but we'll run some further scans once we get rid of the few items that I do see. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg



:Commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://rocket-find.c...=1080624742&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.c...=1080624742&ir=
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Thiyagi\AppData\LocalLow\Sony Online Entertainment\npsoe.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
[2014/07/23 19:31:24 | 000,000,000 | ---D | C] -- C:\Users\Thiyagi\AppData\Roaming\RocketUpdater
[2014/07/23 19:31:24 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\Rocket Updater.job

:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 2: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Fresh OTL Scan
  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.
Things I need to see in your next post:

Extras.txt (From the first OTL scan)

Junkware Removal Tool Log

AdwCleaner Log

OTL Quick Scan Log

  • 0

#3
showup

showup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here are the outputs:

 

Extras.txt (From the first OTL scan)
============================

OTL Extras logfile created on: 7/30/2014 7:26:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thiyagi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 3.34 Gb Available Physical Memory | 42.30% Memory free
15.81 Gb Paging File | 9.80 Gb Available in Paging File | 61.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 886.32 Gb Total Space | 669.60 Gb Free Space | 75.55% Space Free | Partition Type: NTFS
Drive D: | 25.47 Gb Total Space | 21.09 Gb Free Space | 82.79% Space Free | Partition Type: NTFS
 
Computer Name: THIYAGI_LENOVO | User Name: Thiyagi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AC58A9F-FC9B-4889-A69F-A785C1F3B1FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0DBF0E77-F0B4-4CD7-AE6E-42C5CAD037F0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{21A50B31-318E-4BB7-BC42-F6205F42A341}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{29F4226C-50DD-42FB-A08F-8134D979197F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2DD37F66-6732-46A3-B61A-26014F00ED1A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{352D8449-9069-40B7-BDE1-47A49B42E56A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39E727BC-995D-4CE1-8770-94353B6450BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E19B0F5-42BF-4489-B865-122FFB0D9F10}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{3F72F3DF-774C-4C13-9873-D75D344977F9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{4D740E77-A0B1-43B5-B977-2E9E52FDAB26}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5974311E-3984-478E-90E2-0673E839F98D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{6C3030F5-B804-4D4B-93F0-70B06B898505}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78029185-E056-48B7-9DBA-069255B2B24D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{796D68D9-8EEC-455C-A804-1CEDC5EAD8CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7B59D1F1-61C3-4966-9032-1712C3C6EE55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7D36A084-F454-41D3-8618-84A3A163C604}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8A961225-7194-4661-8588-2661F5FEDDFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8E62D45E-1974-4D0B-B3E9-D3833862E1F7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A44CBCE5-75EB-4AB8-AC59-FCAA2C4AA9EF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A456A6A2-4606-4521-BB22-D73327B8344D}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{A8B0658D-440C-4E16-A265-55C8CB8F7077}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AE6FFC85-D018-4C02-9777-730A927255B0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B8CBEBB1-DAF6-4A4D-912F-E2CDEA56F914}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C0FF4843-6BA8-48BA-AADD-2A5DD4E013B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C21EC836-54EE-49A2-8563-04CA9467B8D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{CC99F908-B1AB-471E-858D-BA5EFE127454}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CCE5FA19-BFE2-43B3-A037-B60AE68091EA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CF638D95-03B7-4793-84ED-EB93B9F50B23}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D095A106-51A4-4B50-BB24-7FDD5D7EA014}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D2423D27-646E-43B5-952C-D0550ADD131D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D3524B27-1D60-4A4E-AF63-CB9B10157329}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D9B5152B-F187-4BC3-ABED-F3B21FEEA8A3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DAF302DF-04A9-4C3D-A3DC-76A700279515}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2F814BB-1FF4-4313-B6BE-51C837E0536D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED724BF4-74E5-451E-B9FE-6EE6D7AA212D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F5F9B03A-2B0E-4151-8F32-D0E08B13682A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016B081F-23D5-4992-A856-D3188E600C0F}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{119D40F8-FE98-43B5-8AE2-E8249A095E1A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{119F1477-A0E9-413B-A6EA-8A059812059C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{15438ED0-463B-4B7C-AE66-641B99EA0F67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1CCE5776-E9C7-4E04-935F-82D7344DB970}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{2AEB34F8-550A-43CF-8158-BD29B0322F3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F2243A8-75C5-4762-A5E3-35DE9CA847C9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{30E0A130-51FD-4417-8EE1-201C2230F76A}" = protocol=58 | dir=in | [email protected],-28545 | 
"{34FBBAEA-31EE-4BF0-AD6F-AC687AE89557}" = protocol=58 | dir=out | [email protected],-28546 | 
"{423CD32B-C0A5-429B-AC1B-DBE5FBF81554}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{46CEBAF9-4A85-487D-BA34-C72F7A754018}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B97338E-21C9-4392-8A60-EA6977628D6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{51F9CFD7-2B0B-4525-B39D-ED556507C1AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{54C81452-4AFA-4FA4-8B31-36635CF17E46}" = protocol=6 | dir=out | app=system | 
"{690CA9D8-176F-42E7-9042-7BC329789B49}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{73C73381-D7A3-4341-9653-B4E15E1F8DC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{744FDFDA-8812-430D-A5BF-D72481794D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{79BC7844-D0A0-49CD-A6FD-0E27A72B3363}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{7D3665EE-E005-4AAB-81DA-B48EE96443B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7EB5DE6F-606B-4878-991C-E4F9722ADFD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{920F513D-FC21-4506-9356-22E72C4EEDAE}" = protocol=1 | dir=in | [email protected],-28543 | 
"{9F0A90A5-D539-47F0-93B3-F64A1CBCF6A2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{AB3B1064-1AD0-4A0C-9C5A-0243D0624175}" = protocol=17 | dir=in | app=c:\users\thiyagi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AF4DFD18-5EC9-43D3-A426-4E9BCB45EC66}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B6E49350-491A-4F7B-9DC3-F284FCB2B41C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{BBF843F7-9156-4890-9E17-96321F27C24A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{BF2CA02F-01A7-4C01-827F-0AF45520E9B8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{BFEDBC3E-1D92-4C92-B0C7-090A144FA5F8}" = protocol=6 | dir=in | app=c:\program files\liquidity connection\metatester64.exe | 
"{C5F6973E-AC58-4859-8BA4-D3BD405DDE3B}" = protocol=17 | dir=in | app=c:\users\thiyagi\appdata\roaming\bittorrent\bittorrent.exe | 
"{D0CE126D-9EFB-48B5-8F6A-25D17057D719}" = protocol=1 | dir=out | [email protected],-28544 | 
"{D1F14046-8ED6-4660-8081-5B52166A293E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{D403A0B4-EBFC-4CE7-8A53-F3FF7F3D22B1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D6291FF6-B6A3-4308-82A4-30A4AEFB4012}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DDE27DE0-0EB7-4B7D-B6F4-B4C72D8D6028}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E019F3FF-9DC6-4567-B269-E2CAE7D69633}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8463313-1428-49D1-9EE9-DFC34201ED36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EE78A2FE-F9E9-431E-B970-31FA8857B0D6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{EF347EDC-144F-4844-8849-E7D34E0D69FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F25F7182-58AF-44D1-AFCC-F885F08B3D13}" = protocol=6 | dir=in | app=c:\users\thiyagi\appdata\roaming\bittorrent\bittorrent.exe | 
"{FA935E5A-67CE-4084-B750-5CBEF345C8EE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FFA8440C-AA45-48A6-BD72-EAB53627FFA8}" = protocol=6 | dir=in | app=c:\users\thiyagi\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{0C09614F-091F-4B95-9463-C9BB695748E1}C:\program files\trade-commander\mtibbridge2\mtibbridge2.exe" = protocol=6 | dir=in | app=c:\program files\trade-commander\mtibbridge2\mtibbridge2.exe | 
"TCP Query User{20BCA64E-312E-4C38-BC95-63BF9F7910DE}C:\program files (x86)\counterpath\eyebeam 1.5\eyebeam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counterpath\eyebeam 1.5\eyebeam.exe | 
"TCP Query User{41801FF5-B8DB-4FF2-BCCD-0A5359C9E159}C:\program files (x86)\ekiga\ekiga\ekiga.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ekiga\ekiga\ekiga.exe | 
"TCP Query User{4A81D80C-F3FA-4CEC-B230-4860E0B7221A}C:\users\thiyagi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thiyagi\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{4D7061E1-DD34-49E9-A0BE-80BB2B905661}C:\program files (x86)\ekiga\ekiga.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe | 
"TCP Query User{749EB083-549E-43B9-B962-D6C9FD59A45B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{76BE58FB-96E1-4EDE-B99E-828D2C321A82}C:\program files (x86)\ekiga\ekiga.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe | 
"TCP Query User{942821ED-ED29-4E0C-A227-81D72BAA1FF2}C:\program files (x86)\r.g. mechanics\prince of persia - the forgotten sands\prince of persia.exe" = protocol=6 | dir=in | app=c:\program files (x86)\r.g. mechanics\prince of persia - the forgotten sands\prince of persia.exe | 
"TCP Query User{B56007C2-3F89-4CC6-BC94-68676B23A84F}C:\program files (x86)\counterpath\eyebeam 1.5\eyebeam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counterpath\eyebeam 1.5\eyebeam.exe | 
"TCP Query User{D1031690-C058-4B7B-96ED-C452E2D37C73}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{DD3B4794-DC8D-4381-A673-D6D5FB8DC722}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{EE72B8DD-7571-4519-8DAB-463D7C5CD475}C:\program files\trade-commander\mtibbridge2\mtibbridge2.exe" = protocol=6 | dir=in | app=c:\program files\trade-commander\mtibbridge2\mtibbridge2.exe | 
"TCP Query User{F1157292-6251-42BE-A83C-8B99A2665423}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{0443FA91-F75B-4731-94A3-D8056EDD8CF9}C:\program files\trade-commander\mtibbridge2\mtibbridge2.exe" = protocol=17 | dir=in | app=c:\program files\trade-commander\mtibbridge2\mtibbridge2.exe | 
"UDP Query User{154C7F97-45A4-435A-86BE-704D727611E9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{16ED4D0F-CC7E-4402-80A3-D3618175968A}C:\program files (x86)\r.g. mechanics\prince of persia - the forgotten sands\prince of persia.exe" = protocol=17 | dir=in | app=c:\program files (x86)\r.g. mechanics\prince of persia - the forgotten sands\prince of persia.exe | 
"UDP Query User{1F7D56F9-A15E-49D5-B3D0-E0F5B8D92903}C:\program files (x86)\ekiga\ekiga\ekiga.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ekiga\ekiga\ekiga.exe | 
"UDP Query User{1FB24D10-3806-4953-880F-DABBA5976726}C:\users\thiyagi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thiyagi\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{2F3AA12A-DE80-4E1C-82AE-E92B2629D75A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{3CDAAB11-E6F6-4235-87D2-3FA1BFF45225}C:\program files\trade-commander\mtibbridge2\mtibbridge2.exe" = protocol=17 | dir=in | app=c:\program files\trade-commander\mtibbridge2\mtibbridge2.exe | 
"UDP Query User{4C532CC2-B47D-4973-98B7-9FD0725EBEE1}C:\program files (x86)\ekiga\ekiga.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe | 
"UDP Query User{51243572-E4E8-4ED0-8426-EC6B2AF72843}C:\program files (x86)\ekiga\ekiga.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe | 
"UDP Query User{88B212A5-7839-4017-9F9A-F4F1CE54ABA3}C:\program files (x86)\counterpath\eyebeam 1.5\eyebeam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counterpath\eyebeam 1.5\eyebeam.exe | 
"UDP Query User{9EDBE04D-E76B-42A4-88D8-BD570F3970CA}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{AD073F6C-E6C4-4F82-8A72-7104E5C242BA}C:\program files (x86)\counterpath\eyebeam 1.5\eyebeam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counterpath\eyebeam 1.5\eyebeam.exe | 
"UDP Query User{B5CEC2E7-302C-4C16-A457-A99A01F18FF4}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java™ 7 Update 4 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
"{4169B8AC-D144-4E38-A9CA-637EA44129ED}" = Intel® Wireless Music device driver
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)
"CutePDF Writer Installation" = CutePDF Writer 3.0
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.8.5 (64-bit)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Matlab R2012a" = MATLAB R2012a
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12F88D4F-B525-4F01-BD5E-522D81F049AF}" = PaulVoice
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{332AC836-8F44-4943-95D8-EC9BB6590E89}" = Nuance PaperPort 12
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3AB18A98-082D-41A1-B269-7FA8AD3AA30C}" = Garmin Express Tray
"{3ACA2514-480B-4774-B986-AE4546B00381}" = KateVoice
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}" = Nsd
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6f60b921-2ae3-43fe-a6fb-ad849bd91451}" = Garmin Express
"{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7BDAA30C-451E-4668-8DEA-0E74C699DF90}" = Virtual Account Numbers
"{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}" = Intel® WiDi
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}" = EndNote X6
"{8B8E4A64-D730-4AEE-9048-FB8FA71A27B4}" = MultiCharts Discretionary Trader
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411DC9-B8B8-45F3-B688-073BF4B59094}" = Virtual Account Numbers
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"{B3931BE3-3189-4A07-833C-50527AC4F2F4}" = Garmin Express
"{B99690D5-0BD4-403B-98D9-D0E997239454}" = NaturalReaderFree
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CDAC27E7-CCAB-44E2-BDEA-18A51ABEC743}_is1" = Astro-Vision LifeSign Mini version 1.0.1.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12
"{DD677DA4-6AA6-435F-A78A-B28452584048}_is1" = Tickstory Lite version 1.5
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}" = Virtual Account Numbers
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E02A3EE0-1193-454C-8E59-BDFCE6EC7B22}" = TradeStation 9.5
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{E2850224-7D12-62C9-C148-9D7E7AADC47F}" = Zoosk Messenger
"{E6BDB218-A4A7-4312-B3D2-95029B3A5C46}" = Dell 1355cn/1355cnw Color MFP
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC00862A-C16F-4ED0-BC06-34538512E730}" = Nuance PDF Viewer Plus
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E9C364-0DFD-434B-AF0D-3F5D095B3F8F}" = Elevated Installer
"{F3D0350D-185A-457B-B4E8-5C2A57A44638}" = Scratch Device Plugin
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9A113B7-BBB0-4388-9BAB-934C698D7419}" = Virtual Account Numbers
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Arduino" = Arduino
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"Convert Audio Free FLAC to MP3_is1" = Convert Audio Free FLAC to MP3 version 1.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"eyeBeam_is1" = eyeBeam 1.5.7
"Gnaural_is1" = Gnaural ver. 1.0.20110606
"Google Chrome" = Google Chrome
"ImageJ_is1" = ImageJ 1.45s
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{E6BDB218-A4A7-4312-B3D2-95029B3A5C46}" = Dell 1355cn/1355cnw Color MFP
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.8.5 (Full)
"MetaTrader 4" = MetaTrader 4
"MRC - MetaTrader 4" = MRC - MetaTrader 4
"MultiCharts Discretionary Trader" = MultiCharts Discretionary Trader
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"sPhantom Auto Trader" = sPhantom Auto Trader
"TeamViewer 9" = TeamViewer 9
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Dropbox" = Dropbox
"SOE Web Installer" = SOE Web Installer
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/11/2014 11:51:07 PM | Computer Name = Thiyagi_Lenovo | Source = NSDSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
 Code is:0x422.).
 
Error - 3/11/2014 11:51:07 PM | Computer Name = Thiyagi_Lenovo | Source = NSDSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
 The Code is:0x424.).
 
Error - 3/11/2014 11:51:07 PM | Computer Name = Thiyagi_Lenovo | Source = NSDSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
 Code is:0x422.).
 
Error - 3/11/2014 11:51:07 PM | Computer Name = Thiyagi_Lenovo | Source = NSDSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
 The Code is:0x424.).
 
Error - 3/11/2014 11:51:07 PM | Computer Name = Thiyagi_Lenovo | Source = NSDSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
 Code is:0x422.).
 
Error - 3/11/2014 11:51:07 PM | Computer Name = Thiyagi_Lenovo | Source = NSDSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
 The Code is:0x424.).
 
Error - 3/11/2014 11:51:07 PM | Computer Name = Thiyagi_Lenovo | Source = NSDSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
 Code is:0x422.).
 
Error - 3/11/2014 11:51:07 PM | Computer Name = Thiyagi_Lenovo | Source = NSDSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
 The Code is:0x424.).
 
