Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Win 7 64bit,lengthy boot time and audio service doesn't start up.

Started by fireberd , Apr 01 2015 03:34 PM

This topic is locked

#1
fireberd

Posted 01 April 2015 - 03:34 PM

Member

Member
15 posts

HI,

I'm not sure if these issues are related,but they all started last weekend. I booted up the PC and got a message telling me my copy of Windows may not be genuine - build 7061.This after having had the machine for over 10 months with no such message prior!

After a little googling,I used slmgr -rearm cmd prompt to remove the message,but apparently this is only a temporary workaround.However,since then,on starup the PC hangs at a black screen with just the mouse cursor showing,for up to 5 minutes before the logon screen comes up,then a further two or three minutes until the desktop appears.

The speaker icon is no longer in the notification tray,and the audio service is not running - even though it is set to automatic.I have to go into services and 'start' the audio service and audio endpoint builder at every startup,after which the sound works perfectly.

Not really sure if this is virus/malware related,since malwarebytes doesn't show anything on a full scan,but I've also found that my Avira AV cannot update - I just get an 'access denied' message.Could it be to do with the 'non genuine windows' message I started getting?

Once past the slow boot up,and with the audio started,the comp runs fine with no apparent lag or sluggishness,and all other apps and programs work as normal..

Any help much appreciated!

#2
emeraldnzl

Posted 01 April 2015 - 08:13 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello fireberd,

Welcome one of our malware forums.

Some of the symptoms you describe could be caused by malware infection so let's have a look and see.

Important - We ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

Next

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called (FRST.txt) in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

#3
fireberd

Posted 02 April 2015 - 08:42 AM

Member

Topic Starter
Member
15 posts

Thanks for looking at my inquiry! Logs as requested:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by user (administrator) on USER-PC on 02-04-2015 15:32:48
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-02-03] (COMODO)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-04-01] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-07] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-07] (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default
FF Homepage: www.trle.net
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-13] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-05-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\user.js [2015-03-28]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\[email protected] [2015-03-17]
FF Extension: Rotor Throbber - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\[email protected] [2014-09-27]
FF Extension: Status-4-Evar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\[email protected] [2014-06-02]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-03]

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-13]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-13]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-13]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-13]
CHR Extension: (avast! Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-13]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-13]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-02-01] (SUPERAntiSpyware.com)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-02] (Adobe Systems) [File not signed]
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992560 2015-03-19] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-03] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-03] (COMODO)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2430304 2009-10-23] (Diskeeper Corporation)
S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-12-28] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-12-28] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-12-28] (Safer-Networking Ltd.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2015-01-30] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-01-30] (COMODO)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [51120 2009-10-21] (Diskeeper Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-01-30] (COMODO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 15:32 - 2015-04-02 15:33 - 00011546 _____ () C:\Users\user\Desktop\FRST.txt
2015-04-02 15:32 - 2015-04-02 15:32 - 00000000 ____D () C:\FRST
2015-04-02 15:31 - 2015-04-02 15:31 - 02095616 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-04-02 15:07 - 2015-04-02 15:07 - 00000000 ___SH () C:\DkHyperbootSync
2015-04-01 22:35 - 2015-04-01 22:37 - 00000000 ____D () C:\Users\user\Desktop\filmz
2015-04-01 20:26 - 2015-04-01 23:38 - 00000000 ____D () C:\Users\user\Desktop\TO
2015-03-31 19:33 - 2015-03-31 19:35 - 00000000 ____D () C:\Users\user\Desktop\bump
2015-03-30 21:13 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\system32\gpedit.msc
2015-03-30 21:09 - 2015-03-30 21:09 - 00707354 _____ () C:\Windows\unins000.exe
2015-03-30 21:09 - 2015-03-30 21:09 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2015-03-30 21:09 - 2015-03-30 21:09 - 00001529 _____ () C:\Windows\unins000.dat
2015-03-30 21:09 - 2015-03-30 21:09 - 00000000 ____D () C:\Windows\SysWOW64\GPBAK
2015-03-30 21:09 - 2001-08-23 13:00 - 00034871 _____ () C:\Windows\SysWOW64\gpedit.msc
2015-03-28 16:59 - 2015-03-28 17:09 - 00000000 ____D () C:\Users\user\Downloads\Zodiac Mindwarp & The Love Reaction (1986 - 2010)
2015-03-27 00:57 - 2015-03-27 00:57 - 00000000 ____D () C:\Users\user\Downloads\PinchHarmonics
2015-03-24 22:26 - 2015-03-24 22:26 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 22:26 - 2015-03-24 22:26 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 22:26 - 2015-03-24 22:26 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 22:26 - 2015-03-24 22:26 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 22:26 - 2015-03-24 22:26 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 22:26 - 2015-03-24 22:26 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 22:26 - 2015-03-24 22:26 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 22:26 - 2015-03-24 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-22 22:34 - 2015-03-22 22:34 - 00001576 _____ () C:\Windows\System32\Tasks\Amazon Music Helper
2015-03-17 16:15 - 2015-03-17 16:15 - 00000000 ____D () C:\Users\user\Desktop\Notification_Area_Cleaner
2015-03-14 12:49 - 2015-04-01 23:53 - 00000000 ____D () C:\Users\user\Desktop\sandra model
2015-03-13 15:39 - 2015-03-13 15:39 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-13 15:39 - 2015-03-13 15:39 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-13 15:39 - 2015-03-13 15:39 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 15:39 - 2015-03-13 15:39 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 15:39 - 2015-03-13 15:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 15:39 - 2015-03-13 15:39 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-13 15:39 - 2015-03-13 15:39 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 15:39 - 2015-03-13 15:39 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 15:39 - 2015-03-13 15:39 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 15:39 - 2015-03-13 15:39 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-13 15:39 - 2015-03-13 15:39 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 15:39 - 2015-03-13 15:39 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-13 15:38 - 2015-03-13 15:38 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-13 15:38 - 2015-03-13 15:38 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-13 15:38 - 2015-03-13 15:38 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-13 15:38 - 2015-03-13 15:38 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-13 15:38 - 2015-03-13 15:38 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-13 15:38 - 2015-03-13 15:38 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-13 15:38 - 2015-03-13 15:38 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-13 15:38 - 2015-03-13 15:38 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-13 15:38 - 2015-03-13 15:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-13 15:38 - 2015-03-13 15:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-13 15:38 - 2015-03-13 15:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-13 15:38 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-13 15:38 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-13 15:37 - 2015-03-13 15:37 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-13 15:37 - 2015-03-13 15:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-13 15:37 - 2015-03-13 15:37 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-13 15:37 - 2015-03-13 15:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-13 15:37 - 2015-03-13 15:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-13 15:37 - 2015-03-13 15:37 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-13 15:37 - 2015-03-13 15:37 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-13 15:36 - 2015-03-13 15:36 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 15:36 - 2015-03-13 15:36 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 15:36 - 2015-03-13 15:36 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 15:36 - 2015-03-13 15:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 15:30 - 2015-03-13 15:30 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 15:30 - 2015-03-13 15:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 15:30 - 2015-03-13 15:30 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-13 15:30 - 2015-03-13 15:30 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-13 15:30 - 2015-03-13 15:30 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-13 15:30 - 2015-03-13 15:30 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-13 15:30 - 2015-03-13 15:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-13 15:30 - 2015-03-13 15:30 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-13 15:30 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-13 15:30 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-13 15:29 - 2015-03-13 15:29 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 15:29 - 2015-03-13 15:29 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 15:29 - 2015-03-13 15:29 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-12 22:02 - 2015-03-12 22:02 - 00000000 ____D () C:\Program Files (x86)\File Recovery
2015-03-10 16:58 - 2015-03-10 16:58 - 00000000 ____D () C:\Users\user\Desktop\Tor Browser
2015-03-03 02:46 - 2015-03-03 02:46 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00069448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-03-03 02:46 - 2015-03-03 02:46 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-03-03 02:46 - 2010-05-26 12:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-03-03 02:46 - 2010-05-26 12:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-03-03 02:46 - 2010-05-26 12:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-03-03 02:46 - 2010-02-04 11:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-03-03 02:45 - 2015-03-03 02:46 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-03-03 02:45 - 2015-03-03 02:45 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-03-03 02:44 - 2015-03-03 02:44 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-03-03 02:17 - 2015-03-12 22:07 - 00000000 ____D () C:\Program Files (x86)\Steam

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 15:27 - 2009-07-14 05:51 - 00053167 _____ () C:\Windows\setupact.log
2015-04-02 15:06 - 2014-05-13 11:40 - 01060515 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 14:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-02 00:15 - 2009-07-14 05:45 - 00022144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 00:15 - 2009-07-14 05:45 - 00022144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 23:04 - 2009-07-14 06:13 - 00896284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 22:34 - 2014-06-03 16:39 - 00000000 ____D () C:\Users\user\Desktop\Movavi Video Converter
2015-04-01 22:27 - 2014-06-02 19:23 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-01 22:15 - 2014-06-03 14:26 - 00028160 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 20:33 - 2014-06-03 12:22 - 00005706 _____ () C:\Users\user\Desktop\clean boot.txt
2015-04-01 17:14 - 2014-12-14 18:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 15:38 - 2014-06-03 23:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2015-04-01 14:53 - 2014-06-02 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-01 00:04 - 2015-02-01 20:16 - 00001250 _____ () C:\Users\user\Desktop\owners club clickable links.txt
2015-03-31 16:50 - 2014-06-03 12:22 - 00006200 _____ () C:\Users\user\Desktop\attempted.txt
2015-03-30 21:13 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-30 21:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-03-30 21:09 - 2014-05-14 10:17 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fde.dll
2015-03-30 21:09 - 2014-05-14 10:17 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2015-03-30 21:09 - 2009-07-14 00:38 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2015-03-30 21:09 - 2009-07-14 00:34 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gptext.dll
2015-03-29 17:19 - 2014-09-09 23:11 - 00000000 ____D () C:\Users\user\AppData\Local\Windows Live
2015-03-29 14:01 - 2014-07-19 12:33 - 00000000 ____D () C:\Program Files\Recuva
2015-03-28 19:58 - 2014-07-20 16:11 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitTorrent
2015-03-28 13:17 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-28 13:16 - 2014-05-13 14:27 - 00602062 _____ () C:\Windows\PFRO.log
2015-03-28 13:16 - 2009-07-14 05:45 - 00318856 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-27 23:09 - 2014-05-13 12:10 - 00071528 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-26 02:08 - 2014-06-03 23:38 - 00000000 ____D () C:\Users\user\Documents\Calibre Library
2015-03-25 22:10 - 2014-12-10 22:13 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 22:10 - 2014-05-15 11:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-22 17:44 - 2014-07-06 15:32 - 00000000 ____D () C:\Windows\ERDNT
2015-03-16 12:25 - 2014-06-02 15:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-15 18:26 - 2014-06-02 15:59 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-15 18:26 - 2014-06-02 15:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-14 19:33 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-14 05:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-14 04:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 04:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-13 23:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-13 23:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-03-12 00:05 - 2014-05-13 12:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 00:00 - 2014-05-13 12:50 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 14:56 - 2014-06-02 17:13 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 14:56 - 2014-06-02 17:13 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-10 14:56 - 2014-06-02 17:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-10 14:55 - 2014-06-03 09:40 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-05 06:23 - 2009-07-14 08:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-03 02:45 - 2014-09-09 23:13 - 00010478 _____ () C:\Windows\DirectX.log

==================== Files in the root of some directories =======

2014-06-03 13:30 - 2014-06-03 13:30 - 0099384 _____ () C:\Users\user\AppData\Roaming\inst.exe
2014-06-03 13:30 - 2014-06-03 13:30 - 0007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat
2014-06-03 13:30 - 2014-06-03 13:30 - 0001167 _____ () C:\Users\user\AppData\Roaming\pcouffin.inf
2014-06-03 13:31 - 2014-06-03 13:31 - 0000074 _____ () C:\Users\user\AppData\Roaming\pcouffin.log
2014-06-03 13:30 - 2014-06-03 13:30 - 0082816 _____ (VSO Software) C:\Users\user\AppData\Roaming\pcouffin.sys
2014-06-03 13:31 - 2014-06-03 13:32 - 0001041 _____ () C:\Users\user\AppData\Roaming\vso_ts_preview.xml
2014-06-03 14:26 - 2015-04-01 22:15 - 0028160 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-09 18:59 - 2015-01-27 22:06 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2014-06-02 17:04 - 2014-06-02 17:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-06-02 19:19 - 2014-06-02 19:19 - 0004104 _____ () C:\ProgramData\ojobkspa.ako