Error - 3/11/2014 11:51:07 PM | Computer Name = Thiyagi_Lenovo | Source = NSDSvc | ID = 131328
Description = An error has occurred (---Get Poicy Open key suc failed with 0, The
 Code is:0x422.).
 
Error - 3/11/2014 11:51:07 PM | Computer Name = Thiyagi_Lenovo | Source = NSDSvc | ID = 131328
Description = An error has occurred (---query POLICYVT key success failed with 0,
 The Code is:0x424.).
 
Error - 3/11/2014 11:54:33 PM | Computer Name = Thiyagi_Lenovo | Source = Application Hang | ID = 1002
Description = The program eyeBeam.exe version 1.5.7.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1730    Start Time:
 01cf3da6810eaea2    Termination Time: 7    Application Path: C:\Program Files (x86)\CounterPath\eyeBeam
 1.5\eyeBeam.exe    Report Id: f28b8413-a999-11e3-8f50-446d5785cb5f  
 
[ System Events ]
Error - 7/30/2014 10:38:08 AM | Computer Name = Thiyagi_Lenovo | Source = DCOM | ID = 10005
Description = 
 
Error - 7/30/2014 10:38:08 AM | Computer Name = Thiyagi_Lenovo | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 7/30/2014 10:38:08 AM | Computer Name = Thiyagi_Lenovo | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 7/30/2014 10:38:08 AM | Computer Name = Thiyagi_Lenovo | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 7/30/2014 10:38:08 AM | Computer Name = Thiyagi_Lenovo | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 7/30/2014 10:38:08 AM | Computer Name = Thiyagi_Lenovo | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 7/30/2014 10:38:08 AM | Computer Name = Thiyagi_Lenovo | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 7/30/2014 10:44:16 AM | Computer Name = Thiyagi_Lenovo | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 7/30/2014 10:44:16 AM | Computer Name = Thiyagi_Lenovo | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 7/30/2014 10:44:59 AM | Computer Name = Thiyagi_Lenovo | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
   %%5
 
 
< End of report >
 

Junkware Removal Tool Log

======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Thiyagi on Sat 08/02/2014 at  7:11:02.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\kt_bho_dll.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\kt_bho.kettlebho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\kt_bho.kettlebho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Users\Thiyagi\AppData\Roaming\systweak"
Successfully deleted: [Empty Folder] C:\Users\Thiyagi\appdata\local\{323D2866-4DBB-4046-ABF7-203D98A73752}
Successfully deleted: [Empty Folder] C:\Users\Thiyagi\appdata\local\{FA383959-D071-4AA2-B824-EF893C2F6614}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/02/2014 at  7:26:13.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
AdwCleaner Log
=============

# AdwCleaner v3.302 - Report created 02/08/2014 at 07:58:26
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Thiyagi - THIYAGI_LENOVO
# Running from : C:\Users\Thiyagi\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : Partner Service
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Windows\util
File Deleted : C:\Windows\System32\roboot64.exe
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : ASP
Task Deleted : Rocket Updater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\RocketUpdater
Key Deleted : HKLM\Software\PIP
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.newscientist.com/search?query={searchTerms}&doSearch=true
 
*************************
 
AdwCleaner[R0].txt - [2548 octets] - [02/08/2014 07:52:52]
AdwCleaner[S0].txt - [2583 octets] - [02/08/2014 07:58:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2643 octets] ##########
 
 
OTL Quick Scan Log
================

OTL logfile created on: 8/2/2014 8:07:43 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thiyagi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 5.05 Gb Available Physical Memory | 63.94% Memory free
15.81 Gb Paging File | 12.34 Gb Available in Paging File | 78.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 886.32 Gb Total Space | 673.41 Gb Free Space | 75.98% Space Free | Partition Type: NTFS
Drive D: | 25.47 Gb Total Space | 21.09 Gb Free Space | 82.79% Space Free | Partition Type: NTFS
 
Computer Name: THIYAGI_LENOVO | User Name: Thiyagi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/30 19:24:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thiyagi\Desktop\OTL.exe
PRC - [2014/07/22 22:28:30 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
PRC - [2014/07/21 17:02:50 | 035,464,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thiyagi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/07/15 05:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/07/02 05:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/06/07 16:30:31 | 000,874,144 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
PRC - [2014/05/27 17:15:44 | 000,118,056 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2014/03/26 11:00:06 | 001,004,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2014/03/26 11:00:06 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2014/02/07 16:51:58 | 000,435,712 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
PRC - [2014/01/07 08:44:00 | 000,148,480 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2013/11/08 16:14:26 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/18 23:07:06 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2012/05/21 02:51:24 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012/05/21 02:49:36 | 000,099,680 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2012/03/11 20:59:30 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/28 05:20:02 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/28 05:19:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/28 05:19:46 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/12/08 14:12:40 | 000,291,272 | ---- | M] () -- C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
PRC - [2011/11/29 23:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 23:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/10/13 00:11:34 | 002,068,856 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2011/10/13 00:11:32 | 001,446,264 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2011/08/25 23:43:44 | 000,337,776 | ---- | M] ( ) -- C:\Program Files (x86)\LockKey\LockKey.exe
PRC - [2011/01/29 02:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/11/20 23:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/09/29 11:41:00 | 000,465,728 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe
PRC - [2010/06/15 00:11:48 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe
PRC - [2010/06/15 00:10:00 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/03/05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfPro5Hook.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/02 08:05:53 | 000,043,008 | ---- | M] () -- c:\Users\Thiyagi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9ll_ps.dll
MOD - [2014/07/22 22:28:30 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
MOD - [2014/07/22 22:26:14 | 004,792,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2014/07/21 16:53:38 | 003,610,624 | ---- | M] () -- C:\Users\Thiyagi\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/07/15 05:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 05:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 05:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 05:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 05:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2014/05/18 16:28:37 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6b81a58601cb555dd9e63bc05557751b\IAStorUtil.ni.dll
MOD - [2014/05/18 15:59:55 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/05/18 15:58:55 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/03/05 03:36:11 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/03/04 12:02:42 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/03/04 12:01:57 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014/03/04 12:01:21 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/03/03 10:26:12 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/03/03 10:25:46 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/03/03 10:25:46 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/03/03 10:25:43 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/03/03 10:25:35 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/03/03 10:25:34 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/03/03 10:25:32 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/03/03 10:25:32 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/03/03 10:25:29 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/03/03 10:25:28 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/03/03 10:25:27 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/03/03 10:25:17 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/13 07:17:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33f1f62a80540af6dba6af268692c041\IAStorCommon.ni.dll
MOD - [2014/02/12 09:28:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 09:28:18 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 09:28:01 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 09:27:53 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 09:27:48 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 09:27:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 09:27:36 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/07 08:40:42 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\Virtual Account Numbers\VANRes.dll
MOD - [2013/10/18 19:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Thiyagi\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/06/17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
MOD - [2012/05/21 02:51:24 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012/05/21 02:49:36 | 000,099,680 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011/12/08 14:12:40 | 000,291,272 | ---- | M] () -- C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
MOD - [2011/06/02 16:58:18 | 000,132,448 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011/06/02 16:57:44 | 000,161,120 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/31 19:17:48 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/03 01:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/02/01 21:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/12/23 21:51:22 | 000,120,160 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Windows\SysNative\NSDSvc.exe -- (NSDSvc)
SRV:64bit: - [2011/12/08 13:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011/12/08 13:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/08 13:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/12/08 13:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/12/05 12:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/12/05 11:55:36 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/07/31 19:17:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/07/09 10:16:33 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/02 05:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/05/27 17:15:44 | 000,118,056 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2014/03/26 11:00:06 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2013/11/08 16:14:26 | 000,250,712 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/30 15:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/18 23:07:06 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2012/03/02 17:48:54 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/28 05:20:02 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/28 05:19:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/28 05:19:46 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 23:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/28 11:32:46 | 000,090,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe -- (DLNADB)
SRV - [2010/06/15 00:10:00 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/01 05:08:24 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2014/03/26 11:00:02 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2014/03/26 11:00:00 | 000,625,248 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/03/26 11:00:00 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2014/03/26 11:00:00 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014/03/26 11:00:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2014/03/26 11:00:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013/08/28 21:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013/05/14 17:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2012/08/30 15:14:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/06/01 18:18:04 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/21 02:53:02 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012/05/21 02:53:02 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012/05/21 02:52:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/05/21 02:52:34 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/04/13 10:05:16 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2012/04/13 10:05:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2012/03/11 20:59:32 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/03/11 20:59:32 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/03/11 20:59:32 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/17 13:28:54 | 014,692,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/02/01 23:07:18 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012/02/01 23:07:18 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012/02/01 23:07:12 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/02/01 23:07:12 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/02/01 23:07:12 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012/02/01 23:07:12 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/01/27 13:00:28 | 000,109,056 | ---- | M] (Ozmo Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hswpan.sys -- (hswpan)
DRV:64bit: - [2012/01/26 21:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/01/26 21:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/23 20:45:50 | 000,024,160 | ---- | M] (Lenovo Corporation") [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nsd.sys -- (NSD)
DRV:64bit: - [2011/12/22 00:57:42 | 000,059,488 | ---- | M] (Lenovo Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Nsdfltr.sys -- (Nsdfltr)
DRV:64bit: - [2011/12/15 21:04:02 | 000,411,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/12/06 07:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/05 12:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/12/05 12:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/02 01:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/11/29 22:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/14 23:12:10 | 000,111,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/11/09 13:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/10 03:56:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/10 03:56:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/06 11:28:38 | 008,208,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2011/08/24 22:21:00 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/01/29 02:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2009/07/21 17:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...NN_enUS486US486
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@alternatiff.com/AlternaTIFF: C:\Program Files\MIE\AlternaTIFF\npatif64.dll (Medical Informatics Engineering, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\media.mit.edu/ScratchDevicePlugin: C:\Users\Thiyagi\AppData\Roaming\MITMediaLab\Scratch Device Plugin\1.0.0.0\npScratchDevicePlugin.dll (MIT Media Lab)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/07/18 22:54:16 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Virtual Account Numbers [2014/05/17 06:04:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/29 09:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/29 09:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/29 09:12:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/29 09:12:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/07/29 09:12:30 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Translate = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Kaspersky Protection = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa\3.1.0.122_0\
CHR - Extension: YouTube = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: eBay = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\2.0.0_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0\
CHR - Extension: Google News = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc\3.0_0\
CHR - Extension: Google Tasks (by Google) = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: Timer = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd\1.8.0.4_0\
CHR - Extension: Google Calendar = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Google Finance = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: Craigslist = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdhaeeonmpmichefmfkgnacphnkpdbb\1.3_0\
CHR - Extension: Full Screen Weather = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: AdBlock = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.9_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.4.7.2_0\
CHR - Extension: Yahoo! Mail = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhmflokkipfgcajmajneeebfjhkidlo\2.1_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Scholar search = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaoheikkcfcbplmldmgogdooknbbbcnf\1.2_0\
CHR - Extension: Yet Another Google Bookmarks Extension = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnejaepfmacfdmhkplckpfdcjgbeode\2.0.3_0\
CHR - Extension: Instructables All Steps = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdienlhmljjenacnoefndffppmdmdll\2.0_0\
CHR - Extension: Google Play = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: India Rail Info = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgcaihcaldinjhbbkbjhfibpplmfkgik\4.145_0\
CHR - Extension: Picasa Extension (by Google) = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhlohbbihddnfcehbijmlnpkafmmkfp\0.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: Google Maps = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Dragon NaturallySpeaking Rich Internet Application Support = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0\
CHR - Extension: Google Play Books = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.10_0\
CHR - Extension: Wikipedia = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjmmmgjohbjkgopkiceapjefmaidibl\1.2_0\
CHR - Extension: QR Code Generator = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanmadekhdoofgmhichkcjlgiofmofbl\1.0.0.5_0\
CHR - Extension: Google Wallet = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0\
 
O1 HOSTS File: ([2014/08/02 06:51:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll (Nuance Communications, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell 1355 MFP Launcher] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe ()
O4 - HKLM..\Run: [Dell 1355 MFP RUN] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe (Dell)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Intelligent Touchpad] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe ()
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe ( )
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RUNUPDATER] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe (Dell Inc.)
O4 - HKLM..\Run: [StatusAutoRun] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe (Dell Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [Virtual Account Numbers] C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [eyeBeam SIP Client] C:\Program Files (x86)\CounterPath\eyeBeam 1.5\eyeBeam.exe ()
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_A6887837C6737F3E967A0AC35E152386] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
O4 - Startup: C:\Users\Thiyagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thiyagi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Thiyagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32E09866-1323-4D2E-9D93-98BE5B42DD29}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{381b7403-ae87-11e3-9b53-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{381b7403-ae87-11e3-9b53-001e101f8924}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5f0bae02-43d5-11e2-b10b-e6aed2964203}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0bae02-43d5-11e2-b10b-e6aed2964203}\Shell\AutoRun\command - "" = Iomega Encryption Utility.exe
O33 - MountPoints2\{db13cbcd-84a0-11e3-875e-446d5785cb5f}\Shell - "" = AutoRun
O33 - MountPoints2\{db13cbcd-84a0-11e3-875e-446d5785cb5f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/02 07:53:32 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/08/02 07:51:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/02 07:11:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/08/02 06:45:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/02 06:36:04 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Thiyagi\Desktop\JRT.exe
[2014/07/31 19:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/07/31 19:20:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2014/07/31 19:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2014/07/31 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/07/31 19:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2014/07/30 19:24:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thiyagi\Desktop\OTL.exe
[2014/07/30 12:33:49 | 000,000,000 | ---D | C] -- C:\FRST
[2014/07/23 17:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TradeStation Archives
[2014/07/23 17:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeStation 9.5
[2014/07/23 17:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TradeStation 9.5
[2014/07/23 17:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014/07/22 22:29:01 | 000,000,000 | ---D | C] -- C:\Users\Thiyagi\AppData\Roaming\com.zoosk.Desktop
[2014/07/22 22:28:55 | 000,000,000 | ---D | C] -- C:\Users\Thiyagi\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2014/07/22 22:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZooskMessenger
[2014/07/22 22:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/07/13 20:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/07/07 20:14:38 | 000,000,000 | ---D | C] -- C:\Users\Thiyagi\AppData\Roaming\MITMediaLab
[2014/07/07 08:31:56 | 000,000,000 | R--D | C] -- C:\Users\Thiyagi\Documents\Scanned Documents
[2014/07/07 08:31:54 | 000,000,000 | ---D | C] -- C:\Users\Thiyagi\Documents\Fax
[1 C:\Users\Thiyagi\*.tmp files -> C:\Users\Thiyagi\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/02 08:12:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/02 08:12:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/02 08:07:40 | 000,786,558 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/02 08:07:40 | 000,665,576 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/02 08:07:40 | 000,123,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/02 08:07:06 | 000,001,010 | ---- | M] () -- C:\Users\Thiyagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2014/08/02 08:03:20 | 000,650,232 | ---- | M] () -- C:\Windows\SysNative\fastboot.set
[2014/08/02 08:01:48 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/02 08:00:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/02 08:00:38 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/02 07:18:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/02 07:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/02 06:54:14 | 003,061,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/02 06:51:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/08/02 06:39:50 | 001,361,309 | ---- | M] () -- C:\Users\Thiyagi\Desktop\AdwCleaner.exe
[2014/08/02 06:36:20 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Thiyagi\Desktop\JRT.exe
[2014/08/02 00:01:17 | 000,000,606 | ---- | M] () -- C:\Windows\tasks\TradeStation Backup - Monthly.job
[2014/07/30 19:24:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thiyagi\Desktop\OTL.exe
[2014/07/30 14:31:31 | 000,000,047 | ---- | M] () -- C:\Users\Thiyagi\AppData\Roaming\WB.CFG
[2014/07/23 17:22:41 | 000,002,022 | ---- | M] () -- C:\Users\Thiyagi\Application Data\Microsoft\Internet Explorer\Quick Launch\TradeStation 9.5.lnk
[2014/07/23 17:22:41 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\TradeStation 9.5.lnk
[2014/07/23 15:42:38 | 000,001,069 | ---- | M] () -- C:\Users\Thiyagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/07/23 15:42:17 | 000,001,041 | ---- | M] () -- C:\Users\Thiyagi\Desktop\Dropbox.lnk
[2014/07/19 07:59:52 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/13 20:57:24 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/07/10 08:42:19 | 000,002,026 | -H-- | M] () -- C:\Users\Thiyagi\Documents\Default.rdp
[2014/07/08 19:33:02 | 003,943,128 | ---- | M] (MetaQuotes Software Corp.) -- C:\Windows\SysNative\MetaViewer64.dll
[1 C:\Users\Thiyagi\*.tmp files -> C:\Users\Thiyagi\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/02 06:39:39 | 001,361,309 | ---- | C] () -- C:\Users\Thiyagi\Desktop\AdwCleaner.exe
[2014/07/31 19:29:34 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4 (64 Bit).lnk
[2014/07/31 19:24:40 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
[2014/07/31 19:21:20 | 000,001,070 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2014/07/30 14:31:31 | 000,000,047 | ---- | C] () -- C:\Users\Thiyagi\AppData\Roaming\WB.CFG
[2014/07/23 18:27:37 | 000,000,606 | ---- | C] () -- C:\Windows\tasks\TradeStation Backup - Monthly.job
[2014/07/23 17:22:41 | 000,002,022 | ---- | C] () -- C:\Users\Thiyagi\Application Data\Microsoft\Internet Explorer\Quick Launch\TradeStation 9.5.lnk
[2014/07/23 17:22:41 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\TradeStation 9.5.lnk
[2014/07/22 22:28:55 | 000,001,010 | ---- | C] () -- C:\Users\Thiyagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2014/07/22 22:28:46 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZooskMessenger.lnk
[2014/07/13 20:57:24 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/07/13 20:57:24 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/05/13 10:33:07 | 000,000,320 | ---- | C] () -- C:\Users\Thiyagi\AppData\Roaming\SEC2785036.trad
[2014/01/23 22:49:02 | 000,000,218 | ---- | C] () -- C:\Users\Thiyagi\.recently-used.xbel
[2013/12/22 11:44:59 | 000,014,938 | ---- | C] () -- C:\Users\Thiyagi\AppData\Roaming\ekiga.conf
[2013/08/29 19:43:04 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2013/08/18 18:06:51 | 000,000,008 | RH-- | C] () -- C:\Users\Thiyagi\hwid
[2013/04/25 07:50:25 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/04/07 09:22:51 | 000,000,920 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/02/14 09:17:31 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\dlnafJBF.DLL
[2012/07/10 19:25:02 | 000,017,408 | ---- | C] () -- C:\Users\Thiyagi\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/06/01 07:36:06 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\.oit
[2012/06/01 08:19:03 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\Acapela Group
[2012/06/03 07:26:29 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\Arduino
[2014/08/02 06:42:46 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\BitTorrent
[2014/07/22 22:29:01 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\com.zoosk.Desktop
[2014/07/22 22:28:55 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/06/01 18:19:27 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\DAEMON Tools Lite
[2014/08/02 08:06:14 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\Dropbox
[2013/11/09 12:27:03 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\EAInstall
[2012/09/29 11:45:59 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\EndNote
[2013/02/24 09:40:30 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\Garmin
[2013/04/23 22:10:02 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\gtk-2.0
[2014/05/05 09:18:18 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\LifeSignMini
[2013/11/16 11:32:48 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\MetaQuotes
[2014/07/07 20:14:38 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\MITMediaLab
[2012/06/11 07:52:04 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\Notepad++
[2012/12/30 19:04:26 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\Nuance
[2012/12/21 21:41:39 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\ooVoo Details
[2013/09/17 21:49:58 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\OptionsOracle
[2014/05/05 09:18:37 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\Softland
[2013/12/22 10:40:13 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\TeamViewer
[2013/11/16 13:48:02 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\Tickstory
[2014/05/13 10:20:54 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\TradeStation Technologies
[2014/05/08 22:35:23 | 000,000,000 | ---D | M] -- C:\Users\Thiyagi\AppData\Roaming\TS Support
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
==============================================================================================================================================
 
Thank you very much for your input and help.
 
Showup

  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thank you very much for your input and help.

Showup



You're quite welcome. :) Those logs look good, let's take a look and make sure we don't have anything more sinister lurking.


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Things I need to see in your next post

TDSSKiller Log

  • 0

#5
showup

showup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here is the TDSSKiller Log:

 

TDSSKiller Log

=========

 

09:13:34.0450 0x1ff0  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
09:13:50.0728 0x1ff0  ============================================================
09:13:50.0728 0x1ff0  Current date / time: 2014/08/02 09:13:50.0728
09:13:50.0728 0x1ff0  SystemInfo:
09:13:50.0728 0x1ff0  
09:13:50.0729 0x1ff0  OS Version: 6.1.7601 ServicePack: 1.0
09:13:50.0729 0x1ff0  Product type: Workstation
09:13:50.0729 0x1ff0  ComputerName: THIYAGI_LENOVO
09:13:50.0729 0x1ff0  UserName: Thiyagi
09:13:50.0729 0x1ff0  Windows directory: C:\Windows
09:13:50.0729 0x1ff0  System windows directory: C:\Windows
09:13:50.0729 0x1ff0  Running under WOW64
09:13:50.0729 0x1ff0  Processor architecture: Intel x64
09:13:50.0729 0x1ff0  Number of processors: 8
09:13:50.0729 0x1ff0  Page size: 0x1000
09:13:50.0729 0x1ff0  Boot type: Normal boot
09:13:50.0729 0x1ff0  ============================================================
09:13:50.0913 0x1ff0  KLMD registered as C:\Windows\system32\drivers\61291209.sys
09:13:51.0393 0x1ff0  System UUID: {8BF63F8D-AA79-CF5F-7DF3-74F6341A59F6}
09:13:52.0618 0x1ff0  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:13:52.0629 0x1ff0  ============================================================
09:13:52.0629 0x1ff0  \Device\Harddisk0\DR0:
09:13:52.0629 0x1ff0  MBR partitions:
09:13:52.0629 0x1ff0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
09:13:52.0629 0x1ff0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x6ECA1800
09:13:52.0629 0x1ff0  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6ED06000, BlocksNum 0x32F0000
09:13:52.0629 0x1ff0  ============================================================
09:13:52.0731 0x1ff0  C: <-> \Device\Harddisk0\DR0\Partition2
09:13:52.0776 0x1ff0  D: <-> \Device\Harddisk0\DR0\Partition3
09:13:52.0777 0x1ff0  ============================================================
09:13:52.0777 0x1ff0  Initialize success
09:13:52.0777 0x1ff0  ============================================================
09:14:28.0674 0x1fd4  ============================================================
09:14:28.0674 0x1fd4  Scan started
09:14:28.0674 0x1fd4  Mode: Manual; SigCheck; TDLFS; 
09:14:28.0674 0x1fd4  ============================================================
09:14:28.0674 0x1fd4  KSN ping started
09:14:31.0264 0x1fd4  KSN ping finished: true
09:14:32.0432 0x1fd4  ================ Scan system memory ========================
09:14:32.0432 0x1fd4  System memory - ok
09:14:32.0433 0x1fd4  ================ Scan services =============================
09:14:32.0659 0x1fd4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:14:32.0788 0x1fd4  1394ohci - ok
09:14:32.0828 0x1fd4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:14:32.0938 0x1fd4  ACPI - ok
09:14:32.0967 0x1fd4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:14:33.0009 0x1fd4  AcpiPmi - ok
09:14:33.0060 0x1fd4  [ 5E813B11629007309E4FC0F0FD2B7C30, A8FDC3994D236248B7FAEA572E987C8D5903AF5305E06D624909DE786FA811BA ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
09:14:33.0848 0x1fd4  ACPIVPC - ok
09:14:33.0897 0x1fd4  [ 2F0683FD2DF1D92E891CACA14B45A8C1, B4A8D6A183FA0B7D642FAD6B51C19FEC998481E1C49480D2B391E5D8B55F5BBD ] adfs            C:\Windows\system32\drivers\adfs.sys
09:14:33.0917 0x1fd4  adfs - ok
09:14:34.0077 0x1fd4  [ B1EA9681502EE57F87DB71D726288A5B, D17BD2CFAE72E92C77D183331D5CBA0FEA893BF54875920870E271940F40A8BB ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:14:34.0097 0x1fd4  AdobeARMservice - ok
09:14:34.0235 0x1fd4  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:14:34.0264 0x1fd4  AdobeFlashPlayerUpdateSvc - ok
09:14:34.0324 0x1fd4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:14:34.0366 0x1fd4  adp94xx - ok
09:14:34.0390 0x1fd4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:14:34.0424 0x1fd4  adpahci - ok
09:14:34.0446 0x1fd4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:14:34.0473 0x1fd4  adpu320 - ok
09:14:34.0503 0x1fd4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:14:34.0575 0x1fd4  AeLookupSvc - ok
09:14:34.0709 0x1fd4  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
09:14:34.0770 0x1fd4  AFD - ok
09:14:34.0803 0x1fd4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:14:34.0824 0x1fd4  agp440 - ok
09:14:34.0846 0x1fd4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
09:14:34.0896 0x1fd4  ALG - ok
09:14:34.0945 0x1fd4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:14:34.0964 0x1fd4  aliide - ok
09:14:35.0031 0x1fd4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:14:35.0050 0x1fd4  amdide - ok
09:14:35.0058 0x1fd4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:14:35.0097 0x1fd4  AmdK8 - ok
09:14:35.0104 0x1fd4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
09:14:35.0146 0x1fd4  AmdPPM - ok
09:14:35.0184 0x1fd4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:14:35.0208 0x1fd4  amdsata - ok
09:14:35.0235 0x1fd4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
09:14:35.0263 0x1fd4  amdsbs - ok
09:14:35.0284 0x1fd4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:14:35.0303 0x1fd4  amdxata - ok
09:14:35.0339 0x1fd4  [ 449D90F1FB6402773C2F1ECCEAE15F74, D432D3F9D9AD14C70324B13C0A82A5BADC0EA4927B2E49B8BC31A5DEE6440374 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
09:14:35.0380 0x1fd4  AMPPAL - ok
09:14:35.0393 0x1fd4  [ 449D90F1FB6402773C2F1ECCEAE15F74, D432D3F9D9AD14C70324B13C0A82A5BADC0EA4927B2E49B8BC31A5DEE6440374 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
09:14:35.0419 0x1fd4  AMPPALP - ok
09:14:35.0530 0x1fd4  [ AB6E5B9333101E414D8F04BC570064F1, 4BB20C0ECE2C655B8E3A40E8C69A7B6974B73D3585AEDF47A0C52582D17BDAF6 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
09:14:35.0577 0x1fd4  AMPPALR3 - ok
09:14:35.0639 0x1fd4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
09:14:35.0710 0x1fd4  AppID - ok
09:14:35.0733 0x1fd4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:14:35.0806 0x1fd4  AppIDSvc - ok
09:14:35.0837 0x1fd4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
09:14:35.0905 0x1fd4  Appinfo - ok
09:14:35.0940 0x1fd4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
09:14:35.0962 0x1fd4  arc - ok
09:14:35.0986 0x1fd4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:14:36.0009 0x1fd4  arcsas - ok
09:14:36.0139 0x1fd4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:14:36.0164 0x1fd4  aspnet_state - ok
09:14:36.0233 0x1fd4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:14:36.0298 0x1fd4  AsyncMac - ok
09:14:36.0342 0x1fd4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:14:36.0362 0x1fd4  atapi - ok
09:14:36.0451 0x1fd4  [ DAA29FDB8FAA8642ACF74DF4A862E259, 34A3F20F0F1FD572F53C7F6D79C8EEB20776BCA0960768F3F675E25F40800C57 ] atashost        C:\Windows\SysWOW64\atashost.exe
09:14:36.0472 0x1fd4  atashost - ok
09:14:36.0533 0x1fd4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:14:36.0669 0x1fd4  AudioEndpointBuilder - ok
09:14:36.0702 0x1fd4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:14:36.0789 0x1fd4  AudioSrv - ok
09:14:36.0883 0x1fd4  [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
09:14:36.0913 0x1fd4  AVP - ok
09:14:36.0998 0x1fd4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:14:37.0051 0x1fd4  AxInstSV - ok
09:14:37.0106 0x1fd4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
09:14:37.0183 0x1fd4  b06bdrv - ok
09:14:37.0225 0x1fd4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:14:37.0279 0x1fd4  b57nd60a - ok
09:14:37.0339 0x1fd4  [ BC9E4469FE2CE605902D4C8BB09E8236, 13C906DEE487E46037F6DAB82CD65B49CECCA8A7BAC9E1FFD34767AA288A9B76 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
09:14:37.0363 0x1fd4  bcbtums - ok
09:14:37.0472 0x1fd4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:14:37.0516 0x1fd4  BDESVC - ok
09:14:37.0542 0x1fd4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:14:37.0610 0x1fd4  Beep - ok
09:14:37.0716 0x1fd4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
09:14:37.0784 0x1fd4  BFE - ok
09:14:37.0848 0x1fd4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
09:14:37.0958 0x1fd4  BITS - ok
09:14:37.0980 0x1fd4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:14:38.0012 0x1fd4  blbdrive - ok
09:14:38.0047 0x1fd4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:14:38.0085 0x1fd4  bowser - ok
09:14:38.0182 0x1fd4  [ AAA4F992F879977A000FE8B8C730CD2C, A109D3F7CA9D49B98FDA5CA34C60055690F72400CCC96D48076FA86086E4C74D ] BPntDrv         C:\Windows\system32\drivers\BPntDrv.sys
09:14:38.0201 0x1fd4  BPntDrv - ok
09:14:38.0228 0x1fd4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
09:14:38.0255 0x1fd4  BrFiltLo - ok
09:14:38.0265 0x1fd4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
09:14:38.0291 0x1fd4  BrFiltUp - ok
09:14:38.0337 0x1fd4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
09:14:38.0381 0x1fd4  Browser - ok
09:14:38.0416 0x1fd4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\system32\DRIVERS\BrSerId.sys
09:14:38.0481 0x1fd4  Brserid - ok
09:14:38.0542 0x1fd4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:14:38.0585 0x1fd4  BrSerWdm - ok
09:14:38.0633 0x1fd4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:14:38.0668 0x1fd4  BrUsbMdm - ok
09:14:38.0682 0x1fd4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
09:14:38.0712 0x1fd4  BrUsbSer - ok
09:14:38.0765 0x1fd4  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
09:14:38.0838 0x1fd4  BthEnum - ok
09:14:38.0859 0x1fd4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:14:38.0902 0x1fd4  BTHMODEM - ok
09:14:38.0948 0x1fd4  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
09:14:39.0057 0x1fd4  BthPan - ok
09:14:39.0094 0x1fd4  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
09:14:39.0153 0x1fd4  BTHPORT - ok
09:14:39.0200 0x1fd4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
09:14:39.0274 0x1fd4  bthserv - ok
09:14:39.0305 0x1fd4  [ 588762F716C2B7A2054AFBC3D58E5C21, CD44B0200B2E0A81073563BE84ECF9C092F4B5E9DC166A8F0690D6272913CCB7 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
09:14:39.0327 0x1fd4  BTHSSecurityMgr - ok
09:14:39.0338 0x1fd4  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
09:14:39.0374 0x1fd4  BTHUSB - ok
09:14:39.0431 0x1fd4  [ 93F0E54C65EF7FCB56287FA685E4C4B7, FF8644C2F9DC4CDB1BDBD7C25968225769B2DAE7E063BE0FEDCD51809C48CB4D ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
09:14:39.0474 0x1fd4  btwampfl - ok
09:14:39.0495 0x1fd4  [ D1F3C58892C621935947C0261BAEF3C0, AEDAF86A78F615C9124A968568FAA41AA145E6AAE910AB16E370B83BC67BB603 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
09:14:39.0520 0x1fd4  btwaudio - ok
09:14:39.0566 0x1fd4  [ 9C7A3858D87F3A2574C1D326CA6C1461, EA98D1DE3E1BF3BB952FC11511082EC1D398B448C712141B7FC35AFB7E40C4E5 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
09:14:39.0592 0x1fd4  btwavdt - ok
09:14:39.0697 0x1fd4  [ CE6AD9E2874D19069569F03C819B558C, 719326983BC442B416651DB51DD20AA32455B93A79C48B386913296F65B50E6F ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
09:14:39.0752 0x1fd4  btwdins - ok
09:14:39.0791 0x1fd4  [ B1ACFD00CDD13B48D86F46BFEC153BF9, CD7BE27D93364735511CC714B85CB7D97E21E84E3C2361EC405BADAAEA550925 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
09:14:39.0809 0x1fd4  btwl2cap - ok
09:14:39.0827 0x1fd4  [ BB892C59D453E127797F8C5B203678DC, 9ED6E44B1E1050F275BEDE733970F455867147F6EC08CD6522E5AA2F55CB5B71 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
09:14:39.0845 0x1fd4  btwrchid - ok
09:14:40.0019 0x1fd4  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
09:14:40.0187 0x1fd4  c2cautoupdatesvc - ok
09:14:40.0362 0x1fd4  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
09:14:40.0463 0x1fd4  c2cpnrsvc - ok
09:14:40.0499 0x1fd4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:14:40.0569 0x1fd4  cdfs - ok
09:14:40.0665 0x1fd4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:14:40.0740 0x1fd4  cdrom - ok
09:14:40.0774 0x1fd4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:14:40.0847 0x1fd4  CertPropSvc - ok
09:14:40.0877 0x1fd4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
09:14:40.0912 0x1fd4  circlass - ok
09:14:40.0941 0x1fd4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
09:14:41.0027 0x1fd4  CLFS - ok
09:14:41.0100 0x1fd4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:14:41.0183 0x1fd4  clr_optimization_v2.0.50727_32 - ok
09:14:41.0227 0x1fd4  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:14:41.0248 0x1fd4  clr_optimization_v2.0.50727_64 - ok
09:14:41.0379 0x1fd4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:14:41.0406 0x1fd4  clr_optimization_v4.0.30319_32 - ok
09:14:41.0467 0x1fd4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:14:41.0495 0x1fd4  clr_optimization_v4.0.30319_64 - ok
09:14:41.0565 0x1fd4  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
09:14:41.0584 0x1fd4  clwvd - ok
09:14:41.0632 0x1fd4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:14:41.0715 0x1fd4  CmBatt - ok
09:14:41.0744 0x1fd4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:14:41.0764 0x1fd4  cmdide - ok
09:14:41.0820 0x1fd4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
09:14:41.0882 0x1fd4  CNG - ok
09:14:41.0924 0x1fd4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:14:41.0943 0x1fd4  Compbatt - ok
09:14:41.0989 0x1fd4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
09:14:42.0031 0x1fd4  CompositeBus - ok
09:14:42.0042 0x1fd4  COMSysApp - ok
09:14:42.0146 0x1fd4  [ 9DE2CE0A06DAB38BA03471BFE60493A6, A2A9ADA8EA2A9C2CE368F414DFE0C046FA1FCD7DF870725A757FD99D422838C3 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:14:42.0177 0x1fd4  cphs - ok
09:14:42.0207 0x1fd4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:14:42.0227 0x1fd4  crcdisk - ok
09:14:42.0273 0x1fd4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:14:42.0314 0x1fd4  CryptSvc - ok
09:14:42.0401 0x1fd4  [ 44BDDEB03C84A1C993C992FFB5700357, 29080E9A434BB2A932783B0B5104BC9E3C514A0FFB387123B75F4F4045E353BC ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
09:14:42.0419 0x1fd4  CVirtA - ok
09:14:42.0535 0x1fd4  [ 66257CB4E4FB69887CDDC71663741435, A072C2868EC3CB773F1C512C9E07D152920794969E302199E8265CFFFD3EFC2D ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
09:14:42.0635 0x1fd4  CVPND - ok
09:14:42.0763 0x1fd4  [ CC8E52DAA9826064BA464DBE531F2BB5, 28150B5DDB4DB42839EBB4F3672EB575373046B1676938111904290DFF6DEC8E ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
09:14:42.0792 0x1fd4  CVPNDRVA - ok
09:14:42.0864 0x1fd4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:14:42.0962 0x1fd4  DcomLaunch - ok