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-26 00:09

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by user at 2015-04-02 15:34:28
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AACDEcoder 2.10 (HKLM-x32\...\AACDecoder_is1) (Version: 2.10 - AbyssMedia.com)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Any Video Converter 5.5.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{85F1B81D-72C5-4357-81F9-B0A1D71DF59B}) (Version: 3.0.255.407 - ArcSoft)
ArcSoft TotalMedia HDCam (HKLM-x32\...\{7A1DE746-F5D0-4A21-943B-39A3F243C32A}) (Version: 2.0.2.49 - ArcSoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audio Converter Plus 4.9.5.0 (HKLM-x32\...\Audio Converter Plus_is1) (Version: 4.9.5.0 - AbyssMedia.com)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
BitTorrent (HKU\S-1-5-21-3226483179-4034785836-799415362-1000\...\BitTorrent) (Version: 7.9.2.36804 - BitTorrent Inc.)
calibre (HKLM-x32\...\{C727544A-23E0-41A8-9901-2353CE3FE62A}) (Version: 2.14.0 - Kovid Goyal)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
ConvertXtoDVD 4.0.3.312 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.3.312 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diskeeper 2010 Pro Premier (HKLM\...\{858CCC22-7029-4426-B4D5-58C38742EBD3}) (Version: 14.0.896.64 - Diskeeper Corporation)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version: - )
ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version: - )
FLVPlayer4Free Free FLV Player 5.9.0.0 (HKLM-x32\...\FLVPlayer4Free Free FLV Player_is1) (Version: - Sakysoft s.r.l. uninominale) <==== ATTENTION
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaCoder x64 0.8.30.5620 (HKLM\...\MediaCoder x64) (Version: 0.8.30.5620 - Mediatronic)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0107.120 - Mio Technology)
Movavi Video Converter 10 (HKLM-x32\...\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}) (Version: 10.02.002 - Movavi)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-GB)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{378ce143-1a66-4483-8a2f-2e11d3efbfd7}) (Version: - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
PlayFLV (HKLM-x32\...\PlayFLV) (Version: - )
Private Proxy (HKLM-x32\...\{26E8F025-1C39-4394-8252-F62CDD14C7FB}) (Version: 3.01 - Privacy Partners)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.6.4 - Shark007)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Ulead GIF Animator 5 (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - Ulead System)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.89 - NCH Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
x64 Components v4.6.4 (HKLM\...\Advanced x64Components_is1) (Version: 4.6.4 - Shark007)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

01-04-2015 22:14:44 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-28 15:54 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {21D667C2-931A-4B28-8A2F-307F1238D539} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-03] (COMODO)
Task: {4DAFED21-0D75-41AF-8FC0-BE8491D3D996} - System32\Tasks\{E2AEF9EF-D5B1-4B36-8AC8-9F9E65F06D17} => pcalua.exe -a C:\Users\user\Downloads\madFlac-1.10\madFlac-1.10\InstallFilter.exe -d C:\Users\user\Downloads\madFlac-1.10\madFlac-1.10
Task: {50771890-5DC9-4BCE-B384-581782A2C39F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-03] (COMODO)
Task: {78EC6BEC-5F03-4985-BB5E-FF60E22E0F0D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-03] (COMODO)
Task: {8ACA7172-1ADF-4F1D-A4D6-86C9B8498852} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\update.exe [2011-12-12] (PC Tools)
Task: {B3A69E1D-9F53-4084-82DA-28230B656AFD} - System32\Tasks\Amazon Music Helper => C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe

==================== Loaded Modules (whitelisted) ==============

2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-02-15 01:40 - 2015-02-15 01:40 - 00381440 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\unins000.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avgntflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avipbb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avkmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\user\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\user\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\user\Downloads\chk_captcha.jpg:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3226483179-4034785836-799415362-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\user\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3226483179-4034785836-799415362-500 - Administrator - Disabled)
Guest (S-1-5-21-3226483179-4034785836-799415362-501 - Limited - Disabled)
user (S-1-5-21-3226483179-4034785836-799415362-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

Name: pcouffin device ...
Description: pcouffin device ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2015 07:59:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: upnphost.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb29
Exception code: 0xc0000005
Fault offset: 0x00001545
Faulting process id: 0xcd8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/30/2015 05:34:42 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/29/2015 01:40:07 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/28/2015 04:38:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.1.5542, time stamp: 0x54f851c0
Faulting module name: mozalloc.dll, version: 36.0.1.5542, time stamp: 0x54f8437e
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0x3b4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (03/26/2015 01:45:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: upnphost.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb29
Exception code: 0xc0000005
Fault offset: 0x00001545
Faulting process id: 0xe1c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/24/2015 10:18:19 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/22/2015 00:49:51 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume C:\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (03/22/2015 00:49:51 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out.
Error context: DeviceIoControl(\\?\Volume{a73fc95e-da8a-11e3-b61a-806e6f6e6963} - 0000000000000268,0x0053c010,0000000000362020,0,0000000000360000,4096,[0]).

Operation:
   Committing shadow copies

Context:
   Execution Context: System Provider

Error: (03/21/2015 06:14:07 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/15/2015 11:17:20 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

System errors:
=============
Error: (04/02/2015 03:27:10 PM) (Source: Service Control Manager) (EventID: 7017) (User: )
Description: Detected circular dependencies demand starting Windows Audio Endpoint Builder. Check the service dependency tree.

Error: (04/02/2015 03:27:10 PM) (Source: Service Control Manager) (EventID: 7019) (User: )
Description: The Windows Audio Endpoint Builder service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.

Error: (04/02/2015 03:26:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/02/2015 03:01:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
%%1062

Error: (04/02/2015 03:01:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Computer Browser service terminated with service-specific error %%2184.

Error: (04/02/2015 03:01:29 PM) (Source: BROWSER) (EventID: 8017) (User: )
Description: The browser has failed to start because the dependent service LanmanServer had invalid service status 3.
Status             Meaning
1              Service Stopped

2              Start Pending

3              Stop Pending

4              Running

5              Continue Pending

6              Pause Pending

7              Paused

Error: (04/02/2015 03:00:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%13

Error: (04/02/2015 03:00:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
%%1062

Error: (04/02/2015 03:00:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (04/02/2015 03:00:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%1062

Microsoft Office Sessions:
=========================
Error: (03/31/2015 07:59:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100upnphost.dll6.1.7600.163854a5bdb29c000000500001545cd801d06be4db7e6c62C:\Windows\SysWOW64\svchost.exec:\windows\system32\upnphost.dll1f84c31d-d7d8-11e4-9c40-001bfc6fe062

Error: (03/30/2015 05:34:42 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/29/2015 01:40:07 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/28/2015 04:38:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e023b401d0696c530adbf8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll723b78de-d560-11e4-ba5d-001bfc6fe062

Error: (03/26/2015 01:45:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100upnphost.dll6.1.7600.163854a5bdb29c000000500001545e1c01d0675e3181270aC:\Windows\SysWOW64\svchost.exec:\windows\system32\upnphost.dll748b6e50-d351-11e4-ad51-001bfc6fe062

Error: (03/24/2015 10:18:19 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/22/2015 00:49:51 PM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, The operation completed successfully.
0x00000000, The operation completed successfully.
0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
0x00000000, The operation completed successfully.

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (03/22/2015 00:49:51 PM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{a73fc95e-da8a-11e3-b61a-806e6f6e6963} - 0000000000000268,0x0053c010,0000000000362020,0,0000000000360000,4096,[0])

Operation:
   Committing shadow copies

Context:
   Execution Context: System Provider

Error: (03/21/2015 06:14:07 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (03/15/2015 11:17:20 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
   at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
   at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

CodeIntegrity Errors:
===================================
Date: 2014-12-13 17:16:04.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cmdvrt64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-12-13 16:57:12.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cmdvrt64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 CPU 6420 @ 2.13GHz
Percentage of memory in use: 43%
Total physical RAM: 3071.24 MB
Available physical RAM: 1747.08 MB
Total Pagefile: 6140.67 MB
Available Pagefile: 4552.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:221.17 GB) (Free:153.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (My Passport) (Fixed) (Total:465.73 GB) (Free:113.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 612C6EEB)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=17)
Partition 2: (Active) - (Size=221.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 0004A183)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#4
emeraldnzl

Posted 02 April 2015 - 03:06 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello fireberd,

Firstly please uninstall the following adware program:

FLVPlayer4Free

After that

I see you have Comodo, Avira, Spybot Search & Destroy and SUPERAntiSpyware on your machine. I wonder if you have conflict going on. If it were me I would uninstall Comodo and Spybot Search and Destroy. In any event you should disable Comodo before using the TDSSKiller tool outlined below.

Next

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Then click on Change parameters in TDSSKiller.

Another window will appear.

Check all boxes then click OK.

Click the Start Scan button.

The scan should take no longer than 2 minutes.

If a suspicious object is detected, the default action will be Skip, click on Continue.

If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#5
fireberd

Posted 03 April 2015 - 04:12 AM

Member

Topic Starter
Member
15 posts

Ran the TDSS scan,430 objects but no threats - I didn't get the dialog box that had the 'skip' options,though.

I did get this dialog when I clicked on 'loaded modules' so left that unchecked - was this correct or do I need to follow that instruction?