09:14:43.0011 0x1fd4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:14:43.0106 0x1fd4  defragsvc - ok
09:14:43.0131 0x1fd4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:14:43.0201 0x1fd4  DfsC - ok
09:14:43.0242 0x1fd4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:14:43.0295 0x1fd4  Dhcp - ok
09:14:43.0338 0x1fd4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:14:43.0452 0x1fd4  discache - ok
09:14:43.0489 0x1fd4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
09:14:43.0510 0x1fd4  Disk - ok
09:14:43.0615 0x1fd4  [ A77C2DF75A947CDD5C1F26039361F48C, 53E24C45C86D6A83E653C19867F2C6BC83E608D1E68BEBE8326982784FFE24D4 ] DLNADB          C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
09:14:43.0633 0x1fd4  DLNADB - ok
09:14:43.0762 0x1fd4  [ 05CB5910B3CA6019FC3CCA815EE06FFB, 8FA532ED500BB1F08E8034A6125BDD53B74D5E6AB0A83A6185B07AAFCD90AA82 ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
09:14:43.0784 0x1fd4  DNE - ok
09:14:43.0831 0x1fd4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:14:43.0874 0x1fd4  Dnscache - ok
09:14:43.0900 0x1fd4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:14:43.0981 0x1fd4  dot3svc - ok
09:14:44.0014 0x1fd4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
09:14:44.0097 0x1fd4  DPS - ok
09:14:44.0166 0x1fd4  [ B5FC9AD4A57CA33C538CE3EB8BEDB1D0, 6F39DA0F6D1068FA1E314CBDF0046879844DA2D745CD159BCF8DA5AC10B75ECC ] DragonSvc       C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
09:14:44.0194 0x1fd4  DragonSvc - ok
09:14:44.0262 0x1fd4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:14:44.0312 0x1fd4  drmkaud - ok
09:14:44.0398 0x1fd4  [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
09:14:44.0427 0x1fd4  dtsoftbus01 - ok
09:14:44.0527 0x1fd4  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:14:44.0585 0x1fd4  DXGKrnl - ok
09:14:44.0649 0x1fd4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
09:14:44.0729 0x1fd4  EapHost - ok
09:14:44.0909 0x1fd4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
09:14:45.0098 0x1fd4  ebdrv - ok
09:14:45.0135 0x1fd4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
09:14:45.0200 0x1fd4  EFS - ok
09:14:45.0284 0x1fd4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:14:45.0351 0x1fd4  ehRecvr - ok
09:14:45.0367 0x1fd4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
09:14:45.0410 0x1fd4  ehSched - ok
09:14:45.0467 0x1fd4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:14:45.0508 0x1fd4  elxstor - ok
09:14:45.0525 0x1fd4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:14:45.0553 0x1fd4  ErrDev - ok
09:14:45.0656 0x1fd4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
09:14:45.0792 0x1fd4  EventSystem - ok
09:14:45.0990 0x1fd4  [ 64D25284A4E9D11CA0722AF3F30FD970, C7C40CA8AC444F7B0F88086396C17316348480EBA09109222897B5A42AD655DF ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:14:46.0032 0x1fd4  EvtEng - ok
09:14:46.0056 0x1fd4  ewusbnet - ok
09:14:46.0062 0x1fd4  ew_hwusbdev - ok
09:14:46.0109 0x1fd4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:14:46.0177 0x1fd4  exfat - ok
09:14:46.0203 0x1fd4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:14:46.0281 0x1fd4  fastfat - ok
09:14:46.0347 0x1fd4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
09:14:46.0417 0x1fd4  Fax - ok
09:14:46.0449 0x1fd4  [ 0BDD7984DB7AAFF6DFEFD11D82D473DB, 616B20DD438DA1F18949DD99513889D47A5773E7FD98776B61A2A654733C855E ] fbfmon          C:\Windows\system32\drivers\fbfmon.sys
09:14:46.0468 0x1fd4  fbfmon - ok
09:14:46.0515 0x1fd4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
09:14:46.0550 0x1fd4  fdc - ok
09:14:46.0581 0x1fd4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
09:14:46.0677 0x1fd4  fdPHost - ok
09:14:46.0692 0x1fd4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:14:46.0766 0x1fd4  FDResPub - ok
09:14:46.0790 0x1fd4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:14:46.0811 0x1fd4  FileInfo - ok
09:14:46.0822 0x1fd4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:14:46.0909 0x1fd4  Filetrace - ok
09:14:47.0024 0x1fd4  [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:14:47.0110 0x1fd4  FLEXnet Licensing Service - ok
09:14:47.0197 0x1fd4  [ 1C3FB052A0BB72EDAED90785C34D6EED, 5300A82D1A79EBA1768F545E73974E3B8CE189AB39CDF905BF42AFA2E497186B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
09:14:47.0266 0x1fd4  FLEXnet Licensing Service 64 - ok
09:14:47.0314 0x1fd4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
09:14:47.0336 0x1fd4  flpydisk - ok
09:14:47.0369 0x1fd4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:14:47.0399 0x1fd4  FltMgr - ok
09:14:47.0491 0x1fd4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
09:14:47.0614 0x1fd4  FontCache - ok
09:14:47.0722 0x1fd4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:14:47.0740 0x1fd4  FontCache3.0.0.0 - ok
09:14:47.0767 0x1fd4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:14:47.0788 0x1fd4  FsDepends - ok
09:14:47.0832 0x1fd4  [ 6C06701BF1DB05405804D7EB610991CE, 75DEB2204D9AC338ED7C4742BEFAFA0AFC7E42B2C1B54A57DF8A1AD097D9EC3E ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
09:14:47.0849 0x1fd4  fssfltr - ok
09:14:47.0973 0x1fd4  [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:14:48.0051 0x1fd4  fsssvc - ok
09:14:48.0098 0x1fd4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:14:48.0117 0x1fd4  Fs_Rec - ok
09:14:48.0183 0x1fd4  [ 35FD2BB5131714E657B7AB3A78642854, C24AC6D4E0E76B39625FC9051E092439642C3A10122F712C11A562860703F27A ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
09:14:48.0202 0x1fd4  FTDIBUS - ok
09:14:48.0219 0x1fd4  [ 196C9BDDBEF9B6D0973F398BEF5B2EEE, D4F9C5CED1E33446B45BD2AFFA6E716B4332AF8716477A80437220AC20C6DFE0 ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
09:14:48.0237 0x1fd4  FTSER2K - ok
09:14:48.0283 0x1fd4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:14:48.0316 0x1fd4  fvevol - ok
09:14:48.0347 0x1fd4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:14:48.0368 0x1fd4  gagp30kx - ok
09:14:48.0477 0x1fd4  [ 876D29312C0A297EEE28F3DA30A994E8, 09FD1AA8BA3BD8222CAB1FB915EF673D7A1C1604B0D7E78AB5F3A965D9D94886 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
09:14:48.0503 0x1fd4  Garmin Core Update Service - ok
09:14:48.0576 0x1fd4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:14:48.0672 0x1fd4  gpsvc - ok
09:14:48.0766 0x1fd4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:14:48.0815 0x1fd4  gupdate - ok
09:14:48.0842 0x1fd4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:14:48.0861 0x1fd4  gupdatem - ok
09:14:48.0918 0x1fd4  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:14:48.0943 0x1fd4  gusvc - ok
09:14:48.0978 0x1fd4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:14:49.0015 0x1fd4  hcw85cir - ok
09:14:49.0033 0x1fd4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:14:49.0089 0x1fd4  HdAudAddService - ok
09:14:49.0122 0x1fd4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:14:49.0162 0x1fd4  HDAudBus - ok
09:14:49.0168 0x1fd4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
09:14:49.0203 0x1fd4  HidBatt - ok
09:14:49.0217 0x1fd4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:14:49.0261 0x1fd4  HidBth - ok
09:14:49.0327 0x1fd4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:14:49.0355 0x1fd4  HidIr - ok
09:14:49.0378 0x1fd4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
09:14:49.0454 0x1fd4  hidserv - ok
09:14:49.0493 0x1fd4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:14:49.0516 0x1fd4  HidUsb - ok
09:14:49.0568 0x1fd4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:14:49.0664 0x1fd4  hkmsvc - ok
09:14:49.0711 0x1fd4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:14:49.0757 0x1fd4  HomeGroupListener - ok
09:14:49.0796 0x1fd4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:14:49.0871 0x1fd4  HomeGroupProvider - ok
09:14:49.0917 0x1fd4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:14:49.0938 0x1fd4  HpSAMD - ok
09:14:49.0973 0x1fd4  [ 436819F9B8B0032791400BD5B4934FAB, B5BEF99DA8F352BED7041052B220EE2AA421FFF8BE9053DAAE20B47D274DE323 ] hswpan          C:\Windows\system32\DRIVERS\hswpan.sys
09:14:49.0999 0x1fd4  hswpan - ok
09:14:50.0081 0x1fd4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:14:50.0185 0x1fd4  HTTP - ok
09:14:50.0203 0x1fd4  huawei_enumerator - ok
09:14:50.0218 0x1fd4  hwdatacard - ok
09:14:50.0245 0x1fd4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:14:50.0265 0x1fd4  hwpolicy - ok
09:14:50.0339 0x1fd4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:14:50.0366 0x1fd4  i8042prt - ok
09:14:50.0420 0x1fd4  [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:14:50.0459 0x1fd4  iaStor - ok
09:14:50.0581 0x1fd4  [ 7D4B9A48430ED57ACA6373B71D5904CA, 6ED72DAA7A4951142F036364E8F237E74246EF3E9EA089448DEF15380DAB0DB3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:14:50.0600 0x1fd4  IAStorDataMgrSvc - ok
09:14:50.0698 0x1fd4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:14:50.0734 0x1fd4  iaStorV - ok
09:14:50.0849 0x1fd4  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:14:50.0903 0x1fd4  idsvc - ok
09:14:50.0924 0x1fd4  IEEtwCollectorService - ok
09:14:51.0578 0x1fd4  [ 7054941241807E91663A83A38BCE3F0D, 340F724554CCF4F52C1F426A7E3C8B0C4DE73C38DA102AFBD375D0FC8AF31086 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
09:14:52.0526 0x1fd4  igfx - ok
09:14:52.0583 0x1fd4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:14:52.0603 0x1fd4  iirsp - ok
09:14:52.0743 0x1fd4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:14:52.0816 0x1fd4  IKEEXT - ok
09:14:52.0856 0x1fd4  [ CADDF0927DAC63EDAE48F5C35A61D87D, C46006461311B1563C1D149B9D60B202F30147265B9D93069B084D03A09D2BEC ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
09:14:52.0876 0x1fd4  intaud_WaveExtensible - ok
09:14:53.0098 0x1fd4  [ D830262519DDCDFC8BE34EB7047C22DC, A3D41BD7EDBAD0B64245824E920804FB98468E32A649A7983AB3C13C89144D23 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:14:53.0307 0x1fd4  IntcAzAudAddService - ok
09:14:53.0430 0x1fd4  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
09:14:53.0508 0x1fd4  IntcDAud - ok
09:14:53.0589 0x1fd4  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:14:53.0633 0x1fd4  Intel® Capability Licensing Service Interface - ok
09:14:53.0669 0x1fd4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:14:53.0688 0x1fd4  intelide - ok
09:14:53.0726 0x1fd4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:14:53.0804 0x1fd4  intelppm - ok
09:14:53.0845 0x1fd4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:14:53.0916 0x1fd4  IPBusEnum - ok
09:14:53.0950 0x1fd4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:14:54.0024 0x1fd4  IpFilterDriver - ok
09:14:54.0080 0x1fd4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:14:54.0152 0x1fd4  iphlpsvc - ok
09:14:54.0168 0x1fd4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:14:54.0209 0x1fd4  IPMIDRV - ok
09:14:54.0218 0x1fd4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:14:54.0282 0x1fd4  IPNAT - ok
09:14:54.0303 0x1fd4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:14:54.0349 0x1fd4  IRENUM - ok
09:14:54.0355 0x1fd4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:14:54.0374 0x1fd4  isapnp - ok
09:14:54.0414 0x1fd4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:14:54.0445 0x1fd4  iScsiPrt - ok
09:14:54.0486 0x1fd4  [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
09:14:54.0504 0x1fd4  iusb3hcs - ok
09:14:54.0571 0x1fd4  [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
09:14:54.0604 0x1fd4  iusb3hub - ok
09:14:54.0678 0x1fd4  [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
09:14:54.0727 0x1fd4  iusb3xhc - ok
09:14:54.0767 0x1fd4  [ 716F66336F10885D935B08174DC54242, 1992708956A2A45A8870CFCB532F3ABF24B1143B75EF32AB1F59D5D86E65F493 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
09:14:54.0786 0x1fd4  iwdbus - ok
09:14:54.0898 0x1fd4  [ 09CA717536671E0896E07D239EE6740F, 5E1A4A1490D38DBDF21DD655D2139FC2856F5CAED6A72C4C6E65BF6C01C896CE ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
09:14:54.0922 0x1fd4  jhi_service - ok
09:14:54.0952 0x1fd4  [ DD931496F49CDDF4F0B440455423E162, 333F2631ADD9F8CC72ADE94D280C25BF90927D4A1C0ABA5FED902B392ECC5502 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
09:14:54.0976 0x1fd4  JMCR - ok
09:14:55.0011 0x1fd4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:14:55.0032 0x1fd4  kbdclass - ok
09:14:55.0060 0x1fd4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:14:55.0090 0x1fd4  kbdhid - ok
09:14:55.0129 0x1fd4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
09:14:55.0151 0x1fd4  KeyIso - ok
09:14:55.0221 0x1fd4  [ 795EC29BA21F1D948FD6FD740C00B599, 780900717A812C5DB78C67057010BD62DF2C756C087599A6F8C67CB4EFA7518C ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
09:14:55.0258 0x1fd4  kl1 - ok
09:14:55.0307 0x1fd4  [ D0C3AEF67932D2A80736FBCB956C017D, 166C2FD5F1B6FFE7A71CD821DFDD02B68D25CBF0D44BD6F2522C65CF1DEB363C ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
09:14:55.0330 0x1fd4  klflt - ok
09:14:55.0484 0x1fd4  [ 41DF293A7F0418F5DDED9F0297DC68F3, 25DE4BB7F2D915FCF576ABD46EEDC5574B694A2D1E5CB7AB565792C7BB57C76B ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
09:14:55.0527 0x1fd4  KLIF - ok
09:14:55.0585 0x1fd4  [ 31B69BFF28348503E4BD10C2A4F66D05, 891318C2DDF85E43DFCEE73717AEFCE79BC3DCD83FCD58E6F794AB6BF1739688 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
09:14:55.0604 0x1fd4  KLIM6 - ok
09:14:55.0652 0x1fd4  [ 8DA5BC75C3E8A995335642F26CAEA54B, 3995AAB499A37077AA4FB372E75CD9259BA3EA7020B961CF482AC948D2D47AB4 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
09:14:55.0672 0x1fd4  klkbdflt - ok
09:14:55.0711 0x1fd4  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
09:14:55.0731 0x1fd4  klmouflt - ok
09:14:55.0773 0x1fd4  [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
09:14:55.0792 0x1fd4  klpd - ok
09:14:55.0841 0x1fd4  [ 4828B3D2BC89B05E07101C6E60CE0A6A, C2D40EA03A526286AEDF27DE80CB0576EB59EB7581C9E9ECFCB867349593D7CE ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
09:14:55.0861 0x1fd4  kltdi - ok
09:14:55.0888 0x1fd4  [ 91BC1C5B00275A4D7FD669EFF0DDEB2A, B745518E1916441A49565478EA77C8DBC784E7B4D9DAD1EA1F648ED1727F413D ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
09:14:55.0914 0x1fd4  kneps - ok
09:14:55.0946 0x1fd4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:14:55.0968 0x1fd4  KSecDD - ok
09:14:56.0004 0x1fd4  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:14:56.0030 0x1fd4  KSecPkg - ok
09:14:56.0066 0x1fd4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:14:56.0135 0x1fd4  ksthunk - ok
09:14:56.0173 0x1fd4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:14:56.0265 0x1fd4  KtmRm - ok
09:14:56.0302 0x1fd4  [ E84DA1A93978B3700EA63414357B9BA3, B6119D23457CDEE2CCEBA433F5427B183387C3C54E9E51B42D7C79D1524727A4 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
09:14:56.0324 0x1fd4  L1C - ok
09:14:56.0363 0x1fd4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:14:56.0443 0x1fd4  LanmanServer - ok
09:14:56.0476 0x1fd4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:14:56.0540 0x1fd4  LanmanWorkstation - ok