11:04:56.0740 0x0c20 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:05:02.0961 0x0c20 ============================================================
11:05:02.0961 0x0c20 Current date / time: 2015/04/03 11:05:02.0961
11:05:02.0961 0x0c20 SystemInfo:
11:05:02.0961 0x0c20
11:05:02.0961 0x0c20 OS Version: 6.1.7601 ServicePack: 1.0
11:05:02.0961 0x0c20 Product type: Workstation
11:05:02.0961 0x0c20 ComputerName: USER-PC
11:05:02.0961 0x0c20 UserName: user
11:05:02.0961 0x0c20 Windows directory: C:\Windows
11:05:02.0961 0x0c20 System windows directory: C:\Windows
11:05:02.0961 0x0c20 Running under WOW64
11:05:02.0961 0x0c20 Processor architecture: Intel x64
11:05:02.0961 0x0c20 Number of processors: 2
11:05:02.0961 0x0c20 Page size: 0x1000
11:05:02.0961 0x0c20 Boot type: Normal boot
11:05:02.0961 0x0c20 ============================================================
11:05:04.0311 0x0c20 KLMD registered as C:\Windows\system32\drivers\31060586.sys
11:05:04.0555 0x0c20 System UUID: {6ED785E6-F0A1-1A4B-1E4A-671F6E0AF68D}
11:05:05.0091 0x0c20 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:05:05.0095 0x0c20 Drive \Device\Harddisk1\DR1 - Size: 0x746EC00000 ( 465.73 Gb ), SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:05:05.0097 0x0c20 ============================================================
11:05:05.0097 0x0c20 \Device\Harddisk0\DR0:
11:05:05.0097 0x0c20 MBR partitions:
11:05:05.0097 0x0c20 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x1BA54800
11:05:05.0097 0x0c20 \Device\Harddisk1\DR1:
11:05:05.0097 0x0c20 MBR partitions:
11:05:05.0097 0x0c20 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A375800
11:05:05.0097 0x0c20 ============================================================
11:05:05.0126 0x0c20 C: <-> \Device\Harddisk0\DR0\Partition1
11:05:05.0450 0x0c20 F: <-> \Device\Harddisk1\DR1\Partition1
11:05:05.0450 0x0c20 ============================================================
11:05:05.0450 0x0c20 Initialize success
11:05:05.0450 0x0c20 ============================================================
11:05:34.0905 0x0d5c ============================================================
11:05:34.0905 0x0d5c Scan started
11:05:34.0905 0x0d5c Mode: Manual; SigCheck; TDLFS;
11:05:34.0905 0x0d5c ============================================================
11:05:34.0905 0x0d5c KSN ping started
11:05:37.0296 0x0d5c KSN ping finished: true
11:05:38.0054 0x0d5c ================ Scan system memory ========================
11:05:38.0054 0x0d5c System memory - ok
11:05:38.0054 0x0d5c ================ Scan services =============================
11:05:38.0153 0x0d5c [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:05:38.0276 0x0d5c !SASCORE - ok
11:05:38.0453 0x0d5c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:05:38.0519 0x0d5c 1394ohci - ok
11:05:38.0622 0x0d5c [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
11:05:38.0686 0x0d5c ACDaemon - ok
11:05:38.0751 0x0d5c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:05:38.0778 0x0d5c ACPI - ok
11:05:38.0826 0x0d5c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:05:38.0913 0x0d5c AcpiPmi - ok
11:05:38.0965 0x0d5c [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
11:05:38.0983 0x0d5c Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
11:05:41.0318 0x0d5c Detect skipped due to KSN trusted
11:05:41.0318 0x0d5c Adobe LM Service - ok
11:05:41.0417 0x0d5c [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:05:41.0448 0x0d5c AdobeARMservice - ok
11:05:41.0510 0x0d5c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:05:41.0573 0x0d5c adp94xx - ok
11:05:41.0604 0x0d5c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:05:41.0651 0x0d5c adpahci - ok
11:05:41.0666 0x0d5c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:05:41.0697 0x0d5c adpu320 - ok
11:05:41.0729 0x0d5c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:05:41.0853 0x0d5c AeLookupSvc - ok
11:05:41.0931 0x0d5c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
11:05:42.0009 0x0d5c AFD - ok
11:05:42.0056 0x0d5c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
11:05:42.0072 0x0d5c agp440 - ok
11:05:42.0103 0x0d5c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
11:05:42.0150 0x0d5c ALG - ok
11:05:42.0197 0x0d5c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:05:42.0212 0x0d5c aliide - ok
11:05:42.0212 0x0d5c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:05:42.0243 0x0d5c amdide - ok
11:05:42.0259 0x0d5c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:05:42.0321 0x0d5c AmdK8 - ok
11:05:42.0353 0x0d5c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:05:42.0431 0x0d5c AmdPPM - ok
11:05:42.0477 0x0d5c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:05:42.0509 0x0d5c amdsata - ok
11:05:42.0540 0x0d5c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:05:42.0571 0x0d5c amdsbs - ok
11:05:42.0587 0x0d5c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:05:42.0618 0x0d5c amdxata - ok
11:05:42.0727 0x0d5c [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:05:42.0758 0x0d5c AntiVirSchedulerService - ok
11:05:42.0805 0x0d5c [ 624D29E2D70F83147A79043FD0024D1D, 8B9D4692529155893E3E73E2CF1B0A36354C7032C9524FDCBC5D57562F7F0342 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:05:42.0821 0x0d5c AntiVirService - ok
11:05:42.0883 0x0d5c [ 18ECEDC2E65953474DA39DDC259C801A, 68E15448C4DC004C065BB17F2C4A934F94271E4DF09B58BFFEF59247F59679A9 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
11:05:43.0008 0x0d5c AntiVirWebService - ok
11:05:43.0070 0x0d5c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
11:05:43.0117 0x0d5c AppID - ok
11:05:43.0148 0x0d5c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:05:43.0195 0x0d5c AppIDSvc - ok
11:05:43.0257 0x0d5c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
11:05:43.0304 0x0d5c Appinfo - ok
11:05:43.0351 0x0d5c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:05:43.0382 0x0d5c arc - ok
11:05:43.0398 0x0d5c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:05:43.0429 0x0d5c arcsas - ok
11:05:43.0554 0x0d5c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:05:43.0585 0x0d5c aspnet_state - ok
11:05:43.0616 0x0d5c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:05:43.0647 0x0d5c AsyncMac - ok
11:05:43.0694 0x0d5c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:05:43.0710 0x0d5c atapi - ok
11:05:43.0757 0x0d5c [ 940E5B876251E04FFFE058AD71FE0F1C, 289E5E826848E77B509AC696CF0286D94D8C7471A05FCDBC845C797803FD34F5 ] AtcL001         C:\Windows\system32\DRIVERS\l160x64.sys
11:05:43.0819 0x0d5c AtcL001 - ok
11:05:44.0053 0x0d5c [ 3EFD964D52221360AF0673CD61C2F4F5, 76D636CAF2E4FEDAAC6B0D958865A901340CF836EE4FCE59F1D5291E3BEC9F1E ] atikmdag        C:\Windows\system32\drivers\atikmdag.sys
11:05:44.0381 0x0d5c atikmdag - ok
11:05:44.0459 0x0d5c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:05:44.0521 0x0d5c AudioEndpointBuilder - ok
11:05:44.0568 0x0d5c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:05:44.0599 0x0d5c AudioSrv - ok
11:05:44.0661 0x0d5c [ 00BF66D168E1A7AA7E1C9F458BBA0B34, 3D3C42E87B3649819EED685D93417D61EB84FE39B3F4D4943721AE74026DE11B ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:05:44.0677 0x0d5c avgntflt - ok
11:05:44.0708 0x0d5c [ 055D318220DD4593F2A8C8FF83707D36, 93566931D019D4D4C35C3E2E4E9BAF87BEF863E1B40B2B03ED87EF5C28F908DE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:05:44.0739 0x0d5c avipbb - ok
11:05:44.0817 0x0d5c [ 8E6214E8C6100222BEB6A14F9B908A7E, 268279AE0D87E4B1CC227355DF12B7E8113F8355B1D20447AA723830D706021A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
11:05:44.0833 0x0d5c Avira.OE.ServiceHost - ok
11:05:44.0864 0x0d5c [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:05:44.0880 0x0d5c avkmgr - ok
11:05:44.0942 0x0d5c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:05:44.0989 0x0d5c AxInstSV - ok
11:05:45.0051 0x0d5c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
11:05:45.0129 0x0d5c b06bdrv - ok
11:05:45.0176 0x0d5c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:05:45.0239 0x0d5c b57nd60a - ok
11:05:45.0285 0x0d5c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:05:45.0317 0x0d5c BDESVC - ok
11:05:45.0348 0x0d5c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:05:45.0410 0x0d5c Beep - ok
11:05:45.0488 0x0d5c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
11:05:45.0551 0x0d5c BFE - ok
11:05:45.0629 0x0d5c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
11:05:45.0847 0x0d5c BITS - ok
11:05:45.0863 0x0d5c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:05:45.0909 0x0d5c blbdrive - ok
11:05:45.0941 0x0d5c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:05:45.0987 0x0d5c bowser - ok
11:05:46.0034 0x0d5c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:05:46.0081 0x0d5c BrFiltLo - ok
11:05:46.0097 0x0d5c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:05:46.0128 0x0d5c BrFiltUp - ok
11:05:46.0143 0x0d5c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
11:05:46.0206 0x0d5c Browser - ok
11:05:46.0221 0x0d5c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:05:46.0284 0x0d5c Brserid - ok
11:05:46.0299 0x0d5c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:05:46.0346 0x0d5c BrSerWdm - ok
11:05:46.0362 0x0d5c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:05:46.0393 0x0d5c BrUsbMdm - ok
11:05:46.0409 0x0d5c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:05:46.0440 0x0d5c BrUsbSer - ok
11:05:46.0471 0x0d5c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:05:46.0502 0x0d5c BTHMODEM - ok
11:05:46.0549 0x0d5c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
11:05:46.0611 0x0d5c bthserv - ok
11:05:46.0689 0x0d5c [ 6E1641724439E18CE55ADEE2D347AA19, 07368E91035C6EAE5CBF5515C895E43AA6EE2D7261AA984414F0A4B8C7E5096C ] CamDrL64        C:\Windows\system32\DRIVERS\CamDrL64.sys
11:05:46.0736 0x0d5c CamDrL64 - ok
11:05:46.0752 0x0d5c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:05:46.0814 0x0d5c cdfs - ok
11:05:46.0877 0x0d5c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:05:46.0923 0x0d5c cdrom - ok
11:05:46.0970 0x0d5c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:05:47.0033 0x0d5c CertPropSvc - ok
11:05:47.0079 0x0d5c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:05:47.0111 0x0d5c circlass - ok
11:05:47.0157 0x0d5c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
11:05:47.0189 0x0d5c CLFS - ok
11:05:47.0267 0x0d5c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:05:47.0298 0x0d5c clr_optimization_v2.0.50727_32 - ok
11:05:47.0345 0x0d5c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:05:47.0376 0x0d5c clr_optimization_v2.0.50727_64 - ok
11:05:47.0469 0x0d5c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:05:47.0501 0x0d5c clr_optimization_v4.0.30319_32 - ok
11:05:47.0547 0x0d5c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:05:47.0563 0x0d5c clr_optimization_v4.0.30319_64 - ok
11:05:47.0594 0x0d5c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:05:47.0641 0x0d5c CmBatt - ok
11:05:47.0969 0x0d5c [ 4B0B521708BD95FFD393DC06D420DD81, 9DE650F5A7A45AE501FD2BDA41EB89E0F9216FE586FF1B038C680AF4F0152F2E ] CmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
11:05:48.0187 0x0d5c CmdAgent - ok
11:05:48.0234 0x0d5c [ D64C607BE0A8DDDFF0237961655078CD, B648710E2D96C9488542847683EF07F82D2889AF89A41E7D5740184E1C09D84A ] cmderd          C:\Windows\system32\DRIVERS\cmderd.sys
11:05:48.0265 0x0d5c cmderd - ok
11:05:48.0296 0x0d5c [ E6C82A953BFAB6258E7C8E41139DE396, 332C5F0678D4AF06D9558F352F30E050B5DC95CF88A12269CDAF43FD9DC3C889 ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
11:05:48.0343 0x0d5c cmdGuard - ok
11:05:48.0359 0x0d5c [ 9453D5C985DF742641E78D031D119DD4, 0ACAB0BE5657C4383A025534297234F5B76829FECB9B8654C4407B0061B00386 ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
11:05:48.0374 0x0d5c cmdHlp - ok
11:05:48.0421 0x0d5c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:05:48.0452 0x0d5c cmdide - ok
11:05:48.0561 0x0d5c [ 0A8C3F0188ABD6F7864D010AF9A340DA, 6D6F3A19649720246C804A9FFE87CAE592FB70BB225BFE44AD3840F0CAE78F7D ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
11:05:48.0702 0x0d5c cmdvirth - ok
11:05:48.0764 0x0d5c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
11:05:48.0842 0x0d5c CNG - ok
11:05:48.0889 0x0d5c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:05:48.0905 0x0d5c Compbatt - ok
11:05:48.0983 0x0d5c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:05:49.0045 0x0d5c CompositeBus - ok
11:05:49.0061 0x0d5c COMSysApp - ok
11:05:49.0061 0x0d5c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:05:49.0092 0x0d5c crcdisk - ok
11:05:49.0139 0x0d5c [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:05:49.0201 0x0d5c CryptSvc - ok
11:05:49.0263 0x0d5c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:05:49.0341 0x0d5c DcomLaunch - ok
11:05:49.0373 0x0d5c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