09:14:56.0583 0x1fd4  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
09:14:56.0601 0x1fd4  LHDmgr - ok
09:14:56.0649 0x1fd4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:14:56.0727 0x1fd4  lltdio - ok
09:14:56.0772 0x1fd4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:14:56.0859 0x1fd4  lltdsvc - ok
09:14:56.0891 0x1fd4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:14:56.0951 0x1fd4  lmhosts - ok
09:14:56.0999 0x1fd4  [ A60D56228FF3EE7EC1A56A908924680E, A50D75BB87CF4858681720380E9E1EF7FDFE1411E10D856F3E7BBAF3FB1EDDFC ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:14:57.0027 0x1fd4  LMS - ok
09:14:57.0060 0x1fd4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:14:57.0083 0x1fd4  LSI_FC - ok
09:14:57.0092 0x1fd4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:14:57.0115 0x1fd4  LSI_SAS - ok
09:14:57.0122 0x1fd4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
09:14:57.0144 0x1fd4  LSI_SAS2 - ok
09:14:57.0153 0x1fd4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:14:57.0177 0x1fd4  LSI_SCSI - ok
09:14:57.0206 0x1fd4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:14:57.0296 0x1fd4  luafv - ok
09:14:57.0301 0x1fd4  lxcr_device - ok
09:14:57.0324 0x1fd4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:14:57.0360 0x1fd4  Mcx2Svc - ok
09:14:57.0366 0x1fd4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:14:57.0386 0x1fd4  megasas - ok
09:14:57.0417 0x1fd4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
09:14:57.0492 0x1fd4  MegaSR - ok
09:14:57.0530 0x1fd4  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
09:14:57.0550 0x1fd4  MEIx64 - ok
09:14:57.0674 0x1fd4  Microsoft SharePoint Workspace Audit Service - ok
09:14:57.0708 0x1fd4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
09:14:57.0783 0x1fd4  MMCSS - ok
09:14:57.0797 0x1fd4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
09:14:57.0862 0x1fd4  Modem - ok
09:14:57.0911 0x1fd4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:14:57.0946 0x1fd4  monitor - ok
09:14:58.0020 0x1fd4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:14:58.0040 0x1fd4  mouclass - ok
09:14:58.0072 0x1fd4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:14:58.0106 0x1fd4  mouhid - ok
09:14:58.0137 0x1fd4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:14:58.0159 0x1fd4  mountmgr - ok
09:14:58.0202 0x1fd4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:14:58.0227 0x1fd4  mpio - ok
09:14:58.0265 0x1fd4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:14:58.0326 0x1fd4  mpsdrv - ok
09:14:58.0385 0x1fd4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:14:58.0492 0x1fd4  MpsSvc - ok
09:14:58.0533 0x1fd4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:14:58.0565 0x1fd4  MRxDAV - ok
09:14:58.0599 0x1fd4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:14:58.0663 0x1fd4  mrxsmb - ok
09:14:58.0687 0x1fd4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:14:58.0722 0x1fd4  mrxsmb10 - ok
09:14:58.0744 0x1fd4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:14:58.0771 0x1fd4  mrxsmb20 - ok
09:14:58.0802 0x1fd4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:14:58.0821 0x1fd4  msahci - ok
09:14:58.0879 0x1fd4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:14:58.0904 0x1fd4  msdsm - ok
09:14:58.0919 0x1fd4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
09:14:58.0965 0x1fd4  MSDTC - ok
09:14:59.0043 0x1fd4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:14:59.0102 0x1fd4  Msfs - ok
09:14:59.0128 0x1fd4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:14:59.0187 0x1fd4  mshidkmdf - ok
09:14:59.0199 0x1fd4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:14:59.0218 0x1fd4  msisadrv - ok
09:14:59.0242 0x1fd4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:14:59.0309 0x1fd4  MSiSCSI - ok
09:14:59.0314 0x1fd4  msiserver - ok
09:14:59.0338 0x1fd4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:14:59.0405 0x1fd4  MSKSSRV - ok
09:14:59.0502 0x1fd4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:14:59.0560 0x1fd4  MSPCLOCK - ok
09:14:59.0609 0x1fd4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:14:59.0712 0x1fd4  MSPQM - ok
09:14:59.0755 0x1fd4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:14:59.0789 0x1fd4  MsRPC - ok
09:14:59.0808 0x1fd4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:14:59.0828 0x1fd4  mssmbios - ok
09:14:59.0845 0x1fd4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:14:59.0917 0x1fd4  MSTEE - ok
09:14:59.0929 0x1fd4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
09:14:59.0952 0x1fd4  MTConfig - ok
09:14:59.0978 0x1fd4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
09:14:59.0998 0x1fd4  Mup - ok
09:15:00.0049 0x1fd4  [ E3B58E3011B207C5289D11173B30E298, 68BDF7DE4FD5E38D33DBAD2A2E05E32BABA8BBD85DBC4364AF7CD62C54C6B539 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
09:15:00.0076 0x1fd4  MyWiFiDHCPDNS - ok
09:15:00.0126 0x1fd4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:15:00.0218 0x1fd4  napagent - ok
09:15:00.0310 0x1fd4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:15:00.0370 0x1fd4  NativeWifiP - ok
09:15:00.0449 0x1fd4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:15:00.0510 0x1fd4  NDIS - ok
09:15:00.0529 0x1fd4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:15:00.0588 0x1fd4  NdisCap - ok
09:15:00.0636 0x1fd4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:15:00.0695 0x1fd4  NdisTapi - ok
09:15:00.0717 0x1fd4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:15:00.0784 0x1fd4  Ndisuio - ok
09:15:00.0810 0x1fd4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:15:00.0883 0x1fd4  NdisWan - ok
09:15:00.0917 0x1fd4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:15:00.0975 0x1fd4  NDProxy - ok
09:15:01.0046 0x1fd4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:15:01.0112 0x1fd4  NetBIOS - ok
09:15:01.0134 0x1fd4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:15:01.0202 0x1fd4  NetBT - ok
09:15:01.0220 0x1fd4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
09:15:01.0242 0x1fd4  Netlogon - ok
09:15:01.0280 0x1fd4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:15:01.0373 0x1fd4  Netman - ok
09:15:01.0432 0x1fd4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:15:01.0460 0x1fd4  NetMsmqActivator - ok
09:15:01.0480 0x1fd4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:15:01.0505 0x1fd4  NetPipeActivator - ok
09:15:01.0543 0x1fd4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:15:01.0650 0x1fd4  netprofm - ok
09:15:01.0660 0x1fd4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:15:01.0685 0x1fd4  NetTcpActivator - ok
09:15:01.0694 0x1fd4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:15:01.0720 0x1fd4  NetTcpPortSharing - ok
09:15:02.0234 0x1fd4  [ B51E9AD4F4E4F8DBE0AB882756BC5DAB, 74E975F3BF39B360C466A0CEEEF545D1B814EE1AEFF6B2FCDD81A33FA276FBF3 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
09:15:02.0886 0x1fd4  NETwNs64 - ok
09:15:02.0937 0x1fd4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:15:02.0954 0x1fd4  nfrd960 - ok
09:15:03.0000 0x1fd4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:15:03.0040 0x1fd4  NlaSvc - ok
09:15:03.0093 0x1fd4  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2, 7A3FA5B779CBBED46CA81328951B71352E4FC60153A91965877834EC7C6F0074 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
09:15:03.0132 0x1fd4  nmwcd - ok
09:15:03.0179 0x1fd4  [ 41C1AC1F3613435EB32D67BCB80A5FA5, 93A313BC4A7FA2FC3372CFBF2D76F417007B4A82455092724D3B0B6FA5A88F23 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
09:15:03.0228 0x1fd4  nmwcdc - ok
09:15:03.0254 0x1fd4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:15:03.0313 0x1fd4  Npfs - ok
09:15:03.0342 0x1fd4  [ 686398C3A52EE6588948EAC0C01B126C, 81712D5154535F54E492BA14F3B9140AF3A179D4BED5A1E084F3961275A6B39D ] NSD             C:\Windows\system32\drivers\nsd.sys
09:15:03.0360 0x1fd4  NSD - ok
09:15:03.0378 0x1fd4  [ 2152DC8E58391562C9F07998C6FCCF8C, BE89243A90FC3A3D5A628E6C1DF9CB2B51839C907AD4CE1A30C38D4260FC0DCC ] Nsdfltr         C:\Windows\system32\drivers\Nsdfltr.sys
09:15:03.0397 0x1fd4  Nsdfltr - ok
09:15:03.0417 0x1fd4  [ 486EC2BDC09FBAC5814032D38215010A, 70B1588AAF8897F36D09922BEECD8DBC6B922904B2B0E3EE3F0561624C0DE634 ] NSDSvc          C:\Windows\System32\NSDSvc.exe
09:15:03.0438 0x1fd4  NSDSvc - ok
09:15:03.0488 0x1fd4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
09:15:03.0549 0x1fd4  nsi - ok
09:15:03.0560 0x1fd4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:15:03.0665 0x1fd4  nsiproxy - ok
09:15:03.0763 0x1fd4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:15:03.0855 0x1fd4  Ntfs - ok
09:15:03.0889 0x1fd4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:15:03.0947 0x1fd4  Null - ok
09:15:04.0611 0x1fd4  [ BF7A24A71E1932200D864BC1CE15E596, 59736CE4AC16BADCDDA935F2F7CEC93F6C245C359D699F841260AA817DC65442 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:15:05.0112 0x1fd4  nvlddmkm - ok
09:15:05.0173 0x1fd4  [ 1891184D09E8C16042E57D5373E4268E, 67856E7C491A6C9F90990D45DA407AAAF1F9866F37E7120AF88D6AE2241567EB ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
09:15:05.0191 0x1fd4  nvpciflt - ok
09:15:05.0226 0x1fd4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:15:05.0247 0x1fd4  nvraid - ok
09:15:05.0257 0x1fd4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:15:05.0279 0x1fd4  nvstor - ok
09:15:05.0332 0x1fd4  [ 43F91595049DE14C4B61D1E76436164F, AADBB9C4C47F9CC6A89CD4729C26E5DE3CCF649BCFC540B9D6F4A3DEFB92DA0B ] nvsvc           C:\Windows\system32\nvvsvc.exe
09:15:05.0391 0x1fd4  nvsvc - ok
09:15:05.0491 0x1fd4  [ 322B69422836F97B76F4AA59B47507BA, 9BE48FB784B574466340069DCA86E3BDE5E8357A8079406ABDA9C2CE5AD76111 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:15:05.0601 0x1fd4  nvUpdatusService - ok
09:15:05.0627 0x1fd4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:15:05.0651 0x1fd4  nv_agp - ok
09:15:05.0668 0x1fd4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:15:05.0694 0x1fd4  ohci1394 - ok
09:15:05.0743 0x1fd4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:15:05.0766 0x1fd4  ose - ok
09:15:06.0031 0x1fd4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:15:06.0298 0x1fd4  osppsvc - ok
09:15:06.0358 0x1fd4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:15:06.0398 0x1fd4  p2pimsvc - ok
09:15:06.0443 0x1fd4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:15:06.0487 0x1fd4  p2psvc - ok
09:15:06.0515 0x1fd4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
09:15:06.0542 0x1fd4  Parport - ok
09:15:06.0594 0x1fd4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:15:06.0615 0x1fd4  partmgr - ok
09:15:06.0655 0x1fd4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:15:06.0704 0x1fd4  PcaSvc - ok
09:15:06.0778 0x1fd4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
09:15:06.0805 0x1fd4  pci - ok
09:15:06.0829 0x1fd4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:15:06.0847 0x1fd4  pciide - ok
09:15:06.0874 0x1fd4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:15:06.0902 0x1fd4  pcmcia - ok
09:15:06.0918 0x1fd4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:15:06.0938 0x1fd4  pcw - ok
09:15:07.0025 0x1fd4  [ 054974057FEEB7B4228D8B6C767C4E0F, DD95AA488FFEEB02FBC5067CDA8DFCEFD1758B374AB9FCA862DA08388E2E1746 ] PDFProFiltSrvPP C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
09:15:07.0046 0x1fd4  PDFProFiltSrvPP - ok
09:15:07.0092 0x1fd4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:15:07.0195 0x1fd4  PEAUTH - ok
09:15:07.0329 0x1fd4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:15:07.0362 0x1fd4  PerfHost - ok
09:15:07.0454 0x1fd4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
09:15:07.0591 0x1fd4  pla - ok
09:15:07.0699 0x1fd4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:15:07.0758 0x1fd4  PlugPlay - ok
09:15:07.0775 0x1fd4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:15:07.0814 0x1fd4  PNRPAutoReg - ok
09:15:07.0867 0x1fd4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:15:07.0903 0x1fd4  PNRPsvc - ok
09:15:07.0965 0x1fd4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:15:08.0053 0x1fd4  PolicyAgent - ok
09:15:08.0081 0x1fd4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
09:15:08.0159 0x1fd4  Power - ok
09:15:08.0189 0x1fd4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:15:08.0257 0x1fd4  PptpMiniport - ok
09:15:08.0274 0x1fd4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
09:15:08.0306 0x1fd4  Processor - ok
09:15:08.0354 0x1fd4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:15:08.0388 0x1fd4  ProfSvc - ok
09:15:08.0408 0x1fd4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:15:08.0430 0x1fd4  ProtectedStorage - ok
09:15:08.0453 0x1fd4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:15:08.0526 0x1fd4  Psched - ok
09:15:08.0647 0x1fd4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:15:08.0735 0x1fd4  ql2300 - ok
09:15:08.0786 0x1fd4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:15:08.0810 0x1fd4  ql40xx - ok
09:15:08.0846 0x1fd4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
09:15:08.0890 0x1fd4  QWAVE - ok
09:15:08.0908 0x1fd4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:15:08.0956 0x1fd4  QWAVEdrv - ok
09:15:08.0976 0x1fd4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:15:09.0034 0x1fd4  RasAcd - ok
09:15:09.0074 0x1fd4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:15:09.0134 0x1fd4  RasAgileVpn - ok
09:15:09.0161 0x1fd4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
09:15:09.0250 0x1fd4  RasAuto - ok
09:15:09.0345 0x1fd4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:15:09.0417 0x1fd4  Rasl2tp - ok
09:15:09.0522 0x1fd4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:15:09.0598 0x1fd4  RasMan - ok
09:15:09.0624 0x1fd4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:15:09.0698 0x1fd4  RasPppoe - ok
09:15:09.0715 0x1fd4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:15:09.0783 0x1fd4  RasSstp - ok
09:15:09.0826 0x1fd4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:15:09.0950 0x1fd4  rdbss - ok
09:15:09.0969 0x1fd4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
09:15:10.0007 0x1fd4  rdpbus - ok
09:15:10.0037 0x1fd4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:15:10.0106 0x1fd4  RDPCDD - ok
09:15:10.0120 0x1fd4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:15:10.0189 0x1fd4  RDPENCDD - ok
09:15:10.0220 0x1fd4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:15:10.0278 0x1fd4  RDPREFMP - ok
09:15:10.0318 0x1fd4  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:15:10.0350 0x1fd4  RDPWD - ok
09:15:10.0382 0x1fd4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:15:10.0410 0x1fd4  rdyboost - ok
09:15:10.0478 0x1fd4  [ F3AF2B43F35DBB3A0EB9FEEEC7D62217, 5BFB97BFE94F52CE02DFB2B7E8A9AD34AE489B77BA689F63D733EFB65548D734 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:15:10.0499 0x1fd4  RegSrvc - ok
09:15:10.0532 0x1fd4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:15:10.0611 0x1fd4  RemoteAccess - ok