11:05:49.0451 0x0d5c defragsvc - ok
11:05:49.0513 0x0d5c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:05:49.0575 0x0d5c DfsC - ok
11:05:49.0622 0x0d5c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:05:49.0685 0x0d5c Dhcp - ok
11:05:49.0700 0x0d5c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
11:05:49.0763 0x0d5c discache - ok
11:05:49.0794 0x0d5c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:05:49.0825 0x0d5c Disk - ok
11:05:49.0965 0x0d5c [ 1BF61DEC44535EFE98FF20C20BDFF6C2, A34E8B4F7D1F14BFC08D050547A88E98ADD63745516D685514434B34A92289FB ] Diskeeper       C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
11:05:50.0043 0x0d5c Diskeeper - ok
11:05:50.0075 0x0d5c [ 7297CDE753955F45070D38FEC52C9705, 85E25BD9C8A79CF2FBA2305D835E497DFD6263B6942A0743C55B55D68EBB4DEE ] DKRtWrt         C:\Windows\system32\DRIVERS\DKRtWrt.sys
11:05:50.0106 0x0d5c DKRtWrt - ok
11:05:50.0121 0x0d5c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:05:50.0184 0x0d5c Dnscache - ok
11:05:50.0231 0x0d5c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:05:50.0309 0x0d5c dot3svc - ok
11:05:50.0371 0x0d5c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
11:05:50.0418 0x0d5c DPS - ok
11:05:50.0465 0x0d5c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:05:50.0527 0x0d5c drmkaud - ok
11:05:50.0589 0x0d5c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:05:50.0636 0x0d5c DXGKrnl - ok
11:05:50.0667 0x0d5c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
11:05:50.0745 0x0d5c EapHost - ok
11:05:50.0901 0x0d5c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
11:05:51.0089 0x0d5c ebdrv - ok
11:05:51.0151 0x0d5c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS             C:\Windows\System32\lsass.exe
11:05:51.0182 0x0d5c EFS - ok
11:05:51.0276 0x0d5c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:05:51.0354 0x0d5c ehRecvr - ok
11:05:51.0385 0x0d5c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
11:05:51.0432 0x0d5c ehSched - ok
11:05:51.0479 0x0d5c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:05:51.0541 0x0d5c elxstor - ok
11:05:51.0572 0x0d5c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:05:51.0603 0x0d5c ErrDev - ok
11:05:51.0681 0x0d5c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
11:05:51.0744 0x0d5c EventSystem - ok
11:05:51.0791 0x0d5c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:05:51.0869 0x0d5c exfat - ok
11:05:51.0884 0x0d5c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:05:51.0962 0x0d5c fastfat - ok
11:05:52.0040 0x0d5c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
11:05:52.0118 0x0d5c Fax - ok
11:05:52.0134 0x0d5c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:05:52.0181 0x0d5c fdc - ok
11:05:52.0196 0x0d5c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
11:05:52.0259 0x0d5c fdPHost - ok
11:05:52.0290 0x0d5c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:05:52.0352 0x0d5c FDResPub - ok
11:05:52.0368 0x0d5c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:05:52.0399 0x0d5c FileInfo - ok
11:05:52.0430 0x0d5c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:05:52.0493 0x0d5c Filetrace - ok
11:05:52.0508 0x0d5c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:05:52.0524 0x0d5c flpydisk - ok
11:05:52.0586 0x0d5c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:05:52.0617 0x0d5c FltMgr - ok
11:05:52.0727 0x0d5c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
11:05:52.0820 0x0d5c FontCache - ok
11:05:52.0883 0x0d5c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:05:52.0914 0x0d5c FontCache3.0.0.0 - ok
11:05:52.0945 0x0d5c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:05:52.0976 0x0d5c FsDepends - ok
11:05:52.0992 0x0d5c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:05:53.0023 0x0d5c Fs_Rec - ok
11:05:53.0070 0x0d5c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:05:53.0101 0x0d5c fvevol - ok
11:05:53.0117 0x0d5c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:05:53.0148 0x0d5c gagp30kx - ok
11:05:53.0226 0x0d5c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:05:53.0319 0x0d5c gpsvc - ok
11:05:53.0335 0x0d5c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:05:53.0382 0x0d5c hcw85cir - ok
11:05:53.0413 0x0d5c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:05:53.0460 0x0d5c HDAudBus - ok
11:05:53.0475 0x0d5c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:05:53.0507 0x0d5c HidBatt - ok
11:05:53.0522 0x0d5c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:05:53.0569 0x0d5c HidBth - ok
11:05:53.0569 0x0d5c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:05:53.0600 0x0d5c HidIr - ok
11:05:53.0647 0x0d5c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
11:05:53.0694 0x0d5c hidserv - ok
11:05:53.0756 0x0d5c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:05:53.0803 0x0d5c HidUsb - ok
11:05:53.0850 0x0d5c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:05:53.0912 0x0d5c hkmsvc - ok
11:05:53.0959 0x0d5c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:05:54.0021 0x0d5c HomeGroupListener - ok
11:05:54.0068 0x0d5c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:05:54.0115 0x0d5c HomeGroupProvider - ok
11:05:54.0162 0x0d5c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:05:54.0193 0x0d5c HpSAMD - ok
11:05:54.0271 0x0d5c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:05:54.0333 0x0d5c HTTP - ok
11:05:54.0380 0x0d5c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:05:54.0396 0x0d5c hwpolicy - ok
11:05:54.0458 0x0d5c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:05:54.0489 0x0d5c i8042prt - ok
11:05:54.0552 0x0d5c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:05:54.0599 0x0d5c iaStorV - ok
11:05:54.0692 0x0d5c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:05:54.0801 0x0d5c idsvc - ok
11:05:54.0817 0x0d5c IEEtwCollectorService - ok
11:05:54.0848 0x0d5c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:05:54.0864 0x0d5c iirsp - ok
11:05:54.0942 0x0d5c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
11:05:55.0067 0x0d5c IKEEXT - ok
11:05:55.0098 0x0d5c [ 1B4F8A2D0E5019AA8BCC04DA561D7ED4, B3AF022C1BE206E59A0806E708AC437894D10D6E0E2DD119460685B62B4DA4E6 ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
11:05:55.0113 0x0d5c inspect - ok
11:05:55.0301 0x0d5c [ 39246F2CFBF1D32C3A12E242661EC039, EADF06D9B142844C16C2B0E412D708DB02BA07E2CD96BBFB2F0984DD6BB63E28 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:05:55.0425 0x0d5c IntcAzAudAddService - ok
11:05:55.0472 0x0d5c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:05:55.0503 0x0d5c intelide - ok
11:05:55.0519 0x0d5c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:05:55.0597 0x0d5c intelppm - ok
11:05:55.0628 0x0d5c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:05:55.0784 0x0d5c IPBusEnum - ok
11:05:55.0847 0x0d5c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:05:55.0909 0x0d5c IpFilterDriver - ok
11:05:55.0971 0x0d5c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:05:56.0049 0x0d5c iphlpsvc - ok
11:05:56.0081 0x0d5c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:05:56.0127 0x0d5c IPMIDRV - ok
11:05:56.0159 0x0d5c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:05:56.0221 0x0d5c IPNAT - ok
11:05:56.0252 0x0d5c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:05:56.0299 0x0d5c IRENUM - ok
11:05:56.0315 0x0d5c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:05:56.0346 0x0d5c isapnp - ok
11:05:56.0393 0x0d5c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:05:56.0424 0x0d5c iScsiPrt - ok
11:05:56.0455 0x0d5c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:05:56.0486 0x0d5c kbdclass - ok
11:05:56.0549 0x0d5c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:05:56.0595 0x0d5c kbdhid - ok
11:05:56.0627 0x0d5c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso          C:\Windows\system32\lsass.exe
11:05:56.0658 0x0d5c KeyIso - ok
11:05:56.0689 0x0d5c [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:05:56.0720 0x0d5c KSecDD - ok
11:05:56.0736 0x0d5c [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:05:56.0767 0x0d5c KSecPkg - ok
11:05:56.0783 0x0d5c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:05:56.0845 0x0d5c ksthunk - ok
11:05:56.0892 0x0d5c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:05:56.0970 0x0d5c KtmRm - ok
11:05:57.0032 0x0d5c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:05:57.0095 0x0d5c LanmanServer - ok
11:05:57.0141 0x0d5c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:05:57.0219 0x0d5c LanmanWorkstation - ok
11:05:57.0251 0x0d5c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:05:57.0313 0x0d5c lltdio - ok
11:05:57.0360 0x0d5c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:05:57.0438 0x0d5c lltdsvc - ok
11:05:57.0453 0x0d5c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:05:57.0516 0x0d5c lmhosts - ok
11:05:57.0563 0x0d5c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:05:57.0578 0x0d5c LSI_FC - ok
11:05:57.0609 0x0d5c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:05:57.0625 0x0d5c LSI_SAS - ok
11:05:57.0656 0x0d5c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:05:57.0672 0x0d5c LSI_SAS2 - ok
11:05:57.0703 0x0d5c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:05:57.0719 0x0d5c LSI_SCSI - ok
11:05:57.0734 0x0d5c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
11:05:57.0797 0x0d5c luafv - ok
11:05:57.0828 0x0d5c [ 9761370FFB533CF6E4A7176F4BAA3BA9, EDA4658849573E9859892FB1E194E9DCA4B7391D936921EEE94B2CEDBCAC03CC ] LVUSBS64        C:\Windows\system32\drivers\LVUSBS64.sys
11:05:57.0843 0x0d5c LVUSBS64 - ok
11:05:57.0890 0x0d5c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:05:57.0921 0x0d5c Mcx2Svc - ok
11:05:57.0937 0x0d5c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:05:57.0953 0x0d5c megasas - ok
11:05:57.0984 0x0d5c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:05:58.0031 0x0d5c MegaSR - ok
11:05:58.0062 0x0d5c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
11:05:58.0124 0x0d5c MMCSS - ok
11:05:58.0155 0x0d5c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
11:05:58.0218 0x0d5c Modem - ok
11:05:58.0233 0x0d5c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:05:58.0280 0x0d5c monitor - ok
11:05:58.0343 0x0d5c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:05:58.0358 0x0d5c mouclass - ok
11:05:58.0405 0x0d5c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:05:58.0436 0x0d5c mouhid - ok
11:05:58.0467 0x0d5c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:05:58.0499 0x0d5c mountmgr - ok
11:05:58.0561 0x0d5c [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:05:58.0592 0x0d5c MozillaMaintenance - ok
11:05:58.0608 0x0d5c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:05:58.0639 0x0d5c mpio - ok
11:05:58.0686 0x0d5c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:05:58.0733 0x0d5c mpsdrv - ok
11:05:58.0811 0x0d5c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:05:58.0920 0x0d5c MpsSvc - ok
11:05:58.0967 0x0d5c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:05:59.0013 0x0d5c MRxDAV - ok
11:05:59.0045 0x0d5c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:05:59.0091 0x0d5c mrxsmb - ok
11:05:59.0107 0x0d5c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:05:59.0169 0x0d5c mrxsmb10 - ok
11:05:59.0201 0x0d5c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:05:59.0232 0x0d5c mrxsmb20 - ok
11:05:59.0279 0x0d5c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:05:59.0294 0x0d5c msahci - ok
11:05:59.0341 0x0d5c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:05:59.0372 0x0d5c msdsm - ok
11:05:59.0388 0x0d5c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
11:05:59.0466 0x0d5c MSDTC - ok
11:05:59.0497 0x0d5c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:05:59.0544 0x0d5c Msfs - ok
11:05:59.0559 0x0d5c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:05:59.0622 0x0d5c mshidkmdf - ok
11:05:59.0653 0x0d5c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:05:59.0684 0x0d5c msisadrv - ok
11:05:59.0715 0x0d5c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:05:59.0793 0x0d5c MSiSCSI - ok
11:05:59.0793 0x0d5c msiserver - ok
11:05:59.0825 0x0d5c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:05:59.0887 0x0d5c MSKSSRV - ok
11:05:59.0903 0x0d5c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:05:59.0949 0x0d5c MSPCLOCK - ok
11:05:59.0965 0x0d5c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:06:00.0027 0x0d5c MSPQM - ok
11:06:00.0090 0x0d5c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:06:00.0121 0x0d5c MsRPC - ok
11:06:00.0152 0x0d5c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:06:00.0168 0x0d5c mssmbios - ok
11:06:00.0183 0x0d5c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:06:00.0230 0x0d5c MSTEE - ok
11:06:00.0246 0x0d5c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:06:00.0308 0x0d5c MTConfig - ok
11:06:00.0339 0x0d5c [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
11:06:00.0386 0x0d5c MTsensor - ok
11:06:00.0417 0x0d5c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
11:06:00.0449 0x0d5c Mup - ok
11:06:00.0511 0x0d5c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
11:06:00.0589 0x0d5c napagent - ok
11:06:00.0651 0x0d5c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:06:00.0698 0x0d5c NativeWifiP - ok
11:06:00.0854 0x0d5c [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
11:06:00.0901 0x0d5c NAUpdate - ok
11:06:00.0995 0x0d5c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:06:01.0041 0x0d5c NDIS - ok
11:06:01.0073 0x0d5c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:06:01.0135 0x0d5c NdisCap - ok
11:06:01.0166 0x0d5c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:06:01.0229 0x0d5c NdisTapi - ok
11:06:01.0275 0x0d5c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:06:01.0338 0x0d5c Ndisuio - ok
11:06:01.0369 0x0d5c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:06:01.0431 0x0d5c NdisWan - ok
11:06:01.0478 0x0d5c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:06:01.0525 0x0d5c NDProxy - ok
11:06:01.0587 0x0d5c Nero BackItUp Scheduler 4.0 - ok
11:06:01.0619 0x0d5c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:06:01.0681 0x0d5c NetBIOS - ok
11:06:01.0712 0x0d5c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:06:01.0775 0x0d5c NetBT - ok
11:06:01.0790 0x0d5c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon        C:\Windows\system32\lsass.exe
11:06:01.0806 0x0d5c Netlogon - ok
11:06:01.0837 0x0d5c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
11:06:01.0915 0x0d5c Netman - ok
11:06:01.0977 0x0d5c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:06:02.0009 0x0d5c NetMsmqActivator - ok
11:06:02.0024 0x0d5c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:06:02.0055 0x0d5c NetPipeActivator - ok
11:06:02.0087 0x0d5c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
11:06:02.0165 0x0d5c netprofm - ok
11:06:02.0180 0x0d5c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:06:02.0211 0x0d5c NetTcpActivator - ok
11:06:02.0211 0x0d5c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:06:02.0243 0x0d5c NetTcpPortSharing - ok
11:06:02.0274 0x0d5c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:06:02.0305 0x0d5c nfrd960 - ok
11:06:02.0336 0x0d5c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:06:02.0399 0x0d5c NlaSvc - ok
11:06:02.0414 0x0d5c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:06:02.0461 0x0d5c Npfs - ok
11:06:02.0477 0x0d5c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
11:06:02.0523 0x0d5c nsi - ok
11:06:02.0539 0x0d5c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:06:02.0601 0x0d5c nsiproxy - ok
11:06:02.0695 0x0d5c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:06:02.0835 0x0d5c Ntfs - ok
11:06:02.0851 0x0d5c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
11:06:02.0913 0x0d5c Null - ok
11:06:02.0945 0x0d5c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:06:02.0976 0x0d5c nvraid - ok
11:06:03.0007 0x0d5c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:06:03.0038 0x0d5c nvstor - ok
11:06:03.0085 0x0d5c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:06:03.0116 0x0d5c nv_agp - ok
11:06:03.0147 0x0d5c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:06:03.0179 0x0d5c ohci1394 - ok
11:06:03.0210 0x0d5c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:06:03.0257 0x0d5c p2pimsvc - ok
11:06:03.0303 0x0d5c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
11:06:03.0381 0x0d5c p2psvc - ok
11:06:03.0428 0x0d5c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:06:03.0459 0x0d5c Parport - ok
11:06:03.0491 0x0d5c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:06:03.0522 0x0d5c partmgr - ok
11:06:03.0569 0x0d5c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:06:03.0631 0x0d5c PcaSvc - ok
11:06:03.0662 0x0d5c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
11:06:03.0709 0x0d5c pci - ok
11:06:03.0756 0x0d5c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
11:06:03.0771 0x0d5c pciide - ok
11:06:03.0803 0x0d5c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:06:03.0834 0x0d5c pcmcia - ok
11:06:03.0912 0x0d5c [ A0937771070BF59468B4939DD0AE59FD, D785559DB3B38110622082C4C940BC74E08422EB5BD86784AF88FF8CC902A007 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
11:06:03.0959 0x0d5c PCToolsSSDMonitorSvc - ok
11:06:03.0990 0x0d5c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:06:04.0005 0x0d5c pcw - ok
11:06:04.0052 0x0d5c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:06:04.0161 0x0d5c PEAUTH - ok
11:06:04.0239 0x0d5c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:06:04.0271 0x0d5c PerfHost - ok
11:06:04.0364 0x0d5c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
11:06:04.0489 0x0d5c pla - ok
11:06:04.0536 0x0d5c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:06:04.0583 0x0d5c PlugPlay - ok
11:06:04.0614 0x0d5c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:06:04.0661 0x0d5c PNRPAutoReg - ok
11:06:04.0676 0x0d5c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:06:04.0707 0x0d5c PNRPsvc - ok
11:06:04.0739 0x0d5c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:06:04.0817 0x0d5c PolicyAgent - ok
11:06:04.0848 0x0d5c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
11:06:04.0910 0x0d5c Power - ok
11:06:04.0973 0x0d5c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:06:05.0035 0x0d5c PptpMiniport - ok
11:06:05.0066 0x0d5c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:06:05.0097 0x0d5c Processor - ok
11:06:05.0175 0x0d5c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:06:05.0222 0x0d5c ProfSvc - ok
11:06:05.0238 0x0d5c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:06:05.0253 0x0d5c ProtectedStorage - ok
11:06:05.0300 0x0d5c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:06:05.0347 0x0d5c Psched - ok
11:06:05.0425 0x0d5c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:06:05.0550 0x0d5c ql2300 - ok
11:06:05.0565 0x0d5c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:06:05.0597 0x0d5c ql40xx - ok
11:06:05.0643 0x0d5c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
11:06:05.0706 0x0d5c QWAVE - ok
11:06:05.0721 0x0d5c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:06:05.0768 0x0d5c QWAVEdrv - ok
11:06:05.0784 0x0d5c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:06:05.0831 0x0d5c RasAcd - ok
11:06:05.0862 0x0d5c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:06:05.0940 0x0d5c RasAgileVpn - ok
11:06:05.0955 0x0d5c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
11:06:06.0018 0x0d5c RasAuto - ok
11:06:06.0065 0x0d5c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:06:06.0127 0x0d5c Rasl2tp - ok
11:06:06.0174 0x0d5c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
11:06:06.0252 0x0d5c RasMan - ok
11:06:06.0283 0x0d5c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:06:06.0361 0x0d5c RasPppoe - ok
11:06:06.0377 0x0d5c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:06:06.0439 0x0d5c RasSstp - ok
11:06:06.0486 0x0d5c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:06:06.0564 0x0d5c rdbss - ok
11:06:06.0579 0x0d5c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:06:06.0611 0x0d5c rdpbus - ok
11:06:06.0611 0x0d5c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:06:06.0689 0x0d5c RDPCDD - ok
11:06:06.0704 0x0d5c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:06:06.0767 0x0d5c RDPENCDD - ok
11:06:06.0798 0x0d5c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:06:06.0860 0x0d5c RDPREFMP - ok
11:06:06.0985 0x0d5c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:06:07.0032 0x0d5c RdpVideoMiniport - ok
11:06:07.0079 0x0d5c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:06:07.0141 0x0d5c RDPWD - ok
11:06:07.0172 0x0d5c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:06:07.0219 0x0d5c rdyboost - ok
11:06:07.0250 0x0d5c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:06:07.0328 0x0d5c RemoteAccess - ok
11:06:07.0359 0x0d5c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:06:07.0437 0x0d5c RemoteRegistry - ok
11:06:07.0453 0x0d5c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:06:07.0500 0x0d5c RpcEptMapper - ok
11:06:07.0531 0x0d5c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
11:06:07.0562 0x0d5c RpcLocator - ok
11:06:07.0609 0x0d5c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
11:06:07.0671 0x0d5c RpcSs - ok
11:06:07.0703 0x0d5c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:06:07.0765 0x0d5c rspndr - ok
11:06:07.0781 0x0d5c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs           C:\Windows\system32\lsass.exe
11:06:07.0812 0x0d5c SamSs - ok
11:06:07.0905 0x0d5c [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:06:07.0937 0x0d5c SASDIFSV - ok
11:06:07.0968 0x0d5c [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:06:07.0983 0x0d5c SASKUTIL - ok
11:06:08.0015 0x0d5c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:06:08.0046 0x0d5c sbp2port - ok
11:06:08.0077 0x0d5c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:06:08.0171 0x0d5c SCardSvr - ok
11:06:08.0202 0x0d5c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:06:08.0264 0x0d5c scfilter - ok
11:06:08.0327 0x0d5c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
11:06:08.0467 0x0d5c Schedule - ok
11:06:08.0514 0x0d5c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:06:08.0561 0x0d5c SCPolicySvc - ok
11:06:08.0607 0x0d5c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:06:08.0670 0x0d5c SDRSVC - ok
11:06:08.0795 0x0d5c [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
11:06:08.0951 0x0d5c SDScannerService - ok
11:06:09.0060 0x0d5c [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:06:09.0216 0x0d5c SDUpdateService - ok
11:06:09.0247 0x0d5c [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
11:06:09.0263 0x0d5c SDWSCService - ok
11:06:09.0294 0x0d5c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:06:09.0356 0x0d5c secdrv - ok
11:06:09.0387 0x0d5c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
11:06:09.0450 0x0d5c seclogon - ok
11:06:09.0481 0x0d5c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
11:06:09.0543 0x0d5c SENS - ok
11:06:09.0559 0x0d5c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:06:09.0606 0x0d5c SensrSvc - ok
11:06:09.0637 0x0d5c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:06:09.0668 0x0d5c Serenum - ok
11:06:09.0699 0x0d5c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:06:09.0746 0x0d5c Serial - ok
11:06:09.0793 0x0d5c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:06:09.0809 0x0d5c sermouse - ok
11:06:09.0855 0x0d5c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
11:06:09.0918 0x0d5c SessionEnv - ok
11:06:09.0965 0x0d5c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:06:10.0011 0x0d5c sffdisk - ok
11:06:10.0027 0x0d5c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:06:10.0074 0x0d5c sffp_mmc - ok
11:06:10.0089 0x0d5c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:06:10.0121 0x0d5c sffp_sd - ok
11:06:10.0121 0x0d5c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:06:10.0167 0x0d5c sfloppy - ok
11:06:10.0199 0x0d5c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:06:10.0292 0x0d5c SharedAccess - ok
11:06:10.0355 0x0d5c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:06:10.0417 0x0d5c ShellHWDetection - ok
11:06:10.0433 0x0d5c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:06:10.0464 0x0d5c SiSRaid2 - ok
11:06:10.0479 0x0d5c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:06:10.0495 0x0d5c SiSRaid4 - ok
11:06:10.0542 0x0d5c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:06:10.0604 0x0d5c Smb - ok
11:06:10.0635 0x0d5c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:06:10.0682 0x0d5c SNMPTRAP - ok
11:06:10.0698 0x0d5c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:06:10.0729 0x0d5c spldr - ok
11:06:10.0776 0x0d5c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
11:06:10.0807 0x0d5c Spooler - ok
11:06:10.0994 0x0d5c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
11:06:11.0197 0x0d5c sppsvc - ok
11:06:11.0213 0x0d5c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:06:11.0275 0x0d5c sppuinotify - ok
11:06:11.0322 0x0d5c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:06:11.0384 0x0d5c srv - ok
11:06:11.0431 0x0d5c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:06:11.0493 0x0d5c srv2 - ok
11:06:11.0525 0x0d5c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:06:11.0556 0x0d5c srvnet - ok
11:06:11.0587 0x0d5c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:06:11.0665 0x0d5c SSDPSRV - ok
11:06:11.0696 0x0d5c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:06:11.0743 0x0d5c SstpSvc - ok
11:06:11.0774 0x0d5c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:06:11.0805 0x0d5c stexstor - ok
11:06:11.0868 0x0d5c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
11:06:11.0961 0x0d5c stisvc - ok
11:06:11.0993 0x0d5c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:06:12.0024 0x0d5c swenum - ok
11:06:12.0055 0x0d5c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
11:06:12.0149 0x0d5c swprv - ok
11:06:12.0258 0x0d5c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
11:06:12.0429 0x0d5c SysMain - ok
11:06:12.0476 0x0d5c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:06:12.0507 0x0d5c TabletInputService - ok
11:06:12.0570 0x0d5c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:06:12.0648 0x0d5c TapiSrv - ok
11:06:12.0663 0x0d5c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
11:06:12.0726 0x0d5c TBS - ok
11:06:12.0835 0x0d5c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:06:12.0991 0x0d5c Tcpip - ok
11:06:13.0085 0x0d5c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:06:13.0147 0x0d5c TCPIP6 - ok
11:06:13.0209 0x0d5c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:06:13.0225 0x0d5c tcpipreg - ok
11:06:13.0256 0x0d5c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:06:13.0303 0x0d5c TDPIPE - ok
11:06:13.0334 0x0d5c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:06:13.0365 0x0d5c TDTCP - ok
11:06:13.0428 0x0d5c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:06:13.0475 0x0d5c tdx - ok
11:06:13.0521 0x0d5c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:06:13.0537 0x0d5c TermDD - ok
11:06:13.0615 0x0d5c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
11:06:13.0693 0x0d5c TermService - ok
11:06:13.0709 0x0d5c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
11:06:13.0755 0x0d5c Themes - ok
11:06:13.0787 0x0d5c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
11:06:13.0833 0x0d5c THREADORDER - ok
11:06:13.0849 0x0d5c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
11:06:13.0927 0x0d5c TrkWks - ok
11:06:13.0989 0x0d5c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:06:14.0083 0x0d5c TrustedInstaller - ok
11:06:14.0145 0x0d5c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:06:14.0161 0x0d5c tssecsrv - ok
11:06:14.0223 0x0d5c [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:06:14.0255 0x0d5c TsUsbFlt - ok
11:06:14.0317 0x0d5c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:06:14.0379 0x0d5c tunnel - ok
11:06:14.0411 0x0d5c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:06:14.0442 0x0d5c uagp35 - ok
11:06:14.0489 0x0d5c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:06:14.0567 0x0d5c udfs - ok
11:06:14.0598 0x0d5c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:06:14.0629 0x0d5c UI0Detect - ok
11:06:14.0645 0x0d5c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:06:14.0676 0x0d5c uliagpkx - ok
11:06:14.0707 0x0d5c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:06:14.0738 0x0d5c umbus - ok
11:06:14.0754 0x0d5c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:06:14.0801 0x0d5c UmPass - ok
11:06:14.0847 0x0d5c [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
11:06:14.0879 0x0d5c UnlockerDriver5 - ok
11:06:14.0910 0x0d5c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
11:06:14.0988 0x0d5c upnphost - ok
11:06:15.0035 0x0d5c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
11:06:15.0081 0x0d5c usbaudio - ok
11:06:15.0113 0x0d5c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:06:15.0159 0x0d5c usbccgp - ok
11:06:15.0222 0x0d5c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:06:15.0253 0x0d5c usbcir - ok
11:06:15.0284 0x0d5c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:06:15.0315 0x0d5c usbehci - ok
11:06:15.0362 0x0d5c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:06:15.0409 0x0d5c usbhub - ok
11:06:15.0440 0x0d5c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:06:15.0471 0x0d5c usbohci - ok
11:06:15.0487 0x0d5c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:06:15.0534 0x0d5c usbprint - ok
11:06:15.0549 0x0d5c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:06:15.0581 0x0d5c USBSTOR - ok
11:06:15.0596 0x0d5c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:06:15.0612 0x0d5c usbuhci - ok
11:06:15.0643 0x0d5c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
11:06:15.0721 0x0d5c UxSms - ok
11:06:15.0737 0x0d5c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc        C:\Windows\system32\lsass.exe
11:06:15.0752 0x0d5c VaultSvc - ok
11:06:15.0768 0x0d5c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:06:15.0799 0x0d5c vdrvroot - ok
11:06:15.0861 0x0d5c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
11:06:15.0939 0x0d5c vds - ok
11:06:15.0971 0x0d5c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:06:16.0002 0x0d5c vga - ok
11:06:16.0002 0x0d5c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:06:16.0064 0x0d5c VgaSave - ok
11:06:16.0111 0x0d5c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:06:16.0158 0x0d5c vhdmp - ok
11:06:16.0189 0x0d5c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:06:16.0220 0x0d5c viaide - ok
11:06:16.0236 0x0d5c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:06:16.0267 0x0d5c volmgr - ok
11:06:16.0314 0x0d5c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:06:16.0345 0x0d5c volmgrx - ok
11:06:16.0376 0x0d5c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:06:16.0423 0x0d5c volsnap - ok
11:06:16.0454 0x0d5c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:06:16.0485 0x0d5c vsmraid - ok
11:06:16.0579 0x0d5c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
11:06:16.0751 0x0d5c VSS - ok
11:06:16.0782 0x0d5c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:06:16.0829 0x0d5c vwifibus - ok
11:06:16.0875 0x0d5c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
11:06:16.0953 0x0d5c W32Time - ok
11:06:17.0000 0x0d5c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:06:17.0016 0x0d5c WacomPen - ok
11:06:17.0047 0x0d5c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:06:17.0094 0x0d5c WANARP - ok
11:06:17.0109 0x0d5c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:06:17.0156 0x0d5c Wanarpv6 - ok
11:06:17.0219 0x0d5c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:06:17.0297 0x0d5c WatAdminSvc - ok
11:06:17.0390 0x0d5c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
11:06:17.0515 0x0d5c wbengine - ok
11:06:17.0546 0x0d5c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:06:17.0609 0x0d5c WbioSrvc - ok
11:06:17.0655 0x0d5c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:06:17.0718 0x0d5c wcncsvc - ok
11:06:17.0733 0x0d5c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:06:17.0780 0x0d5c WcsPlugInService - ok
11:06:17.0780 0x0d5c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:06:17.0811 0x0d5c Wd - ok
11:06:17.0843 0x0d5c [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
11:06:17.0905 0x0d5c WDC_SAM - ok
11:06:17.0967 0x0d5c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:06:18.0061 0x0d5c Wdf01000 - ok
11:06:18.0108 0x0d5c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:06:18.0155 0x0d5c WdiServiceHost - ok
11:06:18.0155 0x0d5c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:06:18.0186 0x0d5c WdiSystemHost - ok
11:06:18.0233 0x0d5c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
11:06:18.0279 0x0d5c WebClient - ok
11:06:18.0311 0x0d5c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:06:18.0389 0x0d5c Wecsvc - ok
11:06:18.0404 0x0d5c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:06:18.0467 0x0d5c wercplsupport - ok
11:06:18.0498 0x0d5c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:06:18.0576 0x0d5c WerSvc - ok
11:06:18.0607 0x0d5c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:06:18.0654 0x0d5c WfpLwf - ok
11:06:18.0669 0x0d5c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:06:18.0701 0x0d5c WIMMount - ok
11:06:18.0716 0x0d5c WinDefend - ok
11:06:18.0747 0x0d5c WinHttpAutoProxySvc - ok
11:06:18.0810 0x0d5c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:06:18.0888 0x0d5c Winmgmt - ok
11:06:19.0013 0x0d5c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
11:06:19.0169 0x0d5c WinRM - ok
11:06:19.0262 0x0d5c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:06:19.0293 0x0d5c WinUsb - ok
11:06:19.0340 0x0d5c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:06:19.0418 0x0d5c Wlansvc - ok
11:06:19.0605 0x0d5c [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:06:19.0761 0x0d5c wlidsvc - ok
11:06:19.0808 0x0d5c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:06:19.0824 0x0d5c WmiAcpi - ok
11:06:19.0855 0x0d5c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:06:19.0902 0x0d5c wmiApSrv - ok
11:06:19.0917 0x0d5c WMPNetworkSvc - ok
11:06:19.0949 0x0d5c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:06:19.0980 0x0d5c WPCSvc - ok
11:06:20.0011 0x0d5c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:06:20.0058 0x0d5c WPDBusEnum - ok
11:06:20.0073 0x0d5c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:06:20.0120 0x0d5c ws2ifsl - ok
11:06:20.0151 0x0d5c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
11:06:20.0198 0x0d5c wscsvc - ok
11:06:20.0198 0x0d5c WSearch - ok
11:06:20.0323 0x0d5c [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:06:20.0448 0x0d5c wuauserv - ok
11:06:20.0479 0x0d5c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:06:20.0495 0x0d5c WudfPf - ok
11:06:20.0526 0x0d5c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:06:20.0557 0x0d5c WUDFRd - ok
11:06:20.0588 0x0d5c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:06:20.0619 0x0d5c wudfsvc - ok
11:06:20.0682 0x0d5c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:06:20.0729 0x0d5c WwanSvc - ok
11:06:20.0760 0x0d5c ================ Scan global ===============================
11:06:20.0775 0x0d5c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
11:06:20.0838 0x0d5c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
11:06:20.0869 0x0d5c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
11:06:20.0885 0x0d5c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:06:20.0931 0x0d5c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
11:06:20.0947 0x0d5c [ Global ] - ok
11:06:20.0947 0x0d5c ================ Scan MBR ==================================
11:06:20.0978 0x0d5c [ BD4E9B2E7E9FDEAB4085200CC32AD634 ] \Device\Harddisk0\DR0
11:06:21.0587 0x0d5c \Device\Harddisk0\DR0 - ok
11:06:21.0587 0x0d5c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
11:06:21.0992 0x0d5c \Device\Harddisk1\DR1 - ok
11:06:21.0992 0x0d5c ================ Scan VBR ==================================
11:06:21.0992 0x0d5c [ E45A4B54CF69536DF9BE39555B93BAC9 ] \Device\Harddisk0\DR0\Partition1
11:06:21.0992 0x0d5c \Device\Harddisk0\DR0\Partition1 - ok
11:06:21.0992 0x0d5c [ 28C0133A2B041992098312F4A4479E81 ] \Device\Harddisk1\DR1\Partition1
11:06:22.0070 0x0d5c \Device\Harddisk1\DR1\Partition1 - ok
11:06:22.0070 0x0d5c ================ Scan generic autorun ======================
11:06:22.0632 0x0d5c [ 47D99FEC44A9E082B2D761AB5A938CA8, FF8CAD5CD331A7DAFAA616C530F500E74663EC86BB832032D2EFD3F77EBF75FF ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11:06:22.0975 0x0d5c RTHDVCPL - ok
11:06:23.0100 0x0d5c [ 5DADB84EBBF4EEA44777BE8F9D274B9C, C0B317493438EDACE8F11964FEB37AEA132296A067CAC531998346DE92CEA2C3 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
11:06:23.0147 0x0d5c COMODO Internet Security - ok
11:06:23.0240 0x0d5c [ 69B388D8F3085411D00F875FF5CBCAF6, 22F6DCF1E6D1DD28793CCDFE9FC33E737180BB3C5C65BE3BFA9C2522B6B6F66B ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
11:06:23.0271 0x0d5c avgnt - ok
11:06:23.0334 0x0d5c [ BB10E34B162FBEAE5636474A79026A0D, 700629C7497ED01E5B7DF99F0D8F56FF30BBA067ED65AC7A0D77B3765C596ECB ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
11:06:23.0349 0x0d5c Avira Systray - ok
11:06:23.0459 0x0d5c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:06:23.0615 0x0d5c Sidebar - ok
11:06:23.0646 0x0d5c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:06:23.0677 0x0d5c mctadmin - ok
11:06:23.0708 0x0d5c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:06:23.0755 0x0d5c Sidebar - ok
11:06:23.0771 0x0d5c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:06:23.0802 0x0d5c mctadmin - ok
11:06:23.0802 0x0d5c Waiting for KSN requests completion. In queue: 100
11:06:24.0816 0x0d5c Waiting for KSN requests completion. In queue: 100
11:06:25.0830 0x0d5c Waiting for KSN requests completion. In queue: 100
11:06:26.0969 0x0d5c AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x40000 ( disabled : updated )
11:06:26.0969 0x0d5c FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.1.0.4426 ), 0x61010 ( enabled )
11:06:29.0355 0x0d5c ============================================================
11:06:29.0355 0x0d5c Scan finished
11:06:29.0355 0x0d5c ============================================================
11:06:29.0355 0x0c3c Detected object count: 0
11:06:29.0355 0x0c3c Actual detected object count: 0
11:07:13.0472 0x0770 Deinitialize success

Edited by fireberd, 03 April 2015 - 04:27 AM.

#6
emeraldnzl

Posted 03 April 2015 - 12:06 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Did you reboot? If not please do so.

After that

Please download Farbar Service Scanner and run.

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

Press Scan
A log (FSS.txt) will be created in the same directory the tool is run.
Copy and paste the log back here.

#7
fireberd

Posted 04 April 2015 - 04:49 AM

Member

Topic Starter
Member
15 posts

FSS log as requested:

Farbar Service Scanner Version: 17-01-2015
Ran by user (administrator) on 04-04-2015 at 11:33:09
Running from "C:\Users\user\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

PlugPlay Service is not running. Checking service configuration:
The start type of PlugPlay service is OK.
The ImagePath of PlugPlay service is OK.

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

#8
emeraldnzl

Posted 04 April 2015 - 01:03 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello fireberd,

I am not seeing malware jumping out at me to cause this.

There are errors there which a techie would be better placed to help you with.

Before you go to the technical section though we should make sure we have removed what we can in the way of baddies.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next

Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

Click on Scan and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

#9
fireberd

Posted 05 April 2015 - 05:28 AM

Member

Topic Starter
Member
15 posts

I was actually wondering if the problem of slow booting and audio not starting was a technical issue,rather than malware, because I noticed these lines in the additional log created by FRST64:

Error: (04/02/2015 03:27:10 PM) (Source: Service Control Manager) (EventID: 7017) (User: )
Description: Detected circular dependencies demand starting Windows Audio Endpoint Builder.
Check the service dependency tree.

Error: (04/02/2015 03:27:10 PM) (Source: Service Control Manager) (EventID: 7019) (User: )
Description: The Windows Audio Endpoint Builder service depends on a service in a group which
starts later. Change the order in the service dependency tree to ensure that
all services required to start this service are starting before this service is started.

However,here are the JRT and ADW logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by user on 05/04/2015 at 11:49:25.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

~~~ FireFox

Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\fogqhnk3.default\user.js
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\fogqhnk3.default\extensions\staged
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\fogqhnk3.default\minidumps [13 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/04/2015 at 12:08:28.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADW generated two logs,one called [RO] one called [SO]

# AdwCleaner v4.200 - Logfile created 05/04/2015 at 12:10:47
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner_4.200.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\users\user\Documents\Updater

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v36.0.1 (x86 en-GB)

-\\ Google Chrome v

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [831 bytes] - [05/04/2015 12:10:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [889 bytes] ##########

# AdwCleaner v4.200 - Logfile created 05/04/2015 at 12:11:59
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\users\user\Documents\Updater

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v36.0.1 (x86 en-GB)

-\\ Google Chrome v

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [967 bytes] - [05/04/2015 12:10:47]
AdwCleaner[S0].txt - [897 bytes] - [05/04/2015 12:11:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [955 bytes] ##########

#10
emeraldnzl

Posted 05 April 2015 - 03:59 PM

GeekU Instructor

GeekU Moderator
20,051 posts

because I noticed these lines in the additional log created by FRST64:

Me too, and as I said a techie is better placed to deal with that.

One last one and after that, if there is still no progress I think it will be time for you to open a topic in the technical section.

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Double click on ComboFix.exe & follow the prompts.
If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
Your desktop may go blank. This is normal.
ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#11
fireberd

Posted 06 April 2015 - 07:38 AM

Member

Topic Starter
Member
15 posts

Combofix log:

ComboFix 15-04-01.01 - user 06/04/2015 14:04:00.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3071.1888 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: COMODO Firewall *Disabled* {C8870897-C358-086B-2944-184866CC6D0A}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Comodo Defense+ *Disabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-06 to 2015-04-06 )))))))))))))))))))))))))))))))
.
.
2015-04-06 13:14 . 2015-04-06 13:14   --------   d-----w-   c:\users\Default\AppData\Local\temp
2015-04-05 11:10 . 2015-04-05 11:12   --------   d-----w-   C:\AdwCleaner
2015-04-05 10:49 . 2015-04-05 10:49   --------   d-----w-   C:\RegBackup
2015-04-04 23:39 . 2015-04-04 23:39   --------   d-s---w-   c:\windows\system32\GWX
2015-04-04 23:39 . 2015-04-04 23:39   --------   d-s---w-   c:\windows\SysWow64\GWX
2015-04-04 13:41 . 2015-04-04 13:33   404480   ----a-w-   c:\windows\SysWow64\umpnpmgr.dll
2015-04-02 14:32 . 2015-04-02 14:35   --------   d-----w-   C:\FRST
2015-03-30 20:09 . 2015-03-30 20:09   295936   ----a-w-   c:\windows\SysWow64\appmgr.dll
2015-03-30 20:09 . 2015-03-30 20:09   --------   d-----w-   c:\windows\SysWow64\GPBAK
2015-03-30 20:09 . 2015-03-30 20:09   707354   ----a-w-   c:\windows\unins000.exe
2015-03-24 21:26 . 2015-03-24 21:26   943616   ----a-w-   c:\windows\system32\appraiser.dll
2015-03-24 21:26 . 2015-03-24 21:26   677888   ----a-w-   c:\windows\system32\generaltel.dll
2015-03-24 21:26 . 2015-03-24 21:26   30720   ----a-w-   c:\windows\system32\acmigration.dll
2015-03-24 21:26 . 2015-03-24 21:26   760832   ----a-w-   c:\windows\system32\invagent.dll
2015-03-24 21:26 . 2015-03-24 21:26   414720   ----a-w-   c:\windows\system32\devinv.dll
2015-03-24 21:26 . 2015-03-24 21:26   227328   ----a-w-   c:\windows\system32\aepdu.dll
2015-03-24 21:26 . 2015-03-24 21:26   192000   ----a-w-   c:\windows\system32\aepic.dll
2015-03-24 21:26 . 2015-03-24 21:26   1107456   ----a-w-   c:\windows\system32\aeinv.dll
2015-03-22 21:34 . 2015-04-01 14:37   --------   d-----w-   c:\users\user\AppData\Local\Amazon Music
2015-03-13 14:39 . 2015-03-13 14:39   372224   ----a-w-   c:\windows\system32\atmfd.dll
2015-03-13 14:39 . 2015-03-13 14:39   299008   ----a-w-   c:\windows\SysWow64\atmfd.dll
2015-03-13 14:39 . 2015-03-13 14:39   70656   ----a-w-   c:\windows\SysWow64\fontsub.dll
2015-03-13 14:39 . 2015-03-13 14:39   46080   ----a-w-   c:\windows\system32\atmlib.dll
2015-03-13 14:39 . 2015-03-13 14:39   41984   ----a-w-   c:\windows\system32\lpk.dll
2015-03-13 14:39 . 2015-03-13 14:39   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2015-03-13 14:39 . 2015-03-13 14:39   25600   ----a-w-   c:\windows\SysWow64\lpk.dll
2015-03-13 14:39 . 2015-03-13 14:39   14336   ----a-w-   c:\windows\system32\dciman32.dll
2015-03-13 14:39 . 2015-03-13 14:39   10240   ----a-w-   c:\windows\SysWow64\dciman32.dll
2015-03-13 14:39 . 2015-03-13 14:39   100864   ----a-w-   c:\windows\system32\fontsub.dll
2015-03-13 14:39 . 2015-03-13 14:39   842240   ----a-w-   c:\windows\system32\blackbox.dll
2015-03-13 14:39 . 2015-03-13 14:39   744960   ----a-w-   c:\windows\SysWow64\blackbox.dll
2015-03-13 14:37 . 2015-03-13 14:37   215552   ----a-w-   c:\windows\system32\ubpm.dll
2015-03-13 14:36 . 2015-03-13 14:36   828928   ----a-w-   c:\windows\SysWow64\msctf.dll
2015-03-13 14:36 . 2015-03-13 14:36   1067520   ----a-w-   c:\windows\system32\msctf.dll
2015-03-13 14:36 . 2015-03-13 14:36   1424896   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2015-03-13 14:36 . 2015-03-13 14:36   1230848   ----a-w-   c:\windows\SysWow64\WindowsCodecs.dll
2015-03-13 14:29 . 2015-03-13 14:29   293032   ----a-w-   c:\program files\Internet Explorer\sqmapi.dll
2015-03-13 14:29 . 2015-03-13 14:29   25021440   ----a-w-   c:\windows\system32\mshtml.dll
2015-03-13 14:29 . 2015-03-13 14:29   1016832   ----a-w-   c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-03-13 14:29 . 2015-03-13 14:29   465920   ----a-w-   c:\windows\system32\WMPhoto.dll
2015-03-13 14:29 . 2015-03-13 14:29   417792   ----a-w-   c:\windows\SysWow64\WMPhoto.dll
2015-03-12 21:02 . 2015-03-12 21:02   --------   d-----w-   c:\program files (x86)\File Recovery
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-01 16:14 . 2014-12-14 17:15   129752   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-30 20:09 . 2014-05-14 09:17   124928   ----a-w-   c:\windows\SysWow64\fde.dll
2015-03-30 20:09 . 2014-05-14 09:17   73728   ----a-w-   c:\windows\SysWow64\fdeploy.dll
2015-03-30 20:09 . 2009-07-13 23:38   566784   ----a-w-   c:\windows\SysWow64\gpedit.dll
2015-03-30 20:09 . 2009-07-13 23:34   199680   ----a-w-   c:\windows\SysWow64\gptext.dll
2015-03-11 23:00 . 2014-05-13 11:50   122905848   ----a-w-   c:\windows\system32\MRT.exe
2015-03-10 13:56 . 2014-06-02 16:13   128536   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2015-03-10 13:56 . 2014-06-02 16:13   28600   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2015-03-10 13:56 . 2014-06-02 16:13   132120   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2015-03-10 13:55 . 2014-06-03 08:40   44088   ----a-w-   c:\windows\system32\drivers\avnetflt.sys
2015-03-03 01:46 . 2015-03-03 01:46   77656   ----a-w-   c:\windows\system32\XAPOFX1_5.dll
2015-03-03 01:46 . 2015-03-03 01:46   74072   ----a-w-   c:\windows\SysWow64\XAPOFX1_5.dll
2015-03-03 01:46 . 2015-03-03 01:46   527192   ----a-w-   c:\windows\SysWow64\XAudio2_7.dll
2015-03-03 01:46 . 2015-03-03 01:46   518488   ----a-w-   c:\windows\system32\XAudio2_7.dll
2015-03-03 01:46 . 2015-03-03 01:46   239960   ----a-w-   c:\windows\SysWow64\xactengine3_7.dll
2015-03-03 01:46 . 2015-03-03 01:46   176984   ----a-w-   c:\windows\system32\xactengine3_7.dll
2015-03-03 01:46 . 2015-03-03 01:46   2526056   ----a-w-   c:\windows\system32\D3DCompiler_43.dll
2015-03-03 01:46 . 2015-03-03 01:46   2106216   ----a-w-   c:\windows\SysWow64\D3DCompiler_43.dll
2015-03-03 01:46 . 2015-03-03 01:46   1868128   ----a-w-   c:\windows\SysWow64\d3dcsx_43.dll
2015-03-03 01:46 . 2015-03-03 01:46   248672   ----a-w-   c:\windows\SysWow64\d3dx11_43.dll
2015-03-03 01:46 . 2015-03-03 01:46   470880   ----a-w-   c:\windows\SysWow64\d3dx10_43.dll
2015-03-03 01:46 . 2015-03-03 01:46   2401112   ----a-w-   c:\windows\system32\D3DX9_43.dll
2015-03-03 01:46 . 2015-03-03 01:46   1998168   ----a-w-   c:\windows\SysWow64\D3DX9_43.dll
2015-03-03 01:46 . 2015-03-03 01:46   74072   ----a-w-   c:\windows\SysWow64\XAPOFX1_4.dll
2015-03-03 01:46 . 2015-03-03 01:46   530776   ----a-w-   c:\windows\system32\XAudio2_6.dll
2015-03-03 01:46 . 2015-03-03 01:46   528216   ----a-w-   c:\windows\SysWow64\XAudio2_6.dll
2015-03-03 01:46 . 2015-03-03 01:46   238936   ----a-w-   c:\windows\SysWow64\xactengine3_6.dll
2015-03-03 01:46 . 2015-03-03 01:46   176984   ----a-w-   c:\windows\system32\xactengine3_6.dll
2015-03-03 01:46 . 2015-03-03 01:46   24920   ----a-w-   c:\windows\system32\X3DAudio1_7.dll
2015-03-03 01:46 . 2015-03-03 01:46   22360   ----a-w-   c:\windows\SysWow64\X3DAudio1_7.dll
2015-03-03 01:46 . 2015-03-03 01:46   517960   ----a-w-   c:\windows\system32\XAudio2_5.dll
2015-03-03 01:46 . 2015-03-03 01:46   515416   ----a-w-   c:\windows\SysWow64\XAudio2_5.dll
2015-03-03 01:46 . 2015-03-03 01:46   2582888   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2015-03-03 01:46 . 2015-03-03 01:46   238936   ----a-w-   c:\windows\SysWow64\xactengine3_5.dll
2015-03-03 01:46 . 2015-03-03 01:46   1974616   ----a-w-   c:\windows\SysWow64\D3DCompiler_42.dll
2015-03-03 01:46 . 2015-03-03 01:46   176968   ----a-w-   c:\windows\system32\xactengine3_5.dll
2015-03-03 01:46 . 2015-03-03 01:46   5554512   ----a-w-   c:\windows\system32\d3dcsx_42.dll
2015-03-03 01:46 . 2015-03-03 01:46   5501792   ----a-w-   c:\windows\SysWow64\d3dcsx_42.dll
2015-03-03 01:46 . 2015-03-03 01:46   285024   ----a-w-   c:\windows\system32\d3dx11_42.dll
2015-03-03 01:46 . 2015-03-03 01:46   235344   ----a-w-   c:\windows\SysWow64\d3dx11_42.dll
2015-03-03 01:46 . 2015-03-03 01:46   523088   ----a-w-   c:\windows\system32\d3dx10_42.dll
2015-03-03 01:46 . 2015-03-03 01:46   453456   ----a-w-   c:\windows\SysWow64\d3dx10_42.dll
2015-03-03 01:46 . 2015-03-03 01:46   2475352   ----a-w-   c:\windows\system32\D3DX9_42.dll
2015-03-03 01:46 . 2015-03-03 01:46   1892184   ----a-w-   c:\windows\SysWow64\D3DX9_42.dll
2015-03-03 01:46 . 2015-03-03 01:46   520544   ----a-w-   c:\windows\system32\d3dx10_41.dll
2015-03-03 01:46 . 2015-03-03 01:46   2430312   ----a-w-   c:\windows\system32\D3DCompiler_41.dll
2015-03-03 01:46 . 2015-03-03 01:46   5425496   ----a-w-   c:\windows\system32\D3DX9_41.dll
2015-03-03 01:46 . 2015-03-03 01:46   4178264   ----a-w-   c:\windows\SysWow64\D3DX9_41.dll
2015-03-03 01:46 . 2015-03-03 01:46   73544   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2015-03-03 01:46 . 2015-03-03 01:46   521560   ----a-w-   c:\windows\system32\XAudio2_4.dll
2015-03-03 01:46 . 2015-03-03 01:46   69448   ----a-w-   c:\windows\SysWow64\XAPOFX1_3.dll
2015-03-03 01:46 . 2015-03-03 01:46   517448   ----a-w-   c:\windows\SysWow64\XAudio2_4.dll
2015-03-03 01:46 . 2015-03-03 01:45   174936   ----a-w-   c:\windows\system32\xactengine3_4.dll
2015-03-03 01:45 . 2015-03-03 01:45   24920   ----a-w-   c:\windows\system32\X3DAudio1_6.dll
2015-03-03 01:45 . 2015-03-03 01:45   235352   ----a-w-   c:\windows\SysWow64\xactengine3_4.dll
2015-03-03 01:45 . 2015-03-03 01:45   22360   ----a-w-   c:\windows\SysWow64\X3DAudio1_6.dll
2015-03-03 01:45 . 2015-03-03 01:45   519000   ----a-w-   c:\windows\system32\d3dx10_40.dll
2015-03-03 01:45 . 2015-03-03 01:45   452440   ----a-w-   c:\windows\SysWow64\d3dx10_40.dll
2015-03-03 01:45 . 2015-03-03 01:45   2605920   ----a-w-   c:\windows\system32\D3DCompiler_40.dll
2015-03-03 01:45 . 2015-03-03 01:45   2036576   ----a-w-   c:\windows\SysWow64\D3DCompiler_40.dll
2015-03-03 01:45 . 2015-03-03 01:45   5631312   ----a-w-   c:\windows\system32\D3DX9_40.dll
2015-03-03 01:45 . 2015-03-03 01:45   4379984   ----a-w-   c:\windows\SysWow64\D3DX9_40.dll
2015-03-03 01:45 . 2015-03-03 01:45   74576   ----a-w-   c:\windows\system32\XAPOFX1_2.dll
2015-03-03 01:45 . 2015-03-03 01:45   70992   ----a-w-   c:\windows\SysWow64\XAPOFX1_2.dll
2015-03-03 01:45 . 2015-03-03 01:45   518480   ----a-w-   c:\windows\system32\XAudio2_3.dll
2015-03-03 01:45 . 2015-03-03 01:45   514384   ----a-w-   c:\windows\SysWow64\XAudio2_3.dll
2015-03-03 01:45 . 2015-03-03 01:45   235856   ----a-w-   c:\windows\SysWow64\xactengine3_3.dll
2015-03-03 01:45 . 2015-03-03 01:45   175440   ----a-w-   c:\windows\system32\xactengine3_3.dll
2015-03-03 01:45 . 2015-03-03 01:45   25936   ----a-w-   c:\windows\system32\X3DAudio1_5.dll
2015-03-03 01:45 . 2015-03-03 01:45   23376   ----a-w-   c:\windows\SysWow64\X3DAudio1_5.dll
2015-03-03 01:45 . 2015-03-03 01:45   72200   ----a-w-   c:\windows\system32\XAPOFX1_1.dll
2015-03-03 01:45 . 2015-03-03 01:45   513544   ----a-w-   c:\windows\system32\XAudio2_2.dll
2015-03-03 01:45 . 2015-03-03 01:45   68616   ----a-w-   c:\windows\SysWow64\XAPOFX1_1.dll
2015-03-03 01:45 . 2015-03-03 01:45   509448   ----a-w-   c:\windows\SysWow64\XAudio2_2.dll
2015-03-03 01:45 . 2015-03-03 01:45   177672   ----a-w-   c:\windows\system32\xactengine3_2.dll
2015-03-03 01:45 . 2015-03-03 01:45   540688   ----a-w-   c:\windows\system32\d3dx10_39.dll
2015-03-03 01:45 . 2015-03-03 01:45   467984   ----a-w-   c:\windows\SysWow64\d3dx10_39.dll
2015-03-03 01:45 . 2015-03-03 01:45   238088   ----a-w-   c:\windows\SysWow64\xactengine3_2.dll
2015-03-03 01:45 . 2015-03-03 01:45   1942552   ----a-w-   c:\windows\system32\D3DCompiler_39.dll
2015-03-03 01:45 . 2015-03-03 01:45   1493528   ----a-w-   c:\windows\SysWow64\D3DCompiler_39.dll
2015-03-03 01:45 . 2015-03-03 01:45   4992520   ----a-w-   c:\windows\system32\D3DX9_39.dll
2015-03-03 01:45 . 2015-03-03 01:45   3851784   ----a-w-   c:\windows\SysWow64\D3DX9_39.dll
2015-03-03 01:45 . 2015-03-03 01:45   68104   ----a-w-   c:\windows\system32\XAPOFX1_0.dll
2015-03-03 01:45 . 2015-03-03 01:45   65032   ----a-w-   c:\windows\SysWow64\XAPOFX1_0.dll
2015-03-03 01:45 . 2015-03-03 01:45   511496   ----a-w-   c:\windows\system32\XAudio2_1.dll
2015-03-03 01:45 . 2015-03-03 01:45   507400   ----a-w-   c:\windows\SysWow64\XAudio2_1.dll
2015-03-03 01:45 . 2015-03-03 01:45   238088   ----a-w-   c:\windows\SysWow64\xactengine3_1.dll
2015-03-03 01:45 . 2015-03-03 01:45   177672   ----a-w-   c:\windows\system32\xactengine3_1.dll
2015-03-03 01:45 . 2015-03-03 01:45   28168   ----a-w-   c:\windows\system32\X3DAudio1_4.dll
2015-03-03 01:45 . 2015-03-03 01:45   540688   ----a-w-   c:\windows\system32\d3dx10_38.dll
2015-03-03 01:45 . 2015-03-03 01:45   467984   ----a-w-   c:\windows\SysWow64\d3dx10_38.dll
2015-03-03 01:45 . 2015-03-03 01:45   25608   ----a-w-   c:\windows\SysWow64\X3DAudio1_4.dll
2015-03-03 01:45 . 2015-03-03 01:45   1941528   ----a-w-   c:\windows\system32\D3DCompiler_38.dll
2015-03-03 01:45 . 2015-03-03 01:45   1491992   ----a-w-   c:\windows\SysWow64\D3DCompiler_38.dll
2015-03-03 01:45 . 2015-03-03 01:45   4991496   ----a-w-   c:\windows\system32\D3DX9_38.dll
2015-03-03 01:45 . 2015-03-03 01:45   3850760   ----a-w-   c:\windows\SysWow64\D3DX9_38.dll
2015-03-03 01:45 . 2015-03-03 01:45   489480   ----a-w-   c:\windows\system32\XAudio2_0.dll
2015-03-03 01:45 . 2015-03-03 01:45   479752   ----a-w-   c:\windows\SysWow64\XAudio2_0.dll
2015-03-03 01:45 . 2015-03-03 01:45   28168   ----a-w-   c:\windows\system32\X3DAudio1_3.dll
2015-03-03 01:45 . 2015-03-03 01:45   25608   ----a-w-   c:\windows\SysWow64\X3DAudio1_3.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-03-19 704512]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-04-01 126712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-02-03 1297624]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fogqhnk3.default\
FF - prefs.js: browser.startup.homepage - www.trle.net
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-50118736.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Completion time: 2015-04-06 14:32:42 - machine was rebooted
ComboFix-quarantined-files.txt 2015-04-06 13:32
.
Pre-Run: 151,242,289,152 bytes free
Post-Run: 151,056,932,864 bytes free
.
- - End Of File - - F8C9DEBEA527FF7087517B4ACE6340D0
BD4E9B2E7E9FDEAB4085200CC32AD634

#12
emeraldnzl

Posted 06 April 2015 - 02:23 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello fireberd,

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

CHR Extension: (avast! Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - No Path Or update_url value

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

#13
fireberd

Posted 06 April 2015 - 02:57 PM

Member

Topic Starter
Member
15 posts

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by user at 2015-04-06 21:53:11 Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR Extension: (avast! Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - No Path Or update_url value
*****************

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.

==== End of Fixlog 21:53:12 ====

#14
emeraldnzl

Posted 06 April 2015 - 03:07 PM

GeekU Instructor

GeekU Moderator
20,051 posts

You could try uninstalling Comodo (you can always reinstall it later) reboot and see whether that makes any change. It might be blocking something for example.

Other than that I can't think of anything in the malware field that is causing your machines problems and suggest you open a topic in the Windows 7 OS forum here.

Explain the problem and tell them you have been here first.

Other than that we have a couple of last steps to perform and then you're all set.

To clear away the tools we have been using download Delfix from here. You will be taken to the download page. Just wait and shortly the download will appear.

Put a check (tick) in the following boxes:

Remove disinfection tools
Reset System Settings

Then click Run

The tool will run for a short time. When completed a notepad window will open with a log. Please copy and paste the log back here.

Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

So many of us use Facebook nowadays. Go here for a guide to Facebook security.

-----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicious programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

Download Java for Windows

Reboot your computer.
You also need to unininstall older versions of Java.
Click Start > Control Panel > Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

For some common sense advice about protecting your computer read URL=http://www.microsoft...ect-pc.aspx]Howto boost your malware defense and protect your PC[/URL]

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

#15
fireberd

Posted 07 April 2015 - 02:55 PM

Member

Topic Starter
Member
15 posts

# DelFix v10.9 - Logfile created 07/04/2015 at 21:51:34
# Updated 27/02/2015 by Xplode
# Username : user - USER-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.3.0.0.44_03.04.2015_11.04.56_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_03.04.2015_11.11.13_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_03.04.2015_11.14.53_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_04.04.2015_11.19.07_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_04.04.2015_11.24.57_log.txt
Deleted : C:\Users\user\Desktop\Addition.txt
Deleted : C:\Users\user\Desktop\adwcleaner_4.200.exe
Deleted : C:\Users\user\Desktop\ComboFix.exe
Deleted : C:\Users\user\Desktop\Fixlog.txt
Deleted : C:\Users\user\Desktop\FRST.txt
Deleted : C:\Users\user\Desktop\FRST64.exe
Deleted : C:\Users\user\Desktop\FSS.exe
Deleted : C:\Users\user\Desktop\FSS.txt
Deleted : C:\Users\user\Desktop\JRT.exe
Deleted : C:\Users\user\Desktop\JRT.txt
Deleted : C:\Users\user\Desktop\tdsskiller.exe
Deleted : C:\Users\user\Desktop\TFC.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Resetting system settings ... OK

########## - EOF - ##########