09:15:10.0669 0x1fd4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:15:10.0750 0x1fd4  RemoteRegistry - ok
09:15:10.0791 0x1fd4  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
09:15:10.0840 0x1fd4  RFCOMM - ok
09:15:10.0867 0x1fd4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:15:10.0972 0x1fd4  RpcEptMapper - ok
09:15:11.0007 0x1fd4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:15:11.0032 0x1fd4  RpcLocator - ok
09:15:11.0074 0x1fd4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
09:15:11.0155 0x1fd4  RpcSs - ok
09:15:11.0188 0x1fd4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:15:11.0250 0x1fd4  rspndr - ok
09:15:11.0321 0x1fd4  [ 333224D4D25F9BCCA488E08345083E1C, 368CA50C6791849A029F0E55036D0F2952922D5D17BE3C35D1195C6AFED0D94F ] RTL8187         C:\Windows\system32\DRIVERS\rtl8187.sys
09:15:11.0364 0x1fd4  RTL8187 - ok
09:15:11.0767 0x1fd4  [ C736749AC756503C0F94D94F5BC39B0E, 1CE0D359C377E7557C3B215ED95420286FD64688FD0CF98290CCDFFFCD2C6386 ] rtsuvc          C:\Windows\system32\DRIVERS\rtsuvc.sys
09:15:12.0092 0x1fd4  rtsuvc - ok
09:15:12.0135 0x1fd4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
09:15:12.0154 0x1fd4  SamSs - ok
09:15:12.0173 0x1fd4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:15:12.0193 0x1fd4  sbp2port - ok
09:15:12.0240 0x1fd4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:15:12.0300 0x1fd4  SCardSvr - ok
09:15:12.0329 0x1fd4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:15:12.0391 0x1fd4  scfilter - ok
09:15:12.0449 0x1fd4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
09:15:12.0575 0x1fd4  Schedule - ok
09:15:12.0678 0x1fd4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:15:12.0735 0x1fd4  SCPolicySvc - ok
09:15:12.0766 0x1fd4  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
09:15:12.0807 0x1fd4  sdbus - ok
09:15:12.0834 0x1fd4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:15:12.0880 0x1fd4  SDRSVC - ok
09:15:12.0916 0x1fd4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:15:12.0992 0x1fd4  secdrv - ok
09:15:13.0012 0x1fd4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
09:15:13.0072 0x1fd4  seclogon - ok
09:15:13.0156 0x1fd4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
09:15:13.0230 0x1fd4  SENS - ok
09:15:13.0263 0x1fd4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:15:13.0338 0x1fd4  SensrSvc - ok
09:15:13.0370 0x1fd4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:15:13.0407 0x1fd4  Serenum - ok
09:15:13.0445 0x1fd4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
09:15:13.0525 0x1fd4  Serial - ok
09:15:13.0555 0x1fd4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:15:13.0585 0x1fd4  sermouse - ok
09:15:13.0646 0x1fd4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:15:13.0769 0x1fd4  SessionEnv - ok
09:15:13.0786 0x1fd4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:15:13.0812 0x1fd4  sffdisk - ok
09:15:13.0828 0x1fd4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:15:13.0863 0x1fd4  sffp_mmc - ok
09:15:13.0878 0x1fd4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:15:13.0904 0x1fd4  sffp_sd - ok
09:15:13.0937 0x1fd4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:15:14.0007 0x1fd4  sfloppy - ok
09:15:14.0047 0x1fd4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:15:14.0124 0x1fd4  SharedAccess - ok
09:15:14.0169 0x1fd4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:15:14.0259 0x1fd4  ShellHWDetection - ok
09:15:14.0292 0x1fd4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
09:15:14.0324 0x1fd4  SiSRaid2 - ok
09:15:14.0344 0x1fd4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:15:14.0366 0x1fd4  SiSRaid4 - ok
09:15:14.0436 0x1fd4  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:15:14.0465 0x1fd4  SkypeUpdate - ok
09:15:14.0512 0x1fd4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:15:14.0586 0x1fd4  Smb - ok
09:15:14.0638 0x1fd4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:15:14.0673 0x1fd4  SNMPTRAP - ok
09:15:14.0698 0x1fd4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:15:14.0718 0x1fd4  spldr - ok
09:15:14.0777 0x1fd4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
09:15:14.0830 0x1fd4  Spooler - ok
09:15:15.0001 0x1fd4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:15:15.0269 0x1fd4  sppsvc - ok
09:15:15.0291 0x1fd4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:15:15.0354 0x1fd4  sppuinotify - ok
09:15:15.0394 0x1fd4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:15:15.0449 0x1fd4  srv - ok
09:15:15.0491 0x1fd4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:15:15.0559 0x1fd4  srv2 - ok
09:15:15.0580 0x1fd4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:15:15.0609 0x1fd4  srvnet - ok
09:15:15.0645 0x1fd4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:15:15.0732 0x1fd4  SSDPSRV - ok
09:15:15.0752 0x1fd4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:15:15.0877 0x1fd4  SstpSvc - ok
09:15:15.0898 0x1fd4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
09:15:15.0918 0x1fd4  stexstor - ok
09:15:15.0978 0x1fd4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:15:16.0040 0x1fd4  stisvc - ok
09:15:16.0071 0x1fd4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:15:16.0090 0x1fd4  swenum - ok
09:15:16.0139 0x1fd4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
09:15:16.0238 0x1fd4  swprv - ok
09:15:16.0288 0x1fd4  [ E6A9BD45EF10EFA2EB2D380A32FBA7B6, 520798E914A0C99E59FBBF05E4DC98A0C6DEEBE3D799CC99DF5456A9E3D7A0A1 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
09:15:16.0323 0x1fd4  SynTP - ok
09:15:16.0413 0x1fd4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
09:15:16.0545 0x1fd4  SysMain - ok
09:15:16.0598 0x1fd4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:15:16.0662 0x1fd4  TabletInputService - ok
09:15:16.0690 0x1fd4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:15:16.0771 0x1fd4  TapiSrv - ok
09:15:16.0789 0x1fd4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
09:15:16.0852 0x1fd4  TBS - ok
09:15:16.0970 0x1fd4  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:15:17.0073 0x1fd4  Tcpip - ok
09:15:17.0164 0x1fd4  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:15:17.0259 0x1fd4  TCPIP6 - ok
09:15:17.0295 0x1fd4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:15:17.0317 0x1fd4  tcpipreg - ok
09:15:17.0343 0x1fd4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:15:17.0419 0x1fd4  TDPIPE - ok
09:15:17.0441 0x1fd4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:15:17.0472 0x1fd4  TDTCP - ok
09:15:17.0495 0x1fd4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:15:17.0573 0x1fd4  tdx - ok
09:15:17.0920 0x1fd4  [ 3438EFDC30F7A41D3598ED60BBF6CF2A, 342B8E78DF6B4BA641C5CCB5B1343B363B770681F0794A809728789E3BE56E46 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
09:15:18.0112 0x1fd4  TeamViewer9 - ok
09:15:18.0155 0x1fd4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:15:18.0173 0x1fd4  TermDD - ok
09:15:18.0225 0x1fd4  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
09:15:18.0317 0x1fd4  TermService - ok
09:15:18.0341 0x1fd4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:15:18.0371 0x1fd4  Themes - ok
09:15:18.0397 0x1fd4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:15:18.0449 0x1fd4  THREADORDER - ok
09:15:18.0485 0x1fd4  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
09:15:18.0513 0x1fd4  TPM - ok
09:15:18.0535 0x1fd4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:15:18.0662 0x1fd4  TrkWks - ok
09:15:18.0771 0x1fd4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:15:18.0835 0x1fd4  TrustedInstaller - ok
09:15:18.0863 0x1fd4  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:15:18.0899 0x1fd4  tssecsrv - ok
09:15:18.0929 0x1fd4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:15:18.0953 0x1fd4  TsUsbFlt - ok
09:15:18.0966 0x1fd4  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
09:15:18.0994 0x1fd4  TsUsbGD - ok
09:15:19.0033 0x1fd4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:15:19.0104 0x1fd4  tunnel - ok
09:15:19.0122 0x1fd4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:15:19.0143 0x1fd4  uagp35 - ok
09:15:19.0178 0x1fd4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:15:19.0253 0x1fd4  udfs - ok
09:15:19.0295 0x1fd4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:15:19.0322 0x1fd4  UI0Detect - ok
09:15:19.0351 0x1fd4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:15:19.0372 0x1fd4  uliagpkx - ok
09:15:19.0402 0x1fd4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:15:19.0441 0x1fd4  umbus - ok
09:15:19.0466 0x1fd4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
09:15:19.0541 0x1fd4  UmPass - ok
09:15:19.0628 0x1fd4  [ A0153CC9D28568A10BDAEE5EC612CFC8, C980FBB978545A1DDCA9FAB88CD9468FE1EF39D93272F0BEE13B7625B9787547 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:15:19.0662 0x1fd4  UNS - ok
09:15:19.0703 0x1fd4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:15:19.0790 0x1fd4  upnphost - ok
09:15:19.0837 0x1fd4  [ 4E93C8496359E97830C75AC36393654D, D0482257B019512D77484D92E4DEFEFE4FED53CB440ACB7AA879D6FD0574FA9A ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
09:15:19.0918 0x1fd4  upperdev - ok
09:15:19.0957 0x1fd4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:15:20.0001 0x1fd4  usbccgp - ok
09:15:20.0042 0x1fd4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:15:20.0089 0x1fd4  usbcir - ok
09:15:20.0127 0x1fd4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:15:20.0159 0x1fd4  usbehci - ok
09:15:20.0232 0x1fd4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:15:20.0282 0x1fd4  usbhub - ok
09:15:20.0315 0x1fd4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:15:20.0337 0x1fd4  usbohci - ok
09:15:20.0419 0x1fd4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:15:20.0455 0x1fd4  usbprint - ok
09:15:20.0489 0x1fd4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:15:20.0522 0x1fd4  usbscan - ok
09:15:20.0551 0x1fd4  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
09:15:20.0581 0x1fd4  usbser - ok
09:15:20.0592 0x1fd4  [ 8844CB19A37B65E27049D4A7786726A9, 4D772174A320F02E2F87BDF8C6EBBFDE04C9763D3C21FE9557DE938521508A59 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
09:15:20.0631 0x1fd4  UsbserFilt - ok
09:15:20.0646 0x1fd4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:15:20.0688 0x1fd4  USBSTOR - ok
09:15:20.0716 0x1fd4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:15:20.0737 0x1fd4  usbuhci - ok
09:15:20.0789 0x1fd4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
09:15:20.0829 0x1fd4  usbvideo - ok
09:15:20.0859 0x1fd4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
09:15:20.0967 0x1fd4  UxSms - ok
09:15:20.0989 0x1fd4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
09:15:21.0011 0x1fd4  VaultSvc - ok
09:15:21.0050 0x1fd4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:15:21.0070 0x1fd4  vdrvroot - ok
09:15:21.0132 0x1fd4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
09:15:21.0231 0x1fd4  vds - ok
09:15:21.0253 0x1fd4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:15:21.0280 0x1fd4  vga - ok
09:15:21.0293 0x1fd4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:15:21.0368 0x1fd4  VgaSave - ok
09:15:21.0389 0x1fd4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:15:21.0417 0x1fd4  vhdmp - ok
09:15:21.0439 0x1fd4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:15:21.0458 0x1fd4  viaide - ok
09:15:21.0480 0x1fd4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:15:21.0501 0x1fd4  volmgr - ok
09:15:21.0535 0x1fd4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:15:21.0569 0x1fd4  volmgrx - ok
09:15:21.0592 0x1fd4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:15:21.0624 0x1fd4  volsnap - ok
09:15:21.0654 0x1fd4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:15:21.0679 0x1fd4  vsmraid - ok
09:15:21.0774 0x1fd4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
09:15:21.0924 0x1fd4  VSS - ok
09:15:21.0941 0x1fd4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:15:21.0975 0x1fd4  vwifibus - ok
09:15:22.0004 0x1fd4  [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:15:22.0027 0x1fd4  vwififlt - ok
09:15:22.0072 0x1fd4  [ 49003B357D101CDC474937437ECF5ABC, D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:15:22.0105 0x1fd4  vwifimp - ok
09:15:22.0158 0x1fd4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
09:15:22.0237 0x1fd4  W32Time - ok
09:15:22.0263 0x1fd4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:15:22.0285 0x1fd4  WacomPen - ok
09:15:22.0359 0x1fd4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:15:22.0434 0x1fd4  WANARP - ok
09:15:22.0444 0x1fd4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:15:22.0502 0x1fd4  Wanarpv6 - ok
09:15:22.0599 0x1fd4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:15:22.0673 0x1fd4  WatAdminSvc - ok
09:15:22.0756 0x1fd4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:15:22.0857 0x1fd4  wbengine - ok
09:15:22.0881 0x1fd4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:15:22.0923 0x1fd4  WbioSrvc - ok
09:15:22.0949 0x1fd4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:15:23.0007 0x1fd4  wcncsvc - ok
09:15:23.0025 0x1fd4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:15:23.0051 0x1fd4  WcsPlugInService - ok
09:15:23.0082 0x1fd4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
09:15:23.0101 0x1fd4  Wd - ok
09:15:23.0215 0x1fd4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:15:23.0272 0x1fd4  Wdf01000 - ok
09:15:23.0305 0x1fd4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:15:23.0353 0x1fd4  WdiServiceHost - ok
09:15:23.0361 0x1fd4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:15:23.0395 0x1fd4  WdiSystemHost - ok
09:15:23.0445 0x1fd4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
09:15:23.0481 0x1fd4  WebClient - ok
09:15:23.0514 0x1fd4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:15:23.0596 0x1fd4  Wecsvc - ok
09:15:23.0613 0x1fd4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:15:23.0678 0x1fd4  wercplsupport - ok
09:15:23.0709 0x1fd4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:15:23.0773 0x1fd4  WerSvc - ok
09:15:23.0809 0x1fd4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:15:23.0867 0x1fd4  WfpLwf - ok
09:15:23.0889 0x1fd4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:15:23.0908 0x1fd4  WIMMount - ok
09:15:23.0935 0x1fd4  WinDefend - ok
09:15:23.0961 0x1fd4  WinHttpAutoProxySvc - ok
09:15:24.0064 0x1fd4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:15:24.0134 0x1fd4  Winmgmt - ok
09:15:24.0247 0x1fd4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:15:24.0406 0x1fd4  WinRM - ok
09:15:24.0486 0x1fd4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:15:24.0514 0x1fd4  WinUsb - ok
09:15:24.0577 0x1fd4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:15:24.0670 0x1fd4  Wlansvc - ok
09:15:24.0721 0x1fd4  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:15:24.0739 0x1fd4  wlcrasvc - ok
09:15:24.0915 0x1fd4  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:15:25.0031 0x1fd4  wlidsvc - ok
09:15:25.0079 0x1fd4  [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
09:15:25.0097 0x1fd4  WmBEnum - ok
09:15:25.0142 0x1fd4  [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
09:15:25.0160 0x1fd4  WmFilter - ok
09:15:25.0199 0x1fd4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:15:25.0272 0x1fd4  WmiAcpi - ok
09:15:25.0313 0x1fd4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:15:25.0360 0x1fd4  wmiApSrv - ok
09:15:25.0399 0x1fd4  WMPNetworkSvc - ok
09:15:25.0428 0x1fd4  [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
09:15:25.0446 0x1fd4  WmVirHid - ok
09:15:25.0467 0x1fd4  [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
09:15:25.0487 0x1fd4  WmXlCore - ok
09:15:25.0536 0x1fd4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:15:25.0562 0x1fd4  WPCSvc - ok
09:15:25.0584 0x1fd4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:15:25.0617 0x1fd4  WPDBusEnum - ok
09:15:25.0638 0x1fd4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:15:25.0709 0x1fd4  ws2ifsl - ok
09:15:25.0735 0x1fd4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
09:15:25.0772 0x1fd4  wscsvc - ok
09:15:25.0777 0x1fd4  WSearch - ok
09:15:25.0814 0x1fd4  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
09:15:25.0836 0x1fd4  wsvd - ok
09:15:25.0969 0x1fd4  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:15:26.0097 0x1fd4  wuauserv - ok
09:15:26.0138 0x1fd4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:15:26.0177 0x1fd4  WudfPf - ok
09:15:26.0252 0x1fd4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:15:26.0297 0x1fd4  WUDFRd - ok
09:15:26.0329 0x1fd4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:15:26.0369 0x1fd4  wudfsvc - ok
09:15:26.0441 0x1fd4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:15:26.0490 0x1fd4  WwanSvc - ok
09:15:26.0679 0x1fd4  [ 74713CB32792F9C7632DAA7DA22CA974, 1B1D907F8F18AE22E36F371EE6417D068C01FB4F9413571444AF3845A27F3C4D ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
09:15:26.0721 0x1fd4  ZeroConfigService - ok
09:15:26.0771 0x1fd4  ================ Scan global ===============================
09:15:26.0808 0x1fd4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:15:26.0900 0x1fd4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:15:26.0922 0x1fd4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:15:26.0952 0x1fd4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:15:26.0985 0x1fd4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:15:27.0000 0x1fd4  [ Global ] - ok
09:15:27.0001 0x1fd4  ================ Scan MBR ==================================
09:15:27.0011 0x1fd4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:15:27.0447 0x1fd4  \Device\Harddisk0\DR0 - ok
09:15:27.0447 0x1fd4  ================ Scan VBR ==================================
09:15:27.0474 0x1fd4  [ 869B98D233B73348B3DC5C60C4F03855 ] \Device\Harddisk0\DR0\Partition1
09:15:27.0605 0x1fd4  \Device\Harddisk0\DR0\Partition1 - ok
09:15:27.0637 0x1fd4  [ 91469A43BB496D302D240F4A5C246A46 ] \Device\Harddisk0\DR0\Partition2
09:15:27.0695 0x1fd4  \Device\Harddisk0\DR0\Partition2 - ok
09:15:27.0710 0x1fd4  [ 49B3464D21BEF6D194BC3C78F1A1FBCD ] \Device\Harddisk0\DR0\Partition3
09:15:27.0712 0x1fd4  \Device\Harddisk0\DR0\Partition3 - ok
09:15:27.0713 0x1fd4  ================ Scan generic autorun ======================
09:15:27.0767 0x1fd4  [ B026C52A81F572C56278E5B1A41A2C7A, 5CA869BF3E0F16CD3307EBFE701B27DC153301A9F40688754FBD00FB706ADA2D ] C:\Windows\system32\igfxtray.exe
09:15:27.0792 0x1fd4  IgfxTray - ok
09:15:27.0837 0x1fd4  [ 7F6C2FE69233F41D6EC2E8D363710B35, 5FC2003E8181DF365E8FA46024DC9C790B5DD7B9C9BAB1F4395FA0F9C372A7C6 ] C:\Windows\system32\hkcmd.exe
09:15:27.0871 0x1fd4  HotKeysCmds - ok
09:15:27.0908 0x1fd4  [ 5AFAA6ECAFC030C9B5533A242BE26091, 932FF50C76FCC0798794C275A067BD1737BFF0629D464D831A26594E9E092479 ] C:\Windows\system32\igfxpers.exe
09:15:27.0945 0x1fd4  Persistence - ok
09:15:27.0947 0x1fd4  SynTPEnh - ok
09:15:27.0950 0x1fd4  SynLenovoGestureMgr - ok
09:15:28.0515 0x1fd4  [ 6522AA1BCFC503A2417B7358E31F4EB9, 7E0AC65A1A99877DAFC139C7F712C19A92FED4D1E80BD8DC6FD857EA2D40E1CA ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
09:15:29.0060 0x1fd4  RtHDVCpl - ok
09:15:29.0167 0x1fd4  [ 350AE710634AF327DDC90B897BBBA23A, E4F0C0D50894A9CA63311AC48EA22F7B9BCA35AE3AC71AD6259C0FAC6FA134B9 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
09:15:29.0230 0x1fd4  RtHDVBg_Dolby - ok
09:15:29.0329 0x1fd4  [ 667A123E3E5A95FFDEE3D16B4DC974AA, 1816EAE12EEE46E00E7509858C11A18C7A2BA86FE0A3DD1328DC87E21F609807 ] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
09:15:29.0376 0x1fd4  OnekeyStudio - ok
09:15:29.0470 0x1fd4  [ 3FB4E7E2069F0FD9E15ABC18D605E427, 2FFC218E575DA9E8C86E468227B302752C73EA3246CC0A599D7BCC41ED404F4D ] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe
09:15:29.0494 0x1fd4  UpdatePRCShortCut - ok
09:15:29.0886 0x1fd4  [ 0C971FB9C511505E16D5E8A1340FD37E, 46B14D1EE5C9CBCAEFC8B952DCFFEC0F994D8897DDA8F0A53696615EC1149F88 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
09:15:30.0188 0x1fd4  Energy Management - ok
09:15:30.0477 0x1fd4  [ A0C651367C263C89212B3684977D8FBC, 2269C27E2A5509093733471D794E094EFCEBD8BFA7B0C0615B4C97AB9A0C9DD1 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
09:15:30.0792 0x1fd4  EnergyUtility - ok
09:15:30.0861 0x1fd4  [ 3F35AC7163E403C1FA8D34EB2FF36302, 47AE59E315A2BAE7003A18BFDC3859EFBED511822F4BA5F2E02C6D2464A019C1 ] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
09:15:30.0880 0x1fd4  Lenovo EE Boot Optimizer - ok
09:15:30.0934 0x1fd4  [ 0104F4CA73154C23FFB449501F6D2D53, 0610AC01C06CC15D67F11C0EE00097A4D0A56B9EED16489FD3306EC2E1E6F301 ] C:\Program Files\Logitech\Gaming Software\LWEMon.exe
09:15:30.0958 0x1fd4  Start WingMan Profiler - ok
09:15:31.0068 0x1fd4  [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
09:15:31.0097 0x1fd4  USB3MON - ok
09:15:31.0144 0x1fd4  [ 7D6C13D5D2A120BFD0776CB3AB2C6B8F, 2787EB6EA4DDD627DCCE967A5CEBF37E112ED86B3C62F1A8F2DC214FF7A97DD1 ] C:\Program Files (x86)\LockKey\LockKey.exe
09:15:31.0173 0x1fd4  LockKey - ok
09:15:31.0228 0x1fd4  [ 766AE515B1749F2141E418CC6C08515B, 02DDB5A7DB8278AA47A951604818E73DB69155DBF1ECD06B6E11926204EADAE7 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
09:15:31.0257 0x1fd4  IAStorIcon - ok
09:15:31.0299 0x1fd4  [ 487620AB26D4286EB076ADCACB500E7C, 024D7D240D2AE9BBB6FEA81E2C58D431C9A41A8E2C55263CCF30182506C197E3 ] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
09:15:31.0326 0x1fd4  Intelligent Touchpad - ok
09:15:31.0373 0x1fd4  [ B00F98FF6FE8682FF941BEB2559BF191, EB443E294C5609F426BF6EE388F3A4B71EFE2C6A8216C0F6DE7AE6DB382BF620 ] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
09:15:31.0453 0x1fd4  YouCam Mirage - ok
09:15:31.0472 0x1fd4  [ 7CD9BF0A5F47F9584E59BDF674FD1C5D, 821F2A5380B1E64B0629D67259BA92A923D5D405526CB6C44BC422294C031C1F ] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe
09:15:31.0496 0x1fd4  YouCam Tray - detected UnsignedFile.Multi.Generic ( 1 )
09:15:34.0380 0x1fd4  Detect skipped due to KSN trusted
09:15:34.0380 0x1fd4  YouCam Tray - ok
09:15:34.0473 0x1fd4  [ A01FB0B0C58319FB350A53EDAA947D36, F096607CEA3EB1D569B9767B98C1409F54332A97B78848BC3CBEB92FDFAAB787 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
09:15:34.0497 0x1fd4  UpdateP2GShortCut - ok
09:15:34.0553 0x1fd4  [ 7A0380A50F4D11D996BDA159437D2968, E7A52ADBEFB8BCA0F7503677A0986FA0FD5FC0F6EA9E556F342D5A7C858B72F2 ] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
09:15:34.0581 0x1fd4  VeriFaceManager - ok
09:15:34.0685 0x1fd4  [ 3FB4E7E2069F0FD9E15ABC18D605E427, 2FFC218E575DA9E8C86E468227B302752C73EA3246CC0A599D7BCC41ED404F4D ] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe
09:15:34.0707 0x1fd4  UpdatePRCShortCut - ok
09:15:34.0769 0x1fd4  [ 538A6B67EAF0BE4F9CF7E8420128C4F8, 8CAAB09AE8BAF301FFD0B7B6A88FC2C70ADBCEA0D0F56C6061F97660B2928A95 ] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe
09:15:34.0785 0x1fd4  IndexSearch - ok
09:15:34.0802 0x1fd4  [ 7E72DD0452B7B2D422B55EC7169DE6AE, 1B84D9F18FF5DE3ECC5D540F17810FB152B6D9D92699613FCB933F1109B32226 ] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe
09:15:34.0817 0x1fd4  PaperPort PTD - ok
09:15:34.0896 0x1fd4  [ 9F0ACAA725CF5A391AF7E2067AE45746, CA7F3C2C9D4DCB135ECBFFEB3448D272552B5DB720E0A526B4AC07B1F5E8BC9E ] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe
09:15:34.0936 0x1fd4  PDFHook - ok
09:15:34.0951 0x1fd4  [ 154420A93E4F676AA33A055A116255D9, DF76577C22EBB439DF2B72D1B6B7A465F067CCEC886FC7A7FB337865DA1DB914 ] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe
09:15:34.0968 0x1fd4  PDF5 Registry Controller - ok
09:15:35.0086 0x1fd4  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
09:15:35.0109 0x1fd4  BCSSync - ok
09:15:35.0207 0x1fd4  [ FE821F6FA60E9DF9FDEE69A23488BBAB, 98D9926152FDA45705F5E208D7236E467CAEEF83D756A14B4104EBF804644B29 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:15:35.0259 0x1fd4  Adobe ARM - ok
09:15:35.0407 0x1fd4  [ 6F5C9785C05D23DABE407653C12B8A05, 3EC2AACE39D47BC3C34CC8F53DA652A5FFE3A09304AB77AFCF17D4E5CC10F82E ] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe
09:15:35.0618 0x1fd4  ISUSPM - ok
09:15:35.0725 0x1fd4  [ 63C0C3C8A846CB655CD512234959196F, 1827892481A4670D3EAA055C22BDF5BB6EE41597EF0E8F076E42482FA4FC6401 ] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe
09:15:35.0753 0x1fd4  DNS7reminder - ok
09:15:35.0815 0x1fd4  [ 0E191A6083D372CFF2606BBDBEF9EC80, F5749E87CB7A919A8713EAE85BEB6FEE21298EA731786F58337A9F2479BB5C87 ] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe
09:15:35.0849 0x1fd4  RUNUPDATER - ok
09:15:35.0935 0x1fd4  [ AF2588F3E785D6F47AE205A765E7E370, 1E560E381DEC665E674EBC5237FADE7073D17D7BBCDB4A8C3B7BB0527A0FEE2C ] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe
09:15:35.0992 0x1fd4  Dell 1355 MFP Launcher - ok
09:15:36.0129 0x1fd4  [ 0CE386783FCE0F62182E8AAADEFEB602, 5A5FBE48C90A840970D8FBB65C0A831BC975C370D69158418E8385BDB604F2C4 ] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe
09:15:36.0328 0x1fd4  Dell 1355 MFP RUN - ok
09:15:36.0515 0x1fd4  [ 0F9DB40B959007C5D6A2723C397FF81B, 6813BA53B0285EFEB77913C2E57196465E258580D81C2259A27F768D4E222731 ] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe
09:15:36.0729 0x1fd4  StatusAutoRun - ok
09:15:36.0801 0x1fd4  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
09:15:36.0828 0x1fd4  SunJavaUpdateSched - ok
09:15:36.0898 0x1fd4  [ C873D23010D5347AE9E347D806D5E033, B1934DC629CDB23B33151B792586BFBB4E59173CDB88D86E71D9A2869B940742 ] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe
09:15:36.0928 0x1fd4  Virtual Account Numbers - detected UnsignedFile.Multi.Generic ( 1 )
09:15:39.0690 0x1fd4  Virtual Account Numbers ( UnsignedFile.Multi.Generic ) - warning
09:15:39.0690 0x1fd4  Force sending object to P2P due to detect: C:\PROGRA~2\VIRTUA~1\CitiVAN.exe
09:15:42.0420 0x1fd4  Object send P2P result: true
09:15:45.0052 0x1fd4  [ E43A851F7B12DE589424D6C656155CFC, FD42172921C18D1BBDFC0C5CFFFD6D0534764D770E210CA3E1DF61A66A99BE62 ] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
09:15:45.0093 0x1fd4  AdobeCS4ServiceManager - ok
09:15:45.0208 0x1fd4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:15:45.0305 0x1fd4  Sidebar - ok
09:15:45.0328 0x1fd4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:15:45.0375 0x1fd4  mctadmin - ok
09:15:45.0424 0x1fd4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:15:45.0500 0x1fd4  Sidebar - ok
09:15:45.0510 0x1fd4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:15:45.0543 0x1fd4  mctadmin - ok
09:15:45.0592 0x1fd4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:15:45.0667 0x1fd4  Sidebar - ok
09:15:45.0672 0x1fd4  Power2GoExpress - ok
09:15:45.0714 0x1fd4  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
09:15:45.0730 0x1fd4  swg - ok
09:15:45.0806 0x1fd4  [ F3D7BBAB6DB69B0A9F64818468C92492, A82656688B9F28ED7C4A0F0B2232E9EB7ACE935A9EADCBC94FC3441B866D1AC1 ] C:\Program Files (x86)\BitTorrent\BitTorrent.exe
09:15:45.0900 0x1fd4  BitTorrent - ok
09:15:46.0000 0x1fd4  [ 6F5C9785C05D23DABE407653C12B8A05, 3EC2AACE39D47BC3C34CC8F53DA652A5FFE3A09304AB77AFCF17D4E5CC10F82E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
09:15:46.0097 0x1fd4  ISUSPM - ok
09:15:46.0116 0x1fd4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:15:46.0148 0x1fd4  mctadmin - ok
09:15:46.0169 0x1fd4  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
09:15:46.0182 0x1fd4  swg - ok
09:15:46.0273 0x1fd4  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
09:15:46.0369 0x1fd4  Sidebar - ok
09:15:46.0490 0x1fd4  [ 6F5C9785C05D23DABE407653C12B8A05, 3EC2AACE39D47BC3C34CC8F53DA652A5FFE3A09304AB77AFCF17D4E5CC10F82E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
09:15:46.0578 0x1fd4  ISUSPM - ok
09:15:46.0806 0x1fd4  [ A974F7EB760451D7CF7342F9E088DBB0, 71D789252C837DA6A276F47B78D5A9F8E087EDCB35840A908802B9954A21F2CE ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
09:15:46.0965 0x1fd4  DAEMON Tools Lite - ok
09:15:47.0074 0x1fd4  [ 66E3878250E18FEDBA32CB90DA917005, 199DA21E7A269334E6F0BE7A73D3CA28F716CF32183DF9D50B282DAAFAE1D309 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
09:15:47.0133 0x1fd4  GarminExpressTrayApp - ok
09:15:47.0398 0x1fd4  [ 0EDB79B230DBC6A0670CE731AB502542, 2D4305F5E2B365138B5CBF43D67BF00F68DDC9ED1CA25064BE08F1626C3BB9FF ] C:\Program Files (x86)\CounterPath\eyeBeam 1.5\eyeBeam.exe
09:15:47.0708 0x1fd4  eyeBeam SIP Client - detected UnsignedFile.Multi.Generic ( 1 )
09:15:50.0440 0x1fd4  Detect skipped due to KSN trusted
09:15:50.0440 0x1fd4  eyeBeam SIP Client - ok
09:15:50.0556 0x1fd4  [ B43E68B8A022FB00FF54360D408E871B, 414F8F45729CAEC81A09A72A473EB12DC2ED861C39DFD343ECE79652F65DCEA8 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
09:15:50.0607 0x1fd4  GoogleChromeAutoLaunch_A6887837C6737F3E967A0AC35E152386 - ok
09:15:50.0610 0x1fd4  Waiting for KSN requests completion. In queue: 188
09:15:51.0610 0x1fd4  Waiting for KSN requests completion. In queue: 188
09:15:52.0610 0x1fd4  Waiting for KSN requests completion. In queue: 188
09:15:53.0610 0x1fd4  Waiting for KSN requests completion. In queue: 174
09:15:54.0610 0x1fd4  Waiting for KSN requests completion. In queue: 174
09:15:55.0610 0x1fd4  Waiting for KSN requests completion. In queue: 174
09:15:56.0610 0x1fd4  Waiting for KSN requests completion. In queue: 174
09:15:57.0610 0x1fd4  Waiting for KSN requests completion. In queue: 174
09:15:58.0610 0x1fd4  Waiting for KSN requests completion. In queue: 174
09:15:59.0610 0x1fd4  Waiting for KSN requests completion. In queue: 174
09:16:00.0610 0x1fd4  Waiting for KSN requests completion. In queue: 174
09:16:01.0699 0x1fd4  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x41000 ( enabled : updated )
09:16:01.0724 0x1fd4  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmifw.exe ( 14.0.0.4651 ), 0x41010 ( enabled )
09:16:04.0317 0x1fd4  ============================================================
09:16:04.0317 0x1fd4  Scan finished
09:16:04.0317 0x1fd4  ============================================================
09:16:04.0332 0x1614  Detected object count: 1
09:16:04.0332 0x1614  Actual detected object count: 1
 
 
=============================================================================================================================================
 
Thank you very much,
 
Showup

  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looks good, let's scan for remnants and check for any out of date programs. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#7
showup

showup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here are the logs:

==============

  •  

  • ESET Scan Log

  • ==========


  • [email protected] as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    # product=EOS
    # version=8
    # IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
    # OnlineScanner.ocx=1.0.0.7623
    # api_version=3.0.2
    # EOSSerial=c9a0466eae12be458681a23583d4a237
    # engine=19470
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2014-08-02 06:57:39
    # local_time=2014-08-02 02:57:39 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode_1='Kaspersky Internet Security'
    # compatibility_mode=1292 16777213 100 100 0 37540681 0 0
    # compatibility_mode_1=''
    # compatibility_mode=5893 16776573 100 94 0 158549309 0 0
    # scanned=632240
    # found=19
    # cleaned=0
    # scan_time=15098
    sh=9902E077C91F1F53DF01F51FF3B3D03417679DA0 ft=1 fh=25df12a26b3f5513 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Program Files (x86)\MetaTrader 4\experts\libraries\frp6.dll"
    sh=9BF14CD4B09B76221BCEF7895DADDA23997C0C4E ft=1 fh=836d96b2f4f56ab7 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Program Files (x86)\MetaTrader 4\experts\libraries\MillionDollarPips.dll"
    sh=9902E077C91F1F53DF01F51FF3B3D03417679DA0 ft=1 fh=25df12a26b3f5513 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Program Files (x86)\MetaTrader 4\MQL4\Libraries\frp6.dll"
    sh=9BF14CD4B09B76221BCEF7895DADDA23997C0C4E ft=1 fh=836d96b2f4f56ab7 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Program Files (x86)\MetaTrader 4\MQL4\Libraries\MillionDollarPips.dll"
    sh=9902E077C91F1F53DF01F51FF3B3D03417679DA0 ft=1 fh=25df12a26b3f5513 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Program Files (x86)\Trading\MT4_2\experts\libraries\frp6.dll"
    sh=9BF14CD4B09B76221BCEF7895DADDA23997C0C4E ft=1 fh=836d96b2f4f56ab7 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Program Files (x86)\Trading\MT4_2\experts\libraries\MillionDollarPips.dll"
    sh=9902E077C91F1F53DF01F51FF3B3D03417679DA0 ft=1 fh=25df12a26b3f5513 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Program Files (x86)\Trading\MT4_2\MQL4\Libraries\frp6.dll"
    sh=9BF14CD4B09B76221BCEF7895DADDA23997C0C4E ft=1 fh=836d96b2f4f56ab7 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Program Files (x86)\Trading\MT4_2\MQL4\Libraries\MillionDollarPips.dll"
    sh=9BF14CD4B09B76221BCEF7895DADDA23997C0C4E ft=1 fh=836d96b2f4f56ab7 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Program Files (x86)\Trading\MT4_3\MQL4\Libraries\MillionDollarPips.dll"
    sh=A2CA216311CCF37BDC6E8AE337C2D7E8619DDD61 ft=1 fh=f5f352b909661229 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Users\Thiyagi\Documents\Dropbox\Business\Invest\Forex\EAs and Indicators\Purchased Ones\ForexRealProfitEA_v6.06\ForexRealProfitEA_v6.06\frp6.dll"
    sh=A2CA216311CCF37BDC6E8AE337C2D7E8619DDD61 ft=1 fh=f5f352b909661229 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Users\Thiyagi\Documents\Dropbox\Business\Invest\Forex\Selected EAs in use\ForexRealProfitEA\ForexRealProfitEAv6.06\frp6.dll"
    sh=459896B7BE533D0E51051EA75430E45BC8E0E3A3 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Users\Thiyagi\Documents\Dropbox\Business\Invest\Forex\Selected EAs in use\ForexRealProfitEA\ForexRealProfitEA_v6.10\ForexRealProfitEA_Live_Ver6.10.zip"
    sh=A2ACAC68FF9543CAEB57D7665139ECB509B67189 ft=1 fh=a7360144f4af7be7 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Users\Thiyagi\Documents\Dropbox\Software_Orginals\Express Talk\Free Ver\talksetup.exe"
    sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Thiyagi\Downloads\cbsidlm-tr1_13-KLite_Mega_Codec_Pack-SEO-10794603.exe"
    sh=E968BDABB651E3AE21F2603DEE6FCC5CE463958E ft=0 fh=0000000000000000 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Users\Thiyagi\Downloads\ForexRealProfitEA_Live.zip"
    sh=F28137A9C28D2B6A2281274D29121449EE6F3120 ft=1 fh=646c1af7ad51374b vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Thiyagi\Downloads\FreemakeVideoConverterSetup.exe"
    sh=0D22626183C7EA3E17C08D209D782FDFB24377EA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Thiyagi\Downloads\NeuroShell_Day_Trader_Pro_5.5.rar"
    sh=9902E077C91F1F53DF01F51FF3B3D03417679DA0 ft=1 fh=25df12a26b3f5513 vn="probably a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Users\Thiyagi\Downloads\ForexRealProfitEA_Live\ForexRealProfitEA_v6.10\ForexRealProfitEA_v6.10\frp6.dll"
    sh=374ED059A53890FE8C9A2C1A2BD26DCC94E49528 ft=1 fh=4e86c3c8e568e45b vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\08022014_064537\C_Users\Thiyagi\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe"
     

  • MBAM Log

=========

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/2/2014
Scan Time: 9:50:29 AM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.02.03
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Thiyagi
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335741
Time Elapsed: 13 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.SolidSavings.A, C:\Users\Thiyagi\AppData\Local\Solid Savings, Quarantined, [135701c04f2c47ef1ee806b720e2e917], 
 
Files: 3
PUP.Optional.OptimumInstaller.A, C:\Users\Thiyagi\Downloads\update.exe, Quarantined, [64062e939fdcc0762016fc5ba55ce11f], 
PUP.Optional.OptimumInstaller.A, C:\Users\Thiyagi\Downloads\Player-Chrome.exe, Quarantined, [5614f7cacab1d3637db971e618e95da3], 
PUP.Optional.CrossRider.A, C:\Users\Thiyagi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cijeeimilokkhlfjombmalgpabbonmah_0.localstorage-journal, Quarantined, [9dcd2e93f289bb7b437fca1d09f94cb4], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
  • SecurityCheck Log

  • ===========

  •  Results of screen317's Security Check version 0.99.86  
     Windows 7 Service Pack 1 x64 (UAC is disabled!)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:`````````````` 
     Windows Firewall Enabled!  
    Kaspersky Internet Security   
     Antivirus up to date!   
    `````````Anti-malware/Other Utilities Check:````````` 
     JavaFX 2.1.0    
     Java 7 Update 55  
     Java version out of Date! 
     Adobe Reader XI  
     Google Chrome 35.0.1916.153  
     Google Chrome 36.0.1985.125  
    ````````Process Check: objlist.exe by Laurent````````  
     Malwarebytes Anti-Malware mbamservice.exe  
     Malwarebytes Anti-Malware mbam.exe  
     Malwarebytes Anti-Malware mbamscheduler.exe   
     Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
     Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
     Kaspersky Lab Kaspersky Internet Security 14.0.0 plugin-nm-server.exe  
    `````````````````System Health check````````````````` 
     Total Fragmentation on Drive C: 1% 
    ````````````````````End of Log`````````````````````` 
    ==============================================================================================================

 
Thank you very much,
 
Showup

  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:Files
C:\Users\Thiyagi\Downloads\cbsidlm-tr1_13-KLite_Mega_Codec_Pack-SEO-10794603.exe
C:\Users\Thiyagi\Downloads\FreemakeVideoConverterSetup.exe
C:\Users\Thiyagi\Documents\Dropbox\Software_Orginals\Express Talk\Free Ver\talksetup.exe

:Commands
[reboot]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. If the log doesn't open upon reboot, you can find a copy of it here: C:\_OTL\MovedFiles Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.

Things I need to see in your next post:

OTL Fix Log

  • 0

#9
showup

showup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Here you go:

 

 

OTL Fix Log

=======

 

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Thiyagi\Downloads\cbsidlm-tr1_13-KLite_Mega_Codec_Pack-SEO-10794603.exe moved successfully.
C:\Users\Thiyagi\Downloads\FreemakeVideoConverterSetup.exe moved successfully.
C:\Users\Thiyagi\Documents\Dropbox\Software_Orginals\Express Talk\Free Ver\talksetup.exe moved successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 08022014_164528
 
===========================================================================================
 
Thank you,
Showup

  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Enable UAC in Windows
  • Open User Account Control Settings by clicking the Start button and then clicking Control Panel
  • In the Search Box, type in uac and then click Change User Account Control settings.
  • To turn on UAC, move the slider to choose when you want to be notified, and then click OK.
  • If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Step 3: Warning About Java and Installation of FileHippo


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa
  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 4: Tips, Information, and Optional Installation of UnChecky


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Step 5: Protection Against CryptoLocker


A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

CryptoPrevent_zps1a3866db.jpg


Are there any further issues I can help you with?
  • 0

Advertisements


#11
showup

showup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the log:
 
=============================================
# DelFix v10.8 - Logfile created 02/08/2014 at 20:08:15
# Updated 29/07/2014 by Xplode
# Username : Thiyagi - THIYAGI_LENOVO
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.40_02.08.2014_09.13.34_log.txt
Deleted : C:\Users\Thiyagi\Desktop\AdwCleaner.exe
Deleted : C:\Users\Thiyagi\Desktop\Extras1.Txt
Deleted : C:\Users\Thiyagi\Desktop\JRT.exe
Deleted : C:\Users\Thiyagi\Desktop\JRT.txt
Deleted : C:\Users\Thiyagi\Desktop\OTL.Txt
Deleted : C:\Users\Thiyagi\Desktop\OTL1.Txt
Deleted : C:\Users\Thiyagi\Desktop\OTL.exe
Deleted : C:\Users\Thiyagi\Desktop\tdsskiller.exe
Deleted : C:\Users\Thiyagi\Downloads\Addition.txt
Deleted : C:\Users\Thiyagi\Downloads\FRST.txt
Deleted : C:\Users\Thiyagi\Downloads\FRST64.exe
Deleted : C:\Users\Thiyagi\Downloads\HijackThis.exe
Deleted : C:\Users\Thiyagi\Downloads\hijackthis.log
Deleted : C:\Users\Thiyagi\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #250 [Windows Update | 07/24/2014 14:42:44]
Deleted : RP #251 [Scheduled Checkpoint | 07/31/2014 17:38:04]
Deleted : RP #252 [OTL Restore Point - 8/2/2014 6:46:09 AM | 08/02/2014 10:46:10]
Deleted : RP #253 [OTL Restore Point - 8/2/2014 4:45:39 PM | 08/02/2014 20:45:45]
 
New restore point created !
 
########## - EOF - ##########
 

===============================================================

 

I still see the 'SOE Web installer' in the program section.

Is that OK. Please advise me.

Thank you very much for your kind help.

 

Showup


  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I still see the 'SOE Web installer' in the program section.

Is that OK. Please advise me.

Thank you very much for your kind help.


Hi :) SOE (Sony Online Entertainment) Web Installer is an ActiveX control or web browser extension/plugin that is used to launch various Sony published video games online.

In your original OTL log, it was showing in FireFox as a plugin that was no longer installed and we removed it. However, things can sometimes give the computer difficulty in uninstalling. The program is harmless and not malware related. We can run Revo Uninstaller to see if it will remove it from the programs list.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double, if it shows in the list, click on SOE Web Installer
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • When prompted click on Yes and then on next.
  • Put a check on any folders that are found and select delete
  • When prompted select yes then on next
  • Once done click Finish.

  • 0

#13
showup

showup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

This promptly removed the ' SOE Web Installer'.

Thanks a lot,

 

 - Showup.


  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

This promptly removed the ' 

SOE Web Installer'.
Thanks a lot,
 
 - Showup.

Good to hear. :thumbsup:

Are there any remaining issues I can assist you with?
  • 0

#15
showup

showup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

No. Now everything works fine.

Thanks a lot for your help.

 

-Showup


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP