Hi!
Thank for your reply. I did everything except the Event Viewer Tool (said it hadn't been coded in my language, Slovak, and that it can't run). Otherwise, I did everything you listed and am attaching the logs below. The computer is running much, much better now, although startup is taking a lot longer - not that I'm complaining, just wanted to bring it up in case it's an issue.
Combofix ran for quite a long time (about 40 minutes), even though the program said 10.
Here are the logs:
Fixlog (from FRST):
Fix result of Farbar Recovery Scan Tool (x86) Version:19-05-2016
Ran by Stevo (2016-05-20 18:29:19) Run:1
Running from C:\Users\Stevo.Agnes\Downloads
Loaded Profiles: Stevo (Available Profiles: Stevo & Stevo.old)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-08-04]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2012-06-01]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\..\Interfaces\{3285DDC1-13E3-4070-90A8-7D76060AA417}: [DhcpNameServer] 192.108.131.11 194.160.44.11
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
FF DefaultSearchEngine,S: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-26] (Oracle Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)FF Plugin HKU\S-1-5-21-3227243064-1642654041-612091633-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2008-11-11] (BitComet)
FF SearchPlugin: C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\searchplugins\WebSearch.xml [2013-06-30]
FF Extension: SSEyaarch-NNewTaab - C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] [2016-05-06] [not signed]
FF Extension: Browyse2Saave - C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] [2016-05-06] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-31] [not signed]
CHR Plugin: (Shockwave Flash) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (BitCometAgent) - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet)
CHR Plugin: (Java Deployment Toolkit 7.0.0.147) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-05-06]
CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-07-07]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Stevo\AppData\Local\Temp\ccex.crx <not found>
U3 ag2yi2p2; C:\Windows\system32\Drivers\ag2yi2p2.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
U3 anew86sb; C:\Windows\system32\Drivers\anew86sb.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MADFUFTU; system32\DRIVERS\MAudioFastTrackUltra_DFU.sys [X]
S3 MAUSBFASTTRACKULTRA; system32\DRIVERS\MAudioFastTrackUltra.sys [X]
S3 MAUSBMOBILEPRE; system32\DRIVERS\MAudioMobilePre.sys [X]
S3 MAUSBRI; system32\DRIVERS\mausbftu.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Stevo.old\AppData\Local\Temp\install_flashplayer10_mssd_aih.exe
C:\Users\Stevo.old\AppData\Local\Temp\ose00000.exe
C:\Users\Stevo.old\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Stevo.old\AppData\Local\Temp\utt59B3.tmp.exe
C:\Users\Stevo.old\AppData\Local\Temp\uttF23A.tmp.exe
C:\Users\Stevo.old\AppData\Local\Temp\_isE095.exe
C:\Windows\System32\nsprs.dll
C:\Windows\System32\serauth1.dll
C:\Windows\System32\serauth2.dll
Task: {1A259437-183F-49DE-AFBB-2221A41D9596} - System32\Tasks\schedule!1143840799 => C:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe <==== ATTENTION
Task: {BDB75099-86A8-4E8A-A972-972E8C012163} - System32\Tasks\{79EA071B-1428-4609-BBB2-37F9523B154B} => pcalua.exe -a F:\setup\rsrc\Autorun.exe -d F:\
HKLM\...\regfile\shell\open\command: "regedit.exe" "%1" <===== ATTENTION
HOSTS:
CMD: netsh winsock reset
*****************
"HKU\S-1-5-21-3227243064-1642654041-612091633-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key removed successfully.
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk => not found.
C:\Program Files\Dell\DellDock\DellDock.exe => not found.
C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk => not found.
C:\Program Files\Dell\DellDock\DellDock.exe => not found.
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3285DDC1-13E3-4070-90A8-7D76060AA417}\\DhcpNameServer => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => value removed successfully.
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => key not found.
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} => value not found.
HKCR\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03} => key not found.
FF DefaultSearchEngine,S: WebSearch => not found
FF SearchEngineOrder.1: WebSearch => not found
FF SearchEngineOrder.1,S: WebSearch => not found
FF SelectedSearchEngine,S: WebSearch => not found
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2" => key removed successfully.
C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2" => key removed successfully.
C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => moved successfully
HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)FF Plugin HKU\S-1-5-21-3227243064-1642654041-612091633-1000: pandonetworks.com/PandoWebPlugin => key not found.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => moved successfully
HKU\FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)S-1-5-21-3227243064-1642654041-612091633-1000\Software\MozillaPlugins\FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)pandonetworks.com/PandoWebPlugin => key not found.
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-03] (Pando Networks)C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => not found.
C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll => moved successfully
"C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\searchplugins\WebSearch.xml" => not found.
C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] => moved successfully
C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] => moved successfully
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => moved successfully
C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll => not found.
C:\Program Files\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\46.0.2490.86\pdf.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => not found.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll => not found.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found.
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully
C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => key removed successfully.
ag2yi2p2 => service not found.
anew86sb => service not found.
BCM42RLY => service removed successfully.
IpInIp => service removed successfully.
MADFUFTU => service removed successfully.
MAUSBFASTTRACKULTRA => service removed successfully.
MAUSBMOBILEPRE => service removed successfully.
MAUSBRI => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
C:\Users\Stevo.old\AppData\Local\Temp\install_flashplayer10_mssd_aih.exe => moved successfully
C:\Users\Stevo.old\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Stevo.old\AppData\Local\Temp\SkypeSetup.exe => moved successfully
"C:\Users\Stevo.old\AppData\Local\Temp\utt59B3.tmp.exe" => not found.
"C:\Users\Stevo.old\AppData\Local\Temp\uttF23A.tmp.exe" => not found.
C:\Users\Stevo.old\AppData\Local\Temp\_isE095.exe => moved successfully
C:\Windows\System32\nsprs.dll => moved successfully
C:\Windows\System32\serauth1.dll => moved successfully
C:\Windows\System32\serauth2.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A259437-183F-49DE-AFBB-2221A41D9596}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A259437-183F-49DE-AFBB-2221A41D9596}" => key removed successfully.
C:\Windows\System32\Tasks\schedule!1143840799 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\schedule!1143840799 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDB75099-86A8-4E8A-A972-972E8C012163}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDB75099-86A8-4E8A-A972-972E8C012163}" => key removed successfully.
C:\Windows\System32\Tasks\{79EA071B-1428-4609-BBB2-37F9523B154B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{79EA071B-1428-4609-BBB2-37F9523B154B}" => key removed successfully.
HKLM\Software\Classes\regfile\shell\open\command\\Default => value restored successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= netsh winsock reset =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
==== End of Fixlog 18:30:23 ====
ComboFix 16-05-18.01 - Stevo 05/20/2016 18:45:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1033.18.3573.1646 [GMT 2:00]
Running from: c:\users\Stevo.Agnes\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pst
c:\program files\pst\E-Prime 2.0\Documentation\GettingStartedGuide.pdf
c:\program files\pst\E-Prime 2.0\Documentation\NewFeaturesGuide.pdf
c:\program files\pst\E-Prime 2.0\Documentation\readme.txt
c:\program files\pst\E-Prime 2.0\Documentation\ReferenceGuide.pdf
c:\program files\pst\E-Prime 2.0\Documentation\UsersGuide.pdf
c:\program files\pst\E-Prime 2.0\mfc71.dll
c:\program files\pst\E-Prime 2.0\mfc71u.dll
c:\program files\pst\E-Prime 2.0\Program\ActivateBetaWizard.exe
c:\program files\pst\E-Prime 2.0\Program\ActivateBetaWizard.XmlSerializers.dll
c:\program files\pst\E-Prime 2.0\Program\ClockExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\Components\DeviceHelpers.dll
c:\program files\pst\E-Prime 2.0\Program\Components\E-ObjectLogging.dll
c:\program files\pst\E-Prime 2.0\Program\Components\E-StudioHelpers.dll
c:\program files\pst\E-Prime 2.0\Program\Components\E-Upgrade.dll
c:\program files\pst\E-Prime 2.0\Program\Components\PSTControls.ocx
c:\program files\pst\E-Prime 2.0\Program\CoreExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\Devices\DisplayDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\JoystickDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\KeyboardDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\MouseDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\ParallelPortDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\PortDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\SerialDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\SocketDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\SoundCaptureDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\SoundDevice.dll
c:\program files\pst\E-Prime 2.0\Program\Devices\SRBoxDevice.dll
c:\program files\pst\E-Prime 2.0\Program\DisplayExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\E-Basic.chm
c:\program files\pst\E-Prime 2.0\Program\E-DataAid.chm
c:\program files\pst\E-Prime 2.0\Program\E-DataAid.exe
c:\program files\pst\E-Prime 2.0\Program\E-DataAidCSH.chm
c:\program files\pst\E-Prime 2.0\Program\E-Merge.chm
c:\program files\pst\E-Prime 2.0\Program\E-Merge.exe
c:\program files\pst\E-Prime 2.0\Program\E-Objects\ImageDisplay.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\InLine.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\Label.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\List.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\MovieDisplay.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\PackageCall.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\Procedure.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\Slide.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\SoundIn.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\SoundOut.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\TextDisplay.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Objects\Wait.ocx
c:\program files\pst\E-Prime 2.0\Program\E-Recovery.chm
c:\program files\pst\E-Prime 2.0\Program\E-Recovery.exe
c:\program files\pst\E-Prime 2.0\Program\E-Run.exe
c:\program files\pst\E-Prime 2.0\Program\E-Runtime.dll
c:\program files\pst\E-Prime 2.0\Program\E-Studio.chm
c:\program files\pst\E-Prime 2.0\Program\E-Studio.exe
c:\program files\pst\E-Prime 2.0\Program\EBasicScriptLib.dll
c:\program files\pst\E-Prime 2.0\Program\EDataAidAnalysisMacros.xla
c:\program files\pst\E-Prime 2.0\Program\FactorExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\FactorTableWizard.xls
c:\program files\pst\E-Prime 2.0\Program\hasp_net_windows.dll
c:\program files\pst\E-Prime 2.0\Program\hasp_net_windows_x64.dll
c:\program files\pst\E-Prime 2.0\Program\hasp_net_windows_x64.dll.manifest
c:\program files\pst\E-Prime 2.0\Program\hasp_windows_50978.dll
c:\program files\pst\E-Prime 2.0\Program\hasp_windows_x64_50978.dll
c:\program files\pst\E-Prime 2.0\Program\ICSharpCode.SharpZipLib.dll
c:\program files\pst\E-Prime 2.0\Program\Interop.MSXML.dll
c:\program files\pst\E-Prime 2.0\Program\JoystickExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\KeyboardExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\keywords.ini
c:\program files\pst\E-Prime 2.0\Program\LicenseManager.exe
c:\program files\pst\E-Prime 2.0\Program\MouseExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\ParallelPortExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\PortExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\Pst.Common.dll
c:\program files\pst\E-Prime 2.0\Program\Pst.EPrime.ActivateBeta.dll
c:\program files\pst\E-Prime 2.0\Program\Pst.EPrime.Common.MachineInfo.Interop.dll
c:\program files\pst\E-Prime 2.0\Program\Pst.EPrime.EStudio.Packages.dll
c:\program files\pst\E-Prime 2.0\Program\Pst.Gui.dll
c:\program files\pst\E-Prime 2.0\Program\PSTNCM22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNCX22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNDC22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNDD22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNDG22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNOL22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNPB22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNRN22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNTL22.DLL
c:\program files\pst\E-Prime 2.0\Program\PSTNUASM.DLL
c:\program files\pst\E-Prime 2.0\Program\RuntimeAudio.dll
c:\program files\pst\E-Prime 2.0\Program\SerialExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\SharpZipLib.dll
c:\program files\pst\E-Prime 2.0\Program\SocketExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\SoundExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\SRBoxExtension.ebn
c:\program files\pst\E-Prime 2.0\Program\vc6-re200l.dll
c:\program files\pst\E-Prime 2.0\Program\WebRequest.dll
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\BasicRT\BasicRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\Box.mpg
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\Cylinder.mpg
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\Face.mpg
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\MovieRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\Perception.mpg
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\NestingRT\NestingRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\NestingXRT\NestingXRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\PictureRT\BlueCar.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\PictureRT\PictureRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\PictureRT\RedCar.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\down.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\left.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\right.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\SlideRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\up.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SoundRT\APPLEF.WAV
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SoundRT\CANARYF.WAV
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Samples\SoundRT\SoundRT.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Bob.WAV
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\CANARYF.WAV
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\cigars.MPG
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\cigars.wav
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\MovieTutorial.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\PictureTutorial.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\ScriptTutorial.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\SoundTutorial.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-1-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-2-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-3-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-4-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-5-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-1-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-2-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-3-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-4-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-5-1.edat2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\E-BasicExample.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\E-BasicSoundExample.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Female.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Female.jpg
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\flowers.MPG
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\flowers.wav
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\laundry.MPG
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\laundry.wav
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Linda.WAV
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Male.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Male.jpg
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\RedCar.bmp
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\sports.MPG
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\sports.wav
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Tones.wav
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage2-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage3-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage3-MethodA-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage3-MethodB-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage3-MethodC-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage4-ChangeTrialProc-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage4-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage4-NestedBlockList-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage5-LexicalDecision001.es2
c:\program files\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage6-LexicalDecision001.es2
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\program files\SiL
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Recent\SVP-Grammar 2.roc. beginners.docx
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\AdobePDF.dll
.
.
((((((((((((((((((((((((( Files Created from 2016-04-20 to 2016-05-20 )))))))))))))))))))))))))))))))
.
.
2016-05-20 17:16 . 2016-05-20 17:16 -------- d-----w- c:\users\Stevo.old_\AppData\Local\temp
2016-05-20 17:16 . 2016-05-20 17:16 -------- d-----w- c:\users\Stevo.old\AppData\Local\temp
2016-05-20 17:15 . 2016-05-20 17:24 -------- d-----w- c:\users\Stevo.Agnes\AppData\Local\temp
2016-05-20 17:15 . 2016-05-20 17:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-09 08:47 . 2016-05-20 17:22 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-09 08:45 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-09 08:45 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-09 08:45 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-09 08:45 . 2016-05-09 08:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-05-09 07:55 . 2016-05-09 07:55 -------- d-----w- c:\users\Stevo.Agnes\AppData\Roaming\ProductData
2016-05-09 07:55 . 2016-05-09 07:55 -------- d-----w- c:\programdata\ProductData
2016-05-09 07:55 . 2016-05-09 07:55 -------- d-----w- c:\programdata\IObit
2016-05-09 07:54 . 2016-05-09 07:56 -------- d-----w- c:\users\Stevo.Agnes\AppData\Roaming\IObit
2016-05-09 07:54 . 2016-05-09 07:55 -------- d-----w- c:\program files\IObit
2016-05-08 12:07 . 2016-05-08 12:07 -------- d-----w- c:\windows\system32\Lang
2016-05-08 12:07 . 2008-01-29 07:46 920088 ----a-w- c:\windows\system32\igxpun.exe
2016-05-08 12:07 . 2006-11-10 14:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2016-05-08 12:05 . 2008-01-29 07:47 170520 ----a-w- c:\windows\system32\igfxzoom.exe
2016-05-08 12:05 . 2008-01-29 07:47 141848 ----a-w- c:\windows\system32\igfxtray.exe
2016-05-08 12:05 . 2008-01-29 07:47 170520 ----a-w- c:\windows\system32\igfxext.exe
2016-05-08 12:05 . 2008-01-29 07:47 530968 ----a-w- c:\windows\system32\igfxcfg.exe
2016-05-07 04:48 . 2016-05-20 16:30 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-08 08:06 . 2012-08-12 12:45 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-05-08 08:06 . 2011-08-18 16:50 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-04-21 13:05 . 2010-09-16 06:22 374944 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-12-23 14:27 759072 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Simple Sticky Notes"="c:\program files\Simnet\Simple Sticky Notes\ssn.exe" [2013-05-25 552096]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-29 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-29 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-29 133656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-04 15:37 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKLM\~\startupfolder\C:^Users^Stevo.Agnes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-03-29 21:14 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 12:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2012-10-23 08:25 3108480 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopReminder2ByPolenter]
2013-01-06 09:26 2743344 ----a-w- c:\program files\Desktop-Reminder 2\DesktopReminder2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 09:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 11:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-04-17 03:50 49168 ----a-w- c:\program files\Fingerprint Reader Suite\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE
.
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-07 04:24 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 08:06]
.
2016-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 18:18]
.
2016-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 18:18]
.
.
------- Supplementary Scan -------
.
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
AddRemove-{0E931A51-A183-4E66-8562-D82896E74C67} - c:\progra~2\INSTAL~1\{0E931~1\Setup.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
AddRemove-{8B603F5E-8498-89E4-30CE-185D0B3B9EDE} - c:\progra~2\INSTAL~1\{F4F95~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-05-20 19:24
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
- - - - - - - > 'Explorer.exe'(2864)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\conime.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2016-05-20 19:36:20 - machine was rebooted
ComboFix-quarantined-files.txt 2016-05-20 17:36
.
Pre-Run: 3,703,455,744 bytes free
Post-Run: 3,905,589,248 bytes free
.
- - End Of File - - 5586D8E6E7C545614DADAC1130B6260E
5C616939100B85E558DA92B899A0FC36
19:45:31.0439 0x0228 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
19:45:34.0984 0x0228 ============================================================
19:45:34.0984 0x0228 Current date / time: 2016/05/20 19:45:34.0984
19:45:34.0985 0x0228 SystemInfo:
19:45:34.0985 0x0228
19:45:34.0985 0x0228 OS Version: 6.0.6001 ServicePack: 1.0
19:45:34.0985 0x0228 Product type: Workstation
19:45:34.0985 0x0228 ComputerName: AGNES
19:45:34.0989 0x0228 UserName: Stevo
19:45:34.0989 0x0228 Windows directory: C:\Windows
19:45:34.0989 0x0228 System windows directory: C:\Windows
19:45:34.0989 0x0228 Processor architecture: Intel x86
19:45:34.0990 0x0228 Number of processors: 2
19:45:34.0990 0x0228 Page size: 0x1000
19:45:34.0990 0x0228 Boot type: Normal boot
19:45:34.0990 0x0228 ============================================================
19:45:38.0083 0x0228 KLMD registered as C:\Windows\system32\drivers\83404971.sys
19:45:39.0009 0x0228 System UUID: {FD7E16C1-57F5-6F48-7C0B-2A4A5B6065AF}
19:45:42.0428 0x0228 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:45:42.0446 0x0228 ============================================================
19:45:42.0446 0x0228 \Device\Harddisk0\DR0:
19:45:42.0446 0x0228 MBR partitions:
19:45:42.0447 0x0228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
19:45:42.0447 0x0228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x23AFE7F8
19:45:42.0470 0x0228 ============================================================
19:45:42.0517 0x0228 C: <-> \Device\Harddisk0\DR0\Partition2
19:45:42.0550 0x0228 D: <-> \Device\Harddisk0\DR0\Partition1
19:45:42.0552 0x0228 ============================================================
19:45:42.0552 0x0228 Initialize success
19:45:42.0552 0x0228 ============================================================
19:46:18.0910 0x0e5c ============================================================
19:46:18.0911 0x0e5c Scan started
19:46:18.0911 0x0e5c Mode: Manual; SigCheck; TDLFS;
19:46:18.0911 0x0e5c ============================================================
19:46:18.0911 0x0e5c KSN ping started
19:46:23.0389 0x0e5c KSN ping finished: true
19:46:25.0082 0x0e5c ================ Scan system memory ========================
19:46:25.0082 0x0e5c System memory - ok
19:46:25.0083 0x0e5c ================ Scan services =============================
19:46:25.0357 0x0e5c [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
19:46:26.0017 0x0e5c ABBYY.Licensing.FineReader.Sprint.9.0 - ok
19:46:26.0264 0x0e5c [ FCB8C7210F0135E24C6580F7F649C73C, 7E5E3D0B4F4BD418E6CC551850C672E1AF347CBB2E665B6F72638786CE5079C5 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:46:26.0345 0x0e5c ACPI - ok
19:46:26.0489 0x0e5c [ 28FFB14117CCEDD7D2F124596AA9B785, 8FC482C6444C904B5536979B3354597FD714634EC7372B464118C42AA9DCB58A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:46:26.0579 0x0e5c AdobeFlashPlayerUpdateSvc - ok
19:46:26.0669 0x0e5c [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:46:26.0762 0x0e5c adp94xx - ok
19:46:26.0837 0x0e5c [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:46:26.0952 0x0e5c adpahci - ok
19:46:27.0001 0x0e5c [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:46:27.0055 0x0e5c adpu160m - ok
19:46:27.0096 0x0e5c [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:46:27.0146 0x0e5c adpu320 - ok
19:46:27.0206 0x0e5c [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:46:27.0303 0x0e5c AeLookupSvc - ok
19:46:27.0383 0x0e5c [ EF1142512BEC12F1C2C87735DA1755BE, 236EFD8FBA717123E0CF5A136ACEBB80A2BE1FA4B1A9A2C74728BC4EB4E787D8 ] AESTFilters C:\Windows\system32\aestsrv.exe
19:46:27.0450 0x0e5c AESTFilters - ok
19:46:27.0547 0x0e5c [ 48EB99503533C27AC6135648E5474457, 344A83008F41AAC3CDFC52EFC4F2EFF441971C58182597D2FBED315B3FC62137 ] AFD C:\Windows\system32\drivers\afd.sys
19:46:27.0659 0x0e5c AFD - ok
19:46:27.0712 0x0e5c [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:46:27.0752 0x0e5c agp440 - ok
19:46:27.0808 0x0e5c [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:46:27.0867 0x0e5c aic78xx - ok
19:46:27.0994 0x0e5c [ CB5A5079744A0535416D3A5E462C5EFE, D2FDB93619CEC4F66A799F16B2EC5CB7D7833F8F69554F7FE44DF7A5DC617391 ] aksfridge C:\Windows\system32\DRIVERS\aksfridge.sys
19:46:28.0117 0x0e5c aksfridge - ok
19:46:28.0222 0x0e5c [ 1A27F5555448CC2D29D281B11F39177E, F1CA4D82440C26270C42F7626B82D3B4DEC9D6BB07719F938A42627D24109003 ] akshasp C:\Windows\system32\DRIVERS\akshasp.sys
19:46:28.0326 0x0e5c akshasp - ok
19:46:28.0368 0x0e5c [ 147B61B81BE1FFC38939EA47E5CFB51F, C464F31D3F884541F872D425A59F0C2AAB3F6B617F81E47C67D65A776084C57D ] akshhl C:\Windows\system32\DRIVERS\akshhl.sys
19:46:28.0462 0x0e5c akshhl - ok
19:46:28.0516 0x0e5c [ B4AD9F5D78F27E0C6994E0CB05C60E21, 31331A13DEF9ABF2488B683D4189CBB69992778DC8A19A3717BA45B85E5EDD0F ] aksusb C:\Windows\system32\DRIVERS\aksusb.sys
19:46:28.0585 0x0e5c aksusb - ok
19:46:28.0643 0x0e5c [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
19:46:28.0763 0x0e5c ALG - ok
19:46:28.0811 0x0e5c [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
19:46:28.0852 0x0e5c aliide - ok
19:46:28.0919 0x0e5c [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:46:28.0961 0x0e5c amdagp - ok
19:46:28.0988 0x0e5c [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
19:46:29.0025 0x0e5c amdide - ok
19:46:29.0054 0x0e5c [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:46:29.0173 0x0e5c AmdK7 - ok
19:46:29.0215 0x0e5c [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:46:29.0339 0x0e5c AmdK8 - ok
19:46:29.0400 0x0e5c [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
19:46:29.0485 0x0e5c Appinfo - ok
19:46:29.0634 0x0e5c [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:46:29.0679 0x0e5c Apple Mobile Device - ok
19:46:29.0727 0x0e5c [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
19:46:29.0770 0x0e5c arc - ok
19:46:29.0819 0x0e5c [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:46:29.0869 0x0e5c arcsas - ok
19:46:30.0028 0x0e5c [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:46:30.0070 0x0e5c aspnet_state - ok
19:46:30.0132 0x0e5c [ DE6ED95AEF259979B2830450072A627B, 28B02E088F408A1A2E90A48797E75EE8DC0A10F334CC943EEA3BA951C2F61EB3 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:46:30.0250 0x0e5c aswFsBlk - ok
19:46:30.0328 0x0e5c [ 62F9DCEC95F91B8E0203E85D344A7E65, 8B30F6469C9448A4F9C6E934DA90588A978D9551667B73852D20FF9C2FC6B5DF ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:46:30.0362 0x0e5c aswMonFlt - ok
19:46:30.0386 0x0e5c [ 7C9F0A2AB17D52261A9252A2EB320884, AB9362167A2FEB43265DC163419BECB128540EDFC56966BBDE2DEFF05EE58D9F ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
19:46:30.0419 0x0e5c aswRdr - ok
19:46:30.0572 0x0e5c [ B32E9AD44A1DBB3E8095E80F8DF32B03, 6AD8BE2ABBEC680E5133B0D02DC5B1A58B82288AF13A1CD61EDDD24B3341F57D ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:46:30.0788 0x0e5c aswSnx - ok
19:46:30.0878 0x0e5c [ 67B558895695545FB0568B7541F3BCA7, 8C2A478B750C9268E203F9F86557F97AA3C3B4BB635966ECDA1249EC6D280E89 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:46:30.0960 0x0e5c aswSP - ok
19:46:31.0016 0x0e5c [ E3E73B2B73A4DFADFDDF557192C4B08A, 7D41C9BCB6B0DB4188347D92191B19196613EEAA88F9C3B7E78CFFDE41C357DC ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:46:31.0049 0x0e5c aswTdi - ok
19:46:31.0106 0x0e5c [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:46:31.0220 0x0e5c AsyncMac - ok
19:46:31.0264 0x0e5c [ 2D9C903DC76A66813D350A562DE40ED9, 82609F01A08C6842E4C17C077BB641C1429C0E6657964B7F2D114035E1BDCBF3 ] atapi C:\Windows\system32\drivers\atapi.sys
19:46:31.0302 0x0e5c atapi - ok
19:46:31.0369 0x0e5c [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:46:31.0495 0x0e5c AudioEndpointBuilder - ok
19:46:31.0536 0x0e5c [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:46:31.0665 0x0e5c Audiosrv - ok
19:46:31.0770 0x0e5c [ 8FA553E9AE69808D99C164733A0F9590, D3F5BA7000EF311A0E4772B5BF9B0BFFCA721FA971D87DD76B7E8B9B06E9BBC3 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:46:31.0803 0x0e5c avast! Antivirus - ok
19:46:31.0892 0x0e5c [ 32795E299C3ABA589A5E04C83D531CDF, A020CB946D1AA4C7829CEB591B6B869CBA0A881B4F3C0FF6FAC20F7686C211DD ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:46:32.0002 0x0e5c b57nd60x - ok
19:46:32.0054 0x0e5c BCM42RLY - ok
19:46:32.0192 0x0e5c [ CDF7F28FFD693B1B4137845DD1EF1CCC, 5EAEC23CEEFF69DE116C4435D6AD637BD87E20BE82B6299560F2ED3A7EAD678D ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
19:46:32.0361 0x0e5c BCM43XX - ok
19:46:32.0422 0x0e5c [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
19:46:32.0512 0x0e5c Beep - ok
19:46:32.0630 0x0e5c [ 02ED7B4DBC2A3232A389106DA7515C3D, 0DFCD03CB967D1A980D56124603F353DC1D800E3A5E436EEE95C65FDE17398CF ] BITS C:\Windows\system32\qmgr.dll
19:46:32.0824 0x0e5c BITS - ok
19:46:32.0863 0x0e5c [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:46:32.0978 0x0e5c blbdrive - ok
19:46:33.0107 0x0e5c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:46:33.0172 0x0e5c Bonjour Service - ok
19:46:33.0257 0x0e5c [ 8153396D5551276227FA146900F734E6, 0AE06774162D542D9E95246B7112A40D7C463EF331B4F56C9CF8AD99A0341E38 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:46:33.0355 0x0e5c bowser - ok
19:46:33.0419 0x0e5c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:46:33.0509 0x0e5c BrFiltLo - ok
19:46:33.0545 0x0e5c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:46:33.0645 0x0e5c BrFiltUp - ok
19:46:33.0700 0x0e5c [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
19:46:33.0827 0x0e5c Browser - ok
19:46:33.0871 0x0e5c [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:46:34.0065 0x0e5c Brserid - ok
19:46:34.0099 0x0e5c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:46:34.0287 0x0e5c BrSerWdm - ok
19:46:34.0320 0x0e5c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:46:34.0500 0x0e5c BrUsbMdm - ok
19:46:34.0541 0x0e5c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:46:34.0725 0x0e5c BrUsbSer - ok
19:46:34.0763 0x0e5c [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:46:34.0943 0x0e5c BTHMODEM - ok
19:46:34.0998 0x0e5c catchme - ok
19:46:35.0048 0x0e5c [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:46:35.0174 0x0e5c cdfs - ok
19:46:35.0213 0x0e5c [ 1EC25CEA0DE6AC4718BF89F9E1778B57, 019E12C30E7A395259F3906EC55AFF86949CFDBB443060208C8B91B9EB7F9FB7 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:46:35.0312 0x0e5c cdrom - ok
19:46:35.0375 0x0e5c [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] CertPropSvc C:\Windows\System32\certprop.dll
19:46:35.0493 0x0e5c CertPropSvc - ok
19:46:35.0524 0x0e5c [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
19:46:35.0634 0x0e5c circlass - ok
19:46:35.0690 0x0e5c [ 465745561C832B29F7C48B488AAB3842, B631C61FBF6E2641FED7C4CFC1B179D19143B04CF76DCF48A9C7582E756FFD8C ] CLFS C:\Windows\system32\CLFS.sys
19:46:35.0749 0x0e5c CLFS - ok
19:46:35.0842 0x0e5c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:35.0889 0x0e5c clr_optimization_v2.0.50727_32 - ok
19:46:36.0007 0x0e5c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:46:36.0054 0x0e5c clr_optimization_v4.0.30319_32 - ok
19:46:36.0121 0x0e5c [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:46:36.0257 0x0e5c CmBatt - ok
19:46:36.0309 0x0e5c [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:46:36.0350 0x0e5c cmdide - ok
19:46:36.0378 0x0e5c [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:46:36.0421 0x0e5c Compbatt - ok
19:46:36.0442 0x0e5c COMSysApp - ok
19:46:36.0490 0x0e5c [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:46:36.0548 0x0e5c crcdisk - ok
19:46:36.0580 0x0e5c [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:46:36.0706 0x0e5c Crusoe - ok
19:46:36.0783 0x0e5c [ 6DE363F9F99334514C46AEC02D3E3678, FF403B8A4D7D6B3D2F23E2711D1353CFB0C748AD7D7927CF5DFBD99CD169D826 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:46:36.0898 0x0e5c CryptSvc - ok
19:46:37.0023 0x0e5c [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:46:37.0215 0x0e5c DcomLaunch - ok
19:46:37.0284 0x0e5c [ A3E9FA213F443AC77C7746119D13FEEC, 479B349BFC811D20572C09C4A2228C3880F8F3B4B4BA5F4E56600C7EF583DE7B ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:46:37.0366 0x0e5c DfsC - ok
19:46:37.0623 0x0e5c [ FA3463F25F9CC9C3BCF1E7912FEFF099, 8CFA0F1DFD975ED877B303EB55BE52B0B1EC2B20FEC36820121A0F5E046E0032 ] DFSR C:\Windows\system32\DFSR.exe
19:46:38.0040 0x0e5c DFSR - ok
19:46:38.0124 0x0e5c [ 43A988A9C10333476CB5FB667CBD629D, 7E0DD57E75A50E3671673876631A1E66A4AC16810418BEC1AC2143DFD331F389 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:46:38.0285 0x0e5c Dhcp - ok
19:46:38.0331 0x0e5c [ 64109E623ABD6955C8FB110B592E68B7, 964F456EF44F9AE836B8CAB438FEB18303B2548A2B7D85FEBD72F4F80127B0EE ] disk C:\Windows\system32\drivers\disk.sys
19:46:38.0374 0x0e5c disk - ok
19:46:38.0455 0x0e5c [ 4805D9A6D281C7A7DEFD9094DEC6AF7D, 473A5F1C4E795BD6B6DDB32ECB04BA8BF238AA5FBC67FC5D8D8F749464ED0AE9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:46:38.0567 0x0e5c Dnscache - ok
19:46:38.0621 0x0e5c [ 5AF620A08C614E24206B79E8153CF1A8, 5BB32FF3C9A5C51C2773F0ECF9647749667F4678EF3C75FEB4420EC6C805913E ] dot3svc C:\Windows\System32\dot3svc.dll
19:46:38.0822 0x0e5c dot3svc - ok
19:46:38.0866 0x0e5c [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
19:46:38.0978 0x0e5c DPS - ok
19:46:39.0052 0x0e5c [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:46:39.0161 0x0e5c drmkaud - ok
19:46:39.0319 0x0e5c [ 85F33880B8CFB554BD3D9CCDB486845A, 2D120F94800AEB886D4BA2A45FE2454EBB1FAC3E57BDE552737EBDE7EF8899CF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:46:39.0535 0x0e5c DXGKrnl - detected UnsignedFile.Multi.Generic ( 1 )
19:46:43.0978 0x0e5c Detect skipped due to KSN trusted
19:46:43.0979 0x0e5c DXGKrnl - ok
19:46:44.0085 0x0e5c [ 908ED85B7806E8AF3AF5E9B74F7809D4, 9A763D247035578A946094D2C1CE8204E6EDFFD7237C7BF2058B5F4ECC0306E0 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
19:46:44.0229 0x0e5c e1express - ok
19:46:44.0270 0x0e5c [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:46:44.0420 0x0e5c E1G60 - ok
19:46:44.0493 0x0e5c [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
19:46:44.0607 0x0e5c EapHost - ok
19:46:44.0680 0x0e5c [ DD2CD259D83D8B72C02C5F2331FF9D68, 07E758A414442FEAFE55FB28842D960971553DB16C31D5791FDD0843CBF5E2B4 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:46:44.0748 0x0e5c Ecache - ok
19:46:44.0842 0x0e5c [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:46:44.0963 0x0e5c ehRecvr - ok
19:46:44.0999 0x0e5c [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
19:46:45.0109 0x0e5c ehSched - ok
19:46:45.0164 0x0e5c [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
19:46:45.0248 0x0e5c ehstart - ok
19:46:45.0334 0x0e5c [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:46:45.0406 0x0e5c elxstor - ok
19:46:45.0465 0x0e5c [ 2D77C535D32688D5FD6CD05C04E27948, 863D126384A36FDA48B73FA3E27E14B0B03C0BFFBD29F270DCA3CD92845DE8CE ] emaudsv C:\Windows\system32\emaudsv.exe
19:46:45.0510 0x0e5c emaudsv - ok
19:46:45.0638 0x0e5c [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C, 80385AC32CE8388F06341AA4A880F68E0EB5815CCCA5CF8E799846F472DCE360 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:46:45.0796 0x0e5c EMDMgmt - ok
19:46:45.0890 0x0e5c [ 0407B78FAAA9437FFCCD6C393D483309, 6E1DB1A229080B74FA23152D63739D1BB4B38E0EB1ACB1088659C712AFF0258C ] emusba10 C:\Windows\system32\DRIVERS\emusba10.sys
19:46:45.0940 0x0e5c emusba10 - ok
19:46:46.0068 0x0e5c [ B92F2B3247F0A99490C1298A1D3D7B4C, ABEF71FE2B6EE12F67F1D29D7977D779BED178B292D57B6850488095CFCBCF33 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
19:46:46.0162 0x0e5c EPSON_EB_RPCV4_04 - ok
19:46:46.0226 0x0e5c [ 651336B99C75FB54E4B5971CF458F9BD, EAE41E576B4C30989B3705C81ECDC0B164216D177C26D4C69EEB67CC153F3D5D ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
19:46:46.0315 0x0e5c EPSON_PM_RPCV4_04 - ok
19:46:46.0374 0x0e5c [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:46:46.0541 0x0e5c ErrDev - ok
19:46:46.0643 0x0e5c [ 3CB3343D720168B575133A0A20DC2465, B356938AC3D9CE833A2C0EBFAA548CDB6B68BEDDB2CCA80222E508BD978FB26B ] EventSystem C:\Windows\system32\es.dll
19:46:46.0776 0x0e5c EventSystem - ok
19:46:46.0846 0x0e5c [ 0D858EB20589A34EFB25695ACAA6AA2D, E5C891D8971173D78194176CB38C0D62C1245C71E04DD94EC742A69C2925F843 ] exfat C:\Windows\system32\drivers\exfat.sys
19:46:46.0966 0x0e5c exfat - ok
19:46:47.0095 0x0e5c [ 3C489390C2E2064563727752AF8EAB9E, BF528F6D4718AC160C103FD89496C6B7BABED7A17A6BD4222D684AF22FE21A49 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:46:47.0243 0x0e5c fastfat - ok
19:46:47.0289 0x0e5c [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:46:47.0428 0x0e5c fdc - ok
19:46:47.0469 0x0e5c [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
19:46:47.0581 0x0e5c fdPHost - ok
19:46:47.0605 0x0e5c [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
19:46:47.0838 0x0e5c FDResPub - ok
19:46:47.0895 0x0e5c [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:46:47.0941 0x0e5c FileInfo - ok
19:46:48.0008 0x0e5c [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:46:48.0130 0x0e5c Filetrace - ok
19:46:48.0301 0x0e5c [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:46:48.0431 0x0e5c FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
19:46:52.0918 0x0e5c Detect skipped due to KSN trusted
19:46:52.0919 0x0e5c FLEXnet Licensing Service - ok
19:46:52.0986 0x0e5c [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:46:53.0115 0x0e5c flpydisk - ok
19:46:53.0175 0x0e5c [ 05EA53AFE985443011E36DAB07343B46, E033C1C218E9B0D22B63E1B927D7BBE331B59814F26952B68BEDC914EF881E55 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:46:53.0239 0x0e5c FltMgr - ok
19:46:53.0333 0x0e5c [ C9BE08664611DDAF98E2331E9288B00B, C645DDAB5FD588486553DF2DD5750AF5A967FEE988F4EB29E05362E3362DF4A2 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:46:53.0371 0x0e5c FontCache3.0.0.0 - ok
19:46:53.0404 0x0e5c [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:46:53.0490 0x0e5c Fs_Rec - ok
19:46:53.0529 0x0e5c [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:46:53.0573 0x0e5c gagp30kx - ok
19:46:53.0627 0x0e5c [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:46:53.0659 0x0e5c GEARAspiWDM - ok
19:46:53.0759 0x0e5c [ D3316F6E3C011435F36E3D6E49B3196C, 941DF52BA26603A146ED6B65A696DB87153868ED0469EF9C2EB09AC7E63525B7 ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
19:46:53.0790 0x0e5c GoToAssist - ok
19:46:53.0904 0x0e5c [ D9F1113D9401185245573350712F92FC, 7D8E96B61D7FC1FCC7D70A19DB725BCEA78FE94F3D7AFBB1202771D530A628B7 ] gpsvc C:\Windows\System32\gpsvc.dll
19:46:54.0138 0x0e5c gpsvc - ok
19:46:54.0331 0x0e5c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:46:54.0377 0x0e5c gupdate - ok
19:46:54.0431 0x0e5c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:46:54.0476 0x0e5c gupdatem - ok
19:46:54.0552 0x0e5c [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:46:54.0604 0x0e5c gusvc - ok
19:46:54.0674 0x0e5c [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:46:54.0707 0x0e5c hamachi - ok
19:46:54.0815 0x0e5c [ 9DE9A7A19195C57EF38B4EE25422F2D7, EE03EA0F1A1B2DBED01567A0B8C9CF5BCE236FB9E09C9337A9E648982AB6A000 ] Hardlock C:\Windows\system32\drivers\hardlock.sys
19:46:54.0936 0x0e5c Hardlock - ok
19:46:54.0980 0x0e5c hasplms - ok
19:46:55.0025 0x0e5c [ C87B1EE051C0464491C1A7B03FA0BC99, 0EF498A7D37A454E8B6DB1BE3C0EADA648B51B34A2BB553171E766463E54EE90 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:46:55.0202 0x0e5c HDAudBus - ok
19:46:55.0292 0x0e5c [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:46:55.0511 0x0e5c HidBth - ok
19:46:55.0555 0x0e5c [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
19:46:55.0749 0x0e5c HidIr - ok
19:46:55.0801 0x0e5c [ 8FA640195279ACE21BEA91396A0054FC, 20541E5FA29B3FBD8824F3DF93C7D63AFEE56948F82FFDE20E9E87F5C0A3A789 ] hidserv C:\Windows\System32\hidserv.dll
19:46:56.0004 0x0e5c hidserv - ok
19:46:56.0031 0x0e5c [ 854CA287AB7FAF949617A788306D967E, 8C0BC3727C07634FAD35C7184C72B6D48D428F35E612257A833F00CACF4AAB5D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:46:56.0158 0x0e5c HidUsb - ok
19:46:56.0259 0x0e5c [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
19:46:56.0392 0x0e5c hkmsvc - ok
19:46:56.0442 0x0e5c [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:46:56.0483 0x0e5c HpCISSs - ok
19:46:56.0553 0x0e5c [ 299683D4C8AAA3F6F5D5D226A1782A6E, A2ECF52DBDC442F3C9514EC80CE614A9D3F45698E5B0992CF009C66B770E9027 ] HPFXBULK C:\Windows\system32\drivers\hpfxbulk.sys
19:46:56.0585 0x0e5c HPFXBULK - ok
19:46:56.0677 0x0e5c [ 96E241624C71211A79C84F50A8E71CAB, EB6E679218B781F67FBFF4EB12DDE44769ACA7EA3F83A4404A073EA89C902C25 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:46:56.0827 0x0e5c HTTP - ok
19:46:56.0864 0x0e5c [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:46:56.0902 0x0e5c i2omp - ok
19:46:56.0947 0x0e5c [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:46:57.0031 0x0e5c i8042prt - ok
19:46:57.0123 0x0e5c [ FD7F9D74C2B35DBDA400804A3F5ED5D8, 93BAEE15428E9B3FF2D5F7EE156697EA8C24E176C3A8E56D1B1AFF4E541867E4 ] iaStor C:\Windows\system32\drivers\iastor.sys
19:46:57.0178 0x0e5c iaStor - ok
19:46:57.0242 0x0e5c [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:46:57.0305 0x0e5c iaStorV - ok
19:46:57.0437 0x0e5c [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:46:57.0465 0x0e5c IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
19:47:01.0898 0x0e5c Detect skipped due to KSN trusted
19:47:01.0898 0x0e5c IDriverT - ok
19:47:02.0087 0x0e5c [ 7B630ACAED64FEF0C3E1CF255CB56686, 9DCC6953BC6EF77C3916F8AA226CEC0662513A23AB60E9F714D53746E82FB372 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:47:02.0230 0x0e5c idsvc - ok
19:47:02.0538 0x0e5c [ C134E69CE901422D1F2D7EA8D69098FE, 38D7AB6C85C0BCE34B8F52DDBD6F0371DF551003DF6BAE20A2AB1D1349128890 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:47:03.0009 0x0e5c igfx - ok
19:47:03.0072 0x0e5c [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:47:03.0113 0x0e5c iirsp - ok
19:47:03.0225 0x0e5c [ 68E8C415E102E5D79FD7E4A765B8CBA4, A5EA0DC9EEEED79D5D08D66D0E7B66F07889774F8AB667AD6839EE23A44E6D16 ] IKEEXT C:\Windows\System32\ikeext.dll
19:47:03.0382 0x0e5c IKEEXT - ok
19:47:03.0477 0x0e5c [ 98D303CCB3415E9202E82043B37D66DC, 53526635EBCA6E2C2E9AAEC68B333CAE6A5FF0008859FCDE3D84A2C9098B30B0 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
19:47:03.0585 0x0e5c IntcHdmiAddService - ok
19:47:03.0650 0x0e5c [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:47:03.0690 0x0e5c intelide - ok
19:47:03.0726 0x0e5c [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:47:03.0875 0x0e5c intelppm - ok
19:47:03.0920 0x0e5c [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:47:04.0063 0x0e5c IPBusEnum - ok
19:47:04.0123 0x0e5c [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:47:04.0259 0x0e5c IpFilterDriver - ok
19:47:04.0358 0x0e5c [ 6A35D233693EDC29A12742049BC5E37F, 77275407105492A11CDC232E72C8183F0DFD28F8B9AD2A24AAABDB246F14D38F ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
19:47:04.0502 0x0e5c IpHlpSvc - ok
19:47:04.0547 0x0e5c [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:47:04.0691 0x0e5c IPMIDRV - ok
19:47:04.0802 0x0e5c [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:47:04.0927 0x0e5c IPNAT - ok
19:47:05.0032 0x0e5c [ E46B17060D3962A384AE484094614788, 9E8EF45C72A01FA586FF028B62F6675114CC9CBBCE172A789EDA754AE3F79121 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:47:05.0128 0x0e5c iPod Service - ok
19:47:05.0164 0x0e5c [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:47:05.0269 0x0e5c IRENUM - ok
19:47:05.0311 0x0e5c [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:47:05.0351 0x0e5c isapnp - ok
19:47:05.0420 0x0e5c [ F247EEC28317F6C739C16DE420097301, 0F4BE16BB0630DFE2256F70C94D4363B7B71F02F7F6597E7CAE28A3EFEA7BCAD ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:47:05.0477 0x0e5c iScsiPrt - ok
19:47:05.0516 0x0e5c [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:47:05.0557 0x0e5c iteatapi - ok
19:47:05.0579 0x0e5c [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:47:05.0618 0x0e5c iteraid - ok
19:47:05.0664 0x0e5c [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:47:05.0703 0x0e5c kbdclass - ok
19:47:05.0728 0x0e5c [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:47:05.0826 0x0e5c kbdhid - ok
19:47:05.0877 0x0e5c [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] KeyIso C:\Windows\system32\lsass.exe
19:47:05.0939 0x0e5c KeyIso - ok
19:47:06.0002 0x0e5c [ 7A0CF7908B6824D6A2A1D313E5AE3DCA, 903CF1169D984BBDAE114827D82D5CCC88C2BC7CAEE6BB3A299E2572B0751BB6 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:47:06.0091 0x0e5c KSecDD - ok
19:47:06.0177 0x0e5c [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:47:06.0389 0x0e5c KtmRm - ok
19:47:06.0465 0x0e5c [ 1925E63C91CF1610AE41BFD539062079, C25438D19D51B76A8E4C5F3A5D41C76197321166CB37E224217993A4466EBEF9 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:47:06.0556 0x0e5c LanmanServer - ok
19:47:06.0631 0x0e5c [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15, 7B1FAC42B9EA73A8C4E812F8F729EB882BDFD04D2E68FE354CFD6B8379A46D14 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:47:06.0778 0x0e5c LanmanWorkstation - ok
19:47:07.0182 0x0e5c [ ED6923BF4D8D4383893825E2F74E2543, 55B044E09B0D254E5E76A054046CF76B6AB91D3A585630A272B832B3DF94C838 ] LiveUpdateSvc C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
19:47:07.0630 0x0e5c LiveUpdateSvc - ok
19:47:07.0695 0x0e5c [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:47:07.0831 0x0e5c lltdio - ok
19:47:07.0906 0x0e5c [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:47:08.0062 0x0e5c lltdsvc - ok
19:47:08.0110 0x0e5c [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:47:08.0299 0x0e5c lmhosts - ok
19:47:08.0372 0x0e5c [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:47:08.0417 0x0e5c LSI_FC - ok
19:47:08.0450 0x0e5c [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:47:08.0494 0x0e5c LSI_SAS - ok
19:47:08.0529 0x0e5c [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:47:08.0574 0x0e5c LSI_SCSI - ok
19:47:08.0607 0x0e5c [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
19:47:08.0708 0x0e5c luafv - ok
19:47:08.0777 0x0e5c [ A1D52DB330E18B5A7A718D31D950CA87, D3BE0C13EB0001841B0BA3B401783C0CDA247023BAF8351EBDDB48264AB2E20C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:47:08.0816 0x0e5c MBAMProtector - ok
19:47:09.0113 0x0e5c [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
19:47:09.0434 0x0e5c MBAMScheduler - ok
19:47:09.0686 0x0e5c [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
19:47:09.0895 0x0e5c MBAMService - ok
19:47:10.0034 0x0e5c [ 5023F594D5448E16F920157174C61358, A8A188CA4E9995BBFCD419680A43EE8AD1E0C7EE529BEC8E0922581386982C4F ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
19:47:10.0084 0x0e5c MBAMSwissArmy - ok
19:47:10.0133 0x0e5c [ 33991F04AD6486D934BA14564B4CF823, E95C8487127BB037665DBA9D8D2D0DD49F13CF0A5390A2BC98595F859C44541D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
19:47:10.0168 0x0e5c MBAMWebAccessControl - ok
19:47:10.0208 0x0e5c [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:47:10.0293 0x0e5c Mcx2Svc - ok
19:47:10.0345 0x0e5c [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
19:47:10.0383 0x0e5c megasas - ok
19:47:10.0466 0x0e5c [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:47:10.0551 0x0e5c MegaSR - ok
19:47:10.0694 0x0e5c [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:47:10.0738 0x0e5c Microsoft Office Groove Audit Service - ok
19:47:10.0783 0x0e5c [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
19:47:10.0911 0x0e5c MMCSS - ok
19:47:10.0966 0x0e5c [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
19:47:11.0084 0x0e5c Modem - ok
19:47:11.0120 0x0e5c [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:47:11.0291 0x0e5c monitor - ok
19:47:11.0331 0x0e5c [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:47:11.0375 0x0e5c mouclass - ok
19:47:11.0415 0x0e5c [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:47:11.0523 0x0e5c mouhid - ok
19:47:11.0559 0x0e5c [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:47:11.0616 0x0e5c MountMgr - ok
19:47:11.0708 0x0e5c [ FC9A9C09B35A93F76A03D5E355FA862C, B7ED57B9D39D547BA2927FC5F02C2475BF131FDB8AD40FFDE72C966506756B56 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:47:11.0769 0x0e5c MozillaMaintenance - ok
19:47:11.0836 0x0e5c [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
19:47:11.0886 0x0e5c mpio - ok
19:47:11.0926 0x0e5c [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:47:12.0018 0x0e5c mpsdrv - ok
19:47:12.0106 0x0e5c [ D1639BA315B0D79DEC49A4B0E1FB929B, 96420572029217FDD78CD286A022EB5F8BAB76EE30F75E48CD69AEE1A4846B53 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:47:12.0259 0x0e5c MpsSvc - ok
19:47:12.0318 0x0e5c [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:47:12.0360 0x0e5c Mraid35x - ok
19:47:12.0402 0x0e5c [ AE3DE84536B6799D2267443CEC8EDBB9, 787AF9D5BC6D1A1E4A55A66D62F0DF93F45C2FB7EA5BE0BF63F1270604600B40 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:47:12.0519 0x0e5c MRxDAV - ok
19:47:12.0588 0x0e5c [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1, 2C5F0554D5A763D6B3F1402C9BF36C6091CBBDFFD5139AEE85D69D5B210D2047 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:47:12.0650 0x0e5c mrxsmb - ok
19:47:12.0724 0x0e5c [ 6B5FA5ADFACAC9DBBE0991F4566D7D55, 9BAD029A6AAF4C2292C682B9F07C57051C84F7FA4F3EBEA52C25CAEF1A41121F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:47:12.0824 0x0e5c mrxsmb10 - ok
19:47:12.0867 0x0e5c [ 5C80D8159181C7ABF1B14BA703B01E0B, 414085AD3C36B8E95D1D49E2958671332DECE38739544CCB70FAB30C408E89A2 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:47:12.0950 0x0e5c mrxsmb20 - ok
19:47:12.0986 0x0e5c [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci C:\Windows\system32\drivers\msahci.sys
19:47:13.0025 0x0e5c msahci - ok
19:47:13.0066 0x0e5c [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:47:13.0116 0x0e5c msdsm - ok
19:47:13.0154 0x0e5c [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
19:47:13.0300 0x0e5c MSDTC - ok
19:47:13.0380 0x0e5c [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:47:13.0537 0x0e5c Msfs - ok
19:47:13.0595 0x0e5c [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:47:13.0634 0x0e5c msisadrv - ok
19:47:13.0687 0x0e5c [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:47:13.0803 0x0e5c MSiSCSI - ok
19:47:13.0844 0x0e5c msiserver - ok
19:47:13.0882 0x0e5c [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:47:14.0006 0x0e5c MSKSSRV - ok
19:47:14.0065 0x0e5c [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:47:14.0206 0x0e5c MSPCLOCK - ok
19:47:14.0240 0x0e5c [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:47:14.0376 0x0e5c MSPQM - ok
19:47:14.0435 0x0e5c [ B5614AECB05A9340AA0FB55BF561CC63, 8D1B5E958A0F721F5A81AD649CC5759B4DECB771FC4654F4EDEB29AC7DF1BD40 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:47:14.0495 0x0e5c MsRPC - ok
19:47:14.0534 0x0e5c [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:47:14.0577 0x0e5c mssmbios - ok
19:47:14.0609 0x0e5c [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:47:14.0717 0x0e5c MSTEE - ok
19:47:14.0751 0x0e5c [ 6DFD1D322DE55B0B7DB7D21B90BEC49C, 95149C41CC9F269C299541A97A9E2E2CCAEE34FE2362EEECD1F813EBC6D4CDC5 ] Mup C:\Windows\system32\Drivers\mup.sys
19:47:14.0797 0x0e5c Mup - ok
19:47:14.0871 0x0e5c [ C43B25863FBD65B6D2A142AF3AE320CA, 88E147751CBECFF31CD65954BC978B86CEA74485EB60DBB25AABAB4601797A4E ] napagent C:\Windows\system32\qagentRT.dll
19:47:15.0082 0x0e5c napagent - ok
19:47:15.0177 0x0e5c [ 3C21CE48FF529BB73DADB98770B54025, B8541E3D2B120B97947AE51B28A99E2623ACAD3790BC282B1251ACBEC7684F8D ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:47:15.0270 0x0e5c NativeWifiP - ok
19:47:15.0384 0x0e5c [ C8560010A542B5DCA94C62468DC20784, AE7584D95B0E9F5E340ADD00AA88563C64462A4FC6440F580B7936FD19D173CA ] NDIS C:\Windows\system32\drivers\ndis.sys
19:47:15.0485 0x0e5c NDIS - ok
19:47:15.0518 0x0e5c [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:47:15.0624 0x0e5c NdisTapi - ok
19:47:15.0661 0x0e5c [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:47:15.0768 0x0e5c Ndisuio - ok
19:47:15.0806 0x0e5c [ 3D14C3B3496F88890D431E8AA022A411, 9B31451756A35314586F93996172E1039B2CD21132CCBE772B3E61A8D9454A30 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:47:15.0927 0x0e5c NdisWan - ok
19:47:15.0967 0x0e5c [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:47:16.0057 0x0e5c NDProxy - ok
19:47:16.0142 0x0e5c [ 69C503C004F49AEE8B8E3067CC047BA7, 0E7A2FB0CC7669E6400EDA4D2220BBB1A85CF3D3529739DA5AE2C073FFA08313 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:47:16.0171 0x0e5c Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
19:47:20.0582 0x0e5c Detect skipped due to KSN trusted
19:47:20.0583 0x0e5c Net Driver HPZ12 - ok
19:47:20.0635 0x0e5c [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:47:20.0773 0x0e5c NetBIOS - ok
19:47:20.0880 0x0e5c [ 7C5FEE5B1C5728507CD96FB4A13E7A02, EDBA08442AD6AF20463A0610FF24D5929574E5EC012495A2C219F6BA84C97F57 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:47:21.0049 0x0e5c netbt - ok
19:47:21.0097 0x0e5c [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] Netlogon C:\Windows\system32\lsass.exe
19:47:21.0162 0x0e5c Netlogon - ok
19:47:21.0229 0x0e5c [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
19:47:21.0432 0x0e5c Netman - ok
19:47:21.0507 0x0e5c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:47:21.0555 0x0e5c NetMsmqActivator - ok
19:47:21.0578 0x0e5c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:47:21.0635 0x0e5c NetPipeActivator - ok
19:47:21.0693 0x0e5c [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
19:47:21.0880 0x0e5c netprofm - ok
19:47:21.0920 0x0e5c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:47:21.0968 0x0e5c NetTcpActivator - ok
19:47:22.0013 0x0e5c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:47:22.0064 0x0e5c NetTcpPortSharing - ok
19:47:22.0119 0x0e5c [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:47:22.0181 0x0e5c nfrd960 - ok
19:47:22.0343 0x0e5c [ 44C85E4724261178B42D57E129870608, A7543AA517A5207020C6FD1295A29EFDA6FAF235C590F24D0028CCB7C2ACE44B ] NitroDriverReadSpool8 C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
19:47:22.0436 0x0e5c NitroDriverReadSpool8 - ok
19:47:22.0491 0x0e5c [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
19:47:22.0705 0x0e5c NlaSvc - ok
19:47:22.0744 0x0e5c [ ECB5003F484F9ED6C608D6D6C7886CBB, 45496B84B2FD156499E9F07FC82BC6F032B8F4D9DC194098CF9F5474D5642F9E ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:47:22.0925 0x0e5c Npfs - ok
19:47:22.0948 0x0e5c [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
19:47:23.0150 0x0e5c nsi - ok
19:47:23.0175 0x0e5c [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:47:23.0300 0x0e5c nsiproxy - ok
19:47:23.0573 0x0e5c [ B4EFFE29EB4F15538FD8A9681108492D, 12AF3C19DD2DE7D92EE4C03AD07BAFD77EB8BFF2333E6FBD9CAAA0F654A35F46 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:47:23.0822 0x0e5c Ntfs - ok
19:47:23.0863 0x0e5c [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:47:24.0162 0x0e5c ntrigdigi - ok
19:47:24.0237 0x0e5c [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
19:47:24.0374 0x0e5c Null - ok
19:47:24.0451 0x0e5c [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:47:24.0504 0x0e5c nvraid - ok
19:47:24.0544 0x0e5c [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:47:24.0587 0x0e5c nvstor - ok
19:47:24.0625 0x0e5c [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:47:24.0747 0x0e5c nv_agp - ok
19:47:24.0855 0x0e5c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:47:25.0008 0x0e5c odserv - ok
19:47:25.0152 0x0e5c [ 19CAC780B858822055F46C58A111723C, D91CE501328281B8FEE6943776A145FB3201645B01BA8D1545FFA93A547DE2C7 ] OEM02Dev C:\Windows\system32\DRIVERS\OEM02Dev.sys
19:47:25.0240 0x0e5c OEM02Dev - ok
19:47:25.0270 0x0e5c [ 86326062A90494BDD79CE383511D7D69, 43D5682CA8ECB4BA7CC1A5C4C2BF966EE4802E8C3AA84CDEB634CA3C410DAB89 ] OEM02Vfx C:\Windows\system32\DRIVERS\OEM02Vfx.sys
19:47:25.0332 0x0e5c OEM02Vfx - ok
19:47:25.0410 0x0e5c [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:47:25.0637 0x0e5c ohci1394 - ok
19:47:25.0724 0x0e5c [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:47:25.0789 0x0e5c ose - ok
19:47:25.0959 0x0e5c [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:47:26.0197 0x0e5c p2pimsvc - ok
19:47:26.0320 0x0e5c [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2psvc C:\Windows\system32\p2psvc.dll
19:47:26.0620 0x0e5c p2psvc - ok
19:47:26.0681 0x0e5c [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
19:47:26.0935 0x0e5c Parport - ok
19:47:27.0012 0x0e5c [ 3B38467E7C3DAED009DFE359E17F139F, 419BD726E511B3FEFBD8204C9E2BF6131EC05C71D15406070F834688EAFB694F ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:47:27.0072 0x0e5c partmgr - ok
19:47:27.0123 0x0e5c [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:47:27.0348 0x0e5c Parvdm - ok
19:47:27.0397 0x0e5c [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
19:47:27.0494 0x0e5c PcaSvc - ok
19:47:27.0549 0x0e5c [ 01B94418DEB235DFF777CC80076354B4, 091C4D5954C5CA1F783748C4D7287DD160C5F3357F2CC448DC5C2935B79AC1E9 ] pci C:\Windows\system32\drivers\pci.sys
19:47:27.0630 0x0e5c pci - ok
19:47:27.0683 0x0e5c [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
19:47:27.0729 0x0e5c pciide - ok
19:47:27.0784 0x0e5c [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:47:27.0860 0x0e5c pcmcia - ok
19:47:28.0003 0x0e5c [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:47:28.0549 0x0e5c PEAUTH - ok
19:47:28.0816 0x0e5c [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
19:47:29.0180 0x0e5c pla - ok
19:47:29.0261 0x0e5c [ 78F975CB6D18265BE6F492EDB2D7BC7B, 112C6FB0A84E605B1EA87F98C8A4C210C9DB84C811029109444AB174011A158C ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:47:29.0409 0x0e5c PlugPlay - ok
19:47:29.0489 0x0e5c [ 12B4549D515CB26BB8D375038017CA65, B09ED2BED994D2B04862BBF62EF56F110235D3489D3B1762432F22A3A8F97BB8 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:47:29.0520 0x0e5c Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
19:47:34.0357 0x0e5c Detect skipped due to KSN trusted
19:47:34.0358 0x0e5c Pml Driver HPZ12 - ok
19:47:34.0467 0x0e5c [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:47:34.0624 0x0e5c PNRPAutoReg - ok
19:47:34.0780 0x0e5c [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:47:34.0935 0x0e5c PNRPsvc - ok
19:47:35.0150 0x0e5c [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A, FAE64867CE80439735F88A9988243667BDE84486B5A768B650E55E1519C85C03 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:47:35.0306 0x0e5c PolicyAgent - ok
19:47:35.0357 0x0e5c [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:47:35.0524 0x0e5c PptpMiniport - ok
19:47:35.0565 0x0e5c [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
19:47:35.0675 0x0e5c Processor - ok
19:47:35.0735 0x0e5c [ B627E4FC8585E8843C5905D4D3587A90, 07D7BC1BF8CDD5E34155B260B914D4A9892D3CEAEACDE334D1AF2A608E1FA2D8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:47:35.0898 0x0e5c ProfSvc - ok
19:47:35.0939 0x0e5c [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:47:36.0019 0x0e5c ProtectedStorage - ok
19:47:36.0112 0x0e5c [ BFEF604508A0ED1EAE2A73E872555FFB, AC817FB5A6126475B4A3CA191AD49651B919FB55429B939D036BC564632E426D ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:47:36.0210 0x0e5c PSched - ok
19:47:36.0429 0x0e5c [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:47:36.0800 0x0e5c ql2300 - ok
19:47:36.0876 0x0e5c [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:47:36.0932 0x0e5c ql40xx - ok
19:47:37.0000 0x0e5c [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
19:47:37.0187 0x0e5c QWAVE - ok
19:47:37.0229 0x0e5c [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:47:37.0315 0x0e5c QWAVEdrv - ok
19:47:37.0644 0x0e5c [ E642B131FB74CAF4BB8A014F31113142, 18A81B27FB2DA556AC51DBA8956203A6E821D75B2B09F11049250E732318F573 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
19:47:38.0223 0x0e5c R300 - ok
19:47:38.0399 0x0e5c [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:47:38.0556 0x0e5c RasAcd - ok
19:47:38.0614 0x0e5c [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
19:47:38.0871 0x0e5c RasAuto - ok
19:47:38.0907 0x0e5c [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:47:39.0113 0x0e5c Rasl2tp - ok
19:47:39.0169 0x0e5c [ 6E7C284FC5C4EC07AD164D93810385A6, FDBF80C8DE53E56A3515353129C6912E8CAEC2B2DA9AB3A4B027CB73BDF1EC60 ] RasMan C:\Windows\System32\rasmans.dll
19:47:39.0419 0x0e5c RasMan - ok
19:47:39.0448 0x0e5c [ 3E9D9B048107B40D87B97DF2E48E0744, F7B8DAE57B9372CEB21A912379FC7670B099A9642CF2E7EA8D335ADBD4CF86A2 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:47:39.0632 0x0e5c RasPppoe - ok
19:47:39.0689 0x0e5c [ A7D141684E9500AC928A772ED8E6B671, C9329ECA4190EE1F4A6F186D45EA42ACF60C04CDBAFEB19973F3C2DF04A1BCEE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:47:39.0891 0x0e5c RasSstp - ok
19:47:39.0937 0x0e5c [ 6E1C5D0457622F9EE35F683110E93D14, 9C6BE049FDA5E6CBA486EE33F01AADDD6085CC5F1F08409EC439ADE9137D3F5F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:47:40.0183 0x0e5c rdbss - ok
19:47:40.0206 0x0e5c [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:47:40.0337 0x0e5c RDPCDD - ok
19:47:40.0432 0x0e5c [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:47:40.0573 0x0e5c rdpdr - ok
19:47:40.0589 0x0e5c [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:47:40.0696 0x0e5c RDPENCDD - ok
19:47:40.0757 0x0e5c [ E1C18F4097A5ABCEC941DC4B2F99DB7E, B38AC355042F18A41F83BF088FE7EB867184C7FE37820365314419BD3810BB68 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:47:40.0909 0x0e5c RDPWD - ok
19:47:40.0972 0x0e5c [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
19:47:41.0115 0x0e5c RemoteAccess - ok
19:47:41.0166 0x0e5c [ CC4E32400F3C7253400CF8F3F3A0B676, D2A874BE3D365260AD7C10C30F2DE22F818CBFC12D65AADE2203B9ED02C9BEB5 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:47:41.0335 0x0e5c RemoteRegistry - ok
19:47:41.0471 0x0e5c [ D85E3FA9F5B1F29BB4ED185C450D1470, 5DCB3DF594E907B058CCF3EDA07EB019D9E1835177B6CDAEA2EDE9003699809E ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
19:47:41.0584 0x0e5c rimmptsk - ok
19:47:41.0644 0x0e5c [ DB8EB01C58C9FADA00C70B1775278AE0, 35F0F3F15211D0F0B3EC85832C7E307ED7FDA6A2C9B463740EA0D7A49BC64926 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
19:47:41.0765 0x0e5c rimsptsk - ok
19:47:41.0783 0x0e5c [ 6C1F93C0760C9F79A1869D07233DF39D, 70DD037E76F6E89CE9630175772707BB8588324058079B5F18C505B31306BACE ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
19:47:41.0905 0x0e5c rismxdp - ok
19:47:41.0974 0x0e5c [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
19:47:42.0089 0x0e5c RpcLocator - ok
19:47:42.0196 0x0e5c [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] RpcSs C:\Windows\System32\rpcss.dll
19:47:42.0418 0x0e5c RpcSs - ok
19:47:42.0477 0x0e5c [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:47:42.0606 0x0e5c rspndr - ok
19:47:42.0621 0x0e5c [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] SamSs C:\Windows\system32\lsass.exe
19:47:42.0688 0x0e5c SamSs - ok
19:47:42.0731 0x0e5c [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:47:42.0804 0x0e5c sbp2port - ok
19:47:42.0851 0x0e5c [ 11387E32642269C7E62E8B52C060B3C6, 6225FA14CBDC1D30F2E4CDC2059773DA49C67BE2C00A1DE582E8E07717F20425 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:47:43.0069 0x0e5c SCardSvr - ok
19:47:43.0152 0x0e5c [ C23DBD9BFBA8B1170706E0896B3CF7DA, 3898674C961850581E20B65D96E651A45A23429AB5D11F712704E181B25B528B ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
19:47:43.0179 0x0e5c SCDEmu - detected UnsignedFile.Multi.Generic ( 1 )
19:47:47.0521 0x0e5c Detect skipped due to KSN trusted
19:47:47.0522 0x0e5c SCDEmu - ok
19:47:47.0654 0x0e5c [ 7B587B8A6D4A99F79D2902D0385F29BD, C29F2EE25F7B11E1821832CB7F4F8506C2AB20804D6702CC5EAF5BA1F3FCA972 ] Schedule C:\Windows\system32\schedsvc.dll
19:47:47.0897 0x0e5c Schedule - ok
19:47:47.0929 0x0e5c [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:47:48.0049 0x0e5c SCPolicySvc - ok
19:47:48.0128 0x0e5c [ 126EA89BCC413EE45E3004FB0764888F, 367BE2B56113177AE867E00D019C707C6449E0FC4A642101B11036A0534D6901 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:47:48.0329 0x0e5c sdbus - ok
19:47:48.0474 0x0e5c [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:47:48.0601 0x0e5c SDRSVC - ok
19:47:48.0648 0x0e5c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:47:48.0924 0x0e5c secdrv - ok
19:47:48.0963 0x0e5c [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
19:47:49.0087 0x0e5c seclogon - ok
19:47:49.0150 0x0e5c [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll
19:47:49.0310 0x0e5c SENS - ok
19:47:49.0352 0x0e5c [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:47:49.0579 0x0e5c Serenum - ok
19:47:49.0695 0x0e5c [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
19:47:49.0945 0x0e5c Serial - ok
19:47:49.0983 0x0e5c [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:47:50.0176 0x0e5c sermouse - ok
19:47:50.0276 0x0e5c [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
19:47:50.0538 0x0e5c SessionEnv - ok
19:47:50.0597 0x0e5c [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:47:50.0715 0x0e5c sffdisk - ok
19:47:50.0778 0x0e5c [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:47:51.0039 0x0e5c sffp_mmc - ok
19:47:51.0067 0x0e5c [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:47:51.0211 0x0e5c sffp_sd - ok
19:47:51.0274 0x0e5c [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:47:51.0509 0x0e5c sfloppy - ok
19:47:51.0592 0x0e5c [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:47:51.0728 0x0e5c SharedAccess - ok
19:47:51.0820 0x0e5c [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:47:51.0936 0x0e5c ShellHWDetection - ok
19:47:51.0971 0x0e5c [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:47:52.0031 0x0e5c sisagp - ok
19:47:52.0061 0x0e5c [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:47:52.0106 0x0e5c SiSRaid2 - ok
19:47:52.0155 0x0e5c [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:47:52.0200 0x0e5c SiSRaid4 - ok
19:47:52.0460 0x0e5c [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:47:52.0546 0x0e5c SkypeUpdate - ok
19:47:52.0854 0x0e5c [ 0BA91E1358AD25236863039BB2609A2E, ECB3C8E3D9C6FA77C0CF5A898FB90BB9474C6EFBE3698B56C93ECE44535EDACE ] slsvc C:\Windows\system32\SLsvc.exe
19:47:53.0394 0x0e5c slsvc - ok
19:47:53.0483 0x0e5c [ 7C6DC44CA0BFA6291629AB764200D1D4, 747CDA89C6F94F8314E5E5C425387ABDF9FF8528D82422F8FF66D96307B47B13 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:47:53.0675 0x0e5c SLUINotify - ok
19:47:53.0767 0x0e5c [ 031E6BCD53C9B2B9ACE111EAFEC347B6, B934129BD77CA6A1434C59EA82B5E93FD4089608E0E41242B6E68070A0F33FB8 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:47:53.0896 0x0e5c Smb - ok
19:47:53.0954 0x0e5c [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:47:54.0029 0x0e5c SNMPTRAP - ok
19:47:54.0136 0x0e5c [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
19:47:54.0175 0x0e5c spldr - ok
19:47:54.0267 0x0e5c [ 3665F79026A3F91FBCA63F2C65A09B19, A9AAE9B4006B5BC6EF4A7AB4CAB131687E4055E7C56900BBD24F78BA155C458A ] Spooler C:\Windows\System32\spoolsv.exe
19:47:54.0400 0x0e5c Spooler - ok
19:47:54.0626 0x0e5c [ 68103A2B441BBF3908EBB587F0704D6C, 0EE921D3D3D88AD0380923429E82B58078F53D7A9D53458AA33FEDF376EF1212 ] sptd C:\Windows\System32\Drivers\sptd.sys
19:47:54.0759 0x0e5c sptd - ok
19:47:54.0842 0x0e5c [ 712F59E64E1402237C23C55255FCB364, 448893B9CEE7DD622181B3ED9AB4F84D3FDB4A1082132BD08173653C0783711F ] SRBoxDRv C:\Windows\system32\Drivers\SRBoxDRv.sys
19:47:54.0884 0x0e5c SRBoxDRv - detected UnsignedFile.Multi.Generic ( 1 )
19:47:59.0905 0x0e5c SRBoxDRv ( UnsignedFile.Multi.Generic ) - warning
19:48:04.0640 0x0e5c [ 2252AEF839B1093D16761189F45AF885, D7B79E1B9CD73EDEA855DBE120ED470CC0F67D1AA44038E6051A4C5BCE361DE3 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:48:04.0798 0x0e5c srv - ok
19:48:04.0869 0x0e5c [ B7FF59408034119476B00A81BB53D5D1, 365D8E719D729D56082F5A6EEB65B31EB5DB5D15A5346D05E7130F41F2F97D46 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:48:04.0986 0x0e5c srv2 - ok
19:48:05.0058 0x0e5c [ 2ACCC9B12AF02030F531E6CCA6F8B76E, D1BA17C7BFE02347824DEEB1B7362FD251769ECB92B14EB3C600C85AB7E04D1B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:48:05.0147 0x0e5c srvnet - ok
19:48:05.0210 0x0e5c [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:48:05.0362 0x0e5c SSDPSRV - ok
19:48:05.0426 0x0e5c [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:48:05.0520 0x0e5c SstpSvc - ok
19:48:05.0584 0x0e5c [ 7E6DD4B34ACD36AF6C711D2BDE91B040, 737C76749FE53A968E558289613A6ED5A0263F9585A47028343284F64808AC67 ] STacSV C:\Windows\system32\STacSV.exe
19:48:05.0658 0x0e5c STacSV - ok
19:48:05.0710 0x0e5c [ 6A2A5E809C2C0178326D92B19EE4AAD3, B2D78857BDB72A2CB63950558CA3D5105F1857056F52BB8E9D888394CC2D06E9 ] STHDA C:\Windows\system32\drivers\stwrt.sys
19:48:05.0797 0x0e5c STHDA - ok
19:48:05.0894 0x0e5c [ 7DD08A597BC56051F320DA0BAF69E389, ACC59CF80765248705FFCE65DC9B5D072DC054F08C02FB4D16BA0E84D8BED0A4 ] stisvc C:\Windows\System32\wiaservc.dll
19:48:06.0039 0x0e5c stisvc - ok
19:48:06.0098 0x0e5c [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:48:06.0151 0x0e5c swenum - ok
19:48:06.0211 0x0e5c [ B36C7CDB86F7F7A8E884479219766950, F3EA381A84CD6950BF71A56E9ABAD5010F226C5254CB936699A38BA4C85F7367 ] swprv C:\Windows\System32\swprv.dll
19:48:06.0417 0x0e5c swprv - ok
19:48:06.0457 0x0e5c [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:48:06.0498 0x0e5c Symc8xx - ok
19:48:06.0526 0x0e5c [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:48:06.0576 0x0e5c Sym_hi - ok
19:48:06.0604 0x0e5c [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:48:06.0644 0x0e5c Sym_u3 - ok
19:48:06.0730 0x0e5c [ DD17B63F26430E179EF6BDEF5AC735BD, EA736CBD7001891F1823B8626964AC37952A86DEC1022EDE913259E8B1FA1D1F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:48:06.0779 0x0e5c SynTP - ok
19:48:06.0858 0x0e5c [ 8710A92D0024B03B5FB9540DF1F71F1D, B72A968A7966DC16A1D69A8D53012A4307EEBDC4CB8E1D9C93BFB88D996E490F ] SysMain C:\Windows\system32\sysmain.dll
19:48:07.0069 0x0e5c SysMain - ok
19:48:07.0114 0x0e5c [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:48:07.0196 0x0e5c TabletInputService - ok
19:48:07.0244 0x0e5c [ 680916BB09EE0F3A6ACA7C274B0D633F, 008B6EE41FA4D371258F0A656AE96B3E3F487BE5B9E0654B920013B4F1C0DFD8 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:48:07.0419 0x0e5c TapiSrv - ok
19:48:07.0497 0x0e5c [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
19:48:07.0687 0x0e5c TBS - ok
19:48:07.0836 0x0e5c [ 6216A954ED7045B62880A92D6C9B9FC7, 23F702BA152499A8A64B97BAB46B6A638B4479A7E5DF69EAE257D923EA742471 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:48:08.0015 0x0e5c Tcpip - ok
19:48:08.0153 0x0e5c [ 6216A954ED7045B62880A92D6C9B9FC7, 23F702BA152499A8A64B97BAB46B6A638B4479A7E5DF69EAE257D923EA742471 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:48:08.0312 0x0e5c Tcpip6 - ok
19:48:08.0354 0x0e5c [ D4A2E4A4B011F3A883AF77315A5AE76B, 29E18087236A592638570F76691BC5C64CCA383F43EE22DF122413860E2D882C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:48:08.0477 0x0e5c tcpipreg - ok
19:48:08.0568 0x0e5c [ 5CA437A08509FB7ECF843480FC1232E2, BBB49250CD4DD6245249689B3659C69447DA55C21BEB33F4508AEE782007E0F7 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
19:48:08.0605 0x0e5c TcUsb - ok
19:48:08.0632 0x0e5c [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:48:08.0758 0x0e5c TDPIPE - ok
19:48:08.0793 0x0e5c [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:48:08.0894 0x0e5c TDTCP - ok
19:48:08.0928 0x0e5c [ D09276B1FAB033CE1D40DCBDF303D10F, 2CB47CB522B4E1C091DE30AF0EB4E21D321C42D2A5BA9647CBD078652680D8FF ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:48:09.0063 0x0e5c tdx - ok
19:48:09.0106 0x0e5c [ A048056F5E1A96A9BF3071B91741A5AA, CFDE51D106A6CC4A5638BCD458505F5831636D2203F7C949273BDA446AC7C5F3 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:48:09.0148 0x0e5c TermDD - ok
19:48:09.0222 0x0e5c [ D605031E225AACCBCEB5B76A4F1603A6, 27D78644CADBC11C3AB5E0C10F854FD43BCD43B6E91C1ED1F6D35BC501147701 ] TermService C:\Windows\System32\termsrv.dll
19:48:09.0495 0x0e5c TermService - ok
19:48:09.0564 0x0e5c [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] Themes C:\Windows\system32\shsvcs.dll
19:48:09.0673 0x0e5c Themes - ok
19:48:09.0710 0x0e5c [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
19:48:09.0824 0x0e5c THREADORDER - ok
19:48:09.0865 0x0e5c [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
19:48:10.0020 0x0e5c TrkWks - ok
19:48:10.0093 0x0e5c [ 16613A1BAD034D4ECF957AF18B7C2FF5, 75499618187ED4385984F608D134BB298A4CCB339F70B31E4A8B2CF3E3558396 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:48:10.0236 0x0e5c TrustedInstaller - ok
19:48:10.0287 0x0e5c [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:48:10.0385 0x0e5c tssecsrv - ok
19:48:10.0408 0x0e5c [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:48:10.0464 0x0e5c tunmp - ok
19:48:10.0480 0x0e5c [ 6042505FF6FA9AC1EF7684D0E03B6940, D09CF14A6C0C760238792DDA4ECB6FBB6CA645BB91BD62585EBD050226BDB5A7 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:48:10.0538 0x0e5c tunnel - ok
19:48:10.0570 0x0e5c [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:48:10.0614 0x0e5c uagp35 - ok
19:48:10.0676 0x0e5c [ 8B5088058FA1D1CD897A2113CCFF6C58, 1616EDB66C3E2DA7B09EA4FE46A3FC7087D6201F2195D76118A93B0B065D1623 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:48:10.0816 0x0e5c udfs - ok
19:48:10.0871 0x0e5c [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:48:10.0988 0x0e5c UI0Detect - ok
19:48:11.0020 0x0e5c [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:48:11.0063 0x0e5c uliagpkx - ok
19:48:11.0109 0x0e5c [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:48:11.0266 0x0e5c uliahci - ok
19:48:11.0312 0x0e5c [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:48:11.0357 0x0e5c UlSata - ok
19:48:11.0413 0x0e5c [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:48:11.0464 0x0e5c ulsata2 - ok
19:48:11.0507 0x0e5c [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:48:11.0676 0x0e5c umbus - ok
19:48:11.0740 0x0e5c [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
19:48:12.0005 0x0e5c upnphost - ok
19:48:12.0119 0x0e5c [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:48:12.0227 0x0e5c USBAAPL - ok
19:48:12.0287 0x0e5c [ 292A25BB75A568AE2C67169BA2C6365A, EE8B50DD446ECDEBC8B27D015FA9DE18F918ABBA8CF277B799D71CC9D79842FC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:48:12.0409 0x0e5c usbaudio - ok
19:48:12.0449 0x0e5c [ CAF811AE4C147FFCD5B51750C7F09142, BD670CF88D8F932AD1C6BA91FB68A7204BC473657C6A057C92AFB84D164D393C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:48:12.0584 0x0e5c usbccgp - ok
19:48:12.0625 0x0e5c [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:48:12.0825 0x0e5c usbcir - ok
19:48:12.0863 0x0e5c [ CEBE90821810E76320155BEBA722FCF9, AD27B032520BE2A45690DD1AFDDA632B934AB7F815CD313B19CD692790C761D8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:48:13.0033 0x0e5c usbehci - ok
19:48:13.0089 0x0e5c [ CC6B28E4CE39951357963119CE47B143, 0BC653B51A33709AADD8B5A2B8102DBCB3C1EE14BDDF4C58813FDCA43FF7C1B2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:48:13.0290 0x0e5c usbhub - ok
19:48:13.0323 0x0e5c [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:48:13.0615 0x0e5c usbohci - ok
19:48:13.0709 0x0e5c [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:48:13.0890 0x0e5c usbprint - ok
19:48:13.0970 0x0e5c [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:48:14.0075 0x0e5c usbscan - ok
19:48:14.0131 0x0e5c [ 87BA6B83C5D19B69160968D07D6E2982, 9E039DF4BBE53CA22A0ACE486B9867F99FFFE086CCAF6A83BD78770E4631F3F8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:48:14.0294 0x0e5c USBSTOR - ok
19:48:14.0329 0x0e5c [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:48:14.0440 0x0e5c usbuhci - ok
19:48:14.0474 0x0e5c [ 032A0ACC3909AE7215D524E29D536797, 51E36ED5953C0880BE508837181925A0F677842E8A5BA98099700E6ED691A783 ] UxSms C:\Windows\System32\uxsms.dll
19:48:14.0604 0x0e5c UxSms - ok
19:48:14.0664 0x0e5c [ B13BC395B9D6116628F5AF47E0802AC4, 36E023A07E56588A8C26EF95E4F99303659E4783E0D9E8AEF193CA77A7AF91BA ] vds C:\Windows\System32\vds.exe
19:48:14.0886 0x0e5c vds - ok
19:48:14.0950 0x0e5c [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:48:15.0072 0x0e5c vga - ok
19:48:15.0109 0x0e5c [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:48:15.0233 0x0e5c VgaSave - ok
19:48:15.0285 0x0e5c [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:48:15.0343 0x0e5c viaagp - ok
19:48:15.0397 0x0e5c [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:48:15.0565 0x0e5c ViaC7 - ok
19:48:15.0618 0x0e5c [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
19:48:15.0675 0x0e5c viaide - ok
19:48:15.0716 0x0e5c [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:48:15.0763 0x0e5c volmgr - ok
19:48:15.0858 0x0e5c [ 98F5FFE6316BD74E9E2C97206C190196, CA9FA0EE5515D26F9406FF95F728E7F2CC29A8B7C97BC69FC2E95BBC60A2D261 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:48:15.0966 0x0e5c volmgrx - ok
19:48:16.0054 0x0e5c [ D8B4A53DD2769F226B3EB374374987C9, 49314B3E53FBF40A60E272C5B3B79FD1EFABFE1215DA5B030571B4DDF5592896 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:48:16.0123 0x0e5c volsnap - ok
19:48:16.0173 0x0e5c [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:48:16.0223 0x0e5c vsmraid - ok
19:48:16.0451 0x0e5c [ D5FB73D19C46ADE183F968E13F186B23, D35432BE4FF462FCEA958CF646D5572B6D78058BC2F1F324C9F50A0B14B02259 ] VSS C:\Windows\system32\vssvc.exe
19:48:16.0795 0x0e5c VSS - ok
19:48:16.0884 0x0e5c [ 1CF9206966A8458CDA9A8B20DF8AB7D3, 405D5FE96DA7ED03D4124EF6C692F80E88E5982B90DF46E353E94FFF576A5570 ] W32Time C:\Windows\system32\w32time.dll
19:48:17.0080 0x0e5c W32Time - ok
19:48:17.0120 0x0e5c [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:48:17.0412 0x0e5c WacomPen - ok
19:48:17.0499 0x0e5c [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:48:17.0617 0x0e5c Wanarp - ok
19:48:17.0633 0x0e5c [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:48:17.0791 0x0e5c Wanarpv6 - ok
19:48:17.0883 0x0e5c [ F3A5C2E1A6533192B070D06ECF6BE796, CBA11D9E60A04A0B82C6934A53EA859513CD476FF047DD3D59727B10CE7DB2DA ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:48:18.0047 0x0e5c wcncsvc - ok
19:48:18.0095 0x0e5c [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:48:18.0228 0x0e5c WcsPlugInService - ok
19:48:18.0267 0x0e5c [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
19:48:18.0309 0x0e5c Wd - ok
19:48:18.0386 0x0e5c [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96, 6A6EFFDB538DE1E201058A00F3E056F1256E92EED943FBFBCE28E54BE751E33D ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:48:18.0484 0x0e5c Wdf01000 - ok
19:48:18.0523 0x0e5c [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:48:18.0649 0x0e5c WdiServiceHost - ok
19:48:18.0666 0x0e5c [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:48:18.0790 0x0e5c WdiSystemHost - ok
19:48:18.0845 0x0e5c [ CF9A5F41789B642DB967021DE06A2713, A541F9D87CBDE2A4E48C5D5363736EF603B2701741D3044232474F179884AD7B ] WebClient C:\Windows\System32\webclnt.dll
19:48:18.0977 0x0e5c WebClient - ok
19:48:19.0067 0x0e5c [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:48:19.0198 0x0e5c Wecsvc - ok
19:48:19.0275 0x0e5c [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:48:19.0434 0x0e5c wercplsupport - ok
19:48:19.0494 0x0e5c [ FD1965AAA112C6818A30AB02742D0461, 6779D836934412907390DC85FA2A8C3BB1CC31FD4151830275B773FD13CFFBC2 ] WerSvc C:\Windows\System32\WerSvc.dll
19:48:19.0595 0x0e5c WerSvc - ok
19:48:19.0687 0x0e5c [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:48:19.0754 0x0e5c WinDefend - ok
19:48:19.0783 0x0e5c WinHttpAutoProxySvc - ok
19:48:19.0898 0x0e5c [ 00B79A7C984678F24CF052E5BEB3A2F5, 4D8E4394C926D2B1C71613D309F2D62A663B0ADB73A036F5E9E7D1AFF605CA2A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:48:20.0149 0x0e5c Winmgmt - ok
19:48:20.0665 0x0e5c [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
19:48:21.0476 0x0e5c WinRM - ok
19:48:21.0601 0x0e5c [ 275F4346E569DF56CFB95243BD6F6FF0, 9C85246BF99119DBD6E0B5D38F96B8BC00F3C87618D17BC0E0A063A0D9A03440 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:48:21.0831 0x0e5c Wlansvc - ok
19:48:21.0851 0x0e5c wltrysvc - ok
19:48:21.0901 0x0e5c [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:48:21.0991 0x0e5c WmiAcpi - ok
19:48:22.0092 0x0e5c [ ABA4CF9F856D9A3A25F4DDD7690A6E9D, 07C1DAF3DA3CDA84FBE4C7576372115FCAAAAFC332F252C03625E53C7F3C6EE5 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:48:22.0349 0x0e5c wmiApSrv - ok
19:48:22.0513 0x0e5c [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:48:22.0951 0x0e5c WMPNetworkSvc - ok
19:48:23.0015 0x0e5c [ 5D94CD167751294962BA238D82DD1BB8, 62C7A31706F1C33A2C1C68006191AEE85A98885D23EC582EF2F88AAF604AC9A7 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:48:23.0114 0x0e5c WPCSvc - ok
19:48:23.0138 0x0e5c [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:48:23.0297 0x0e5c WPDBusEnum - ok
19:48:23.0353 0x0e5c [ 0CEC23084B51B8288099EB710224E955, E1AAB1E08E1745313D0A149A645AA878148D2DBE5CCC23C4ECCFC5003945C22B ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:48:23.0469 0x0e5c WpdUsb - ok
19:48:23.0706 0x0e5c [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:48:23.0919 0x0e5c WPFFontCache_v0400 - ok
19:48:23.0963 0x0e5c [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:48:24.0142 0x0e5c ws2ifsl - ok
19:48:24.0223 0x0e5c [ 683DD16B590372F2C9661D277F35E49C, 29D86389D95256EEF37BA01D403494385015D926E851A39EC7948FF6EF4E8481 ] wscsvc C:\Windows\system32\wscsvc.dll
19:48:24.0338 0x0e5c wscsvc - ok
19:48:24.0365 0x0e5c WSearch - ok
19:48:24.0730 0x0e5c [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] wuauserv C:\Windows\system32\wuaueng.dll
19:48:25.0324 0x0e5c wuauserv - ok
19:48:25.0405 0x0e5c [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:48:25.0610 0x0e5c WUDFRd - ok
19:48:25.0668 0x0e5c [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:48:25.0901 0x0e5c wudfsvc - ok
19:48:25.0926 0x0e5c ================ Scan global ===============================
19:48:25.0972 0x0e5c [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
19:48:26.0089 0x0e5c [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
19:48:26.0244 0x0e5c [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
19:48:26.0420 0x0e5c [ 2B336AB6286D6C81FA02CBAB914E3C6C, C5ADF6D5BFC00375BA6D0E5D96F36D36ADFBF66325A48358C6317E387FB220EC ] C:\Windows\system32\services.exe
19:48:26.0460 0x0e5c [ Global ] - ok
19:48:26.0461 0x0e5c ================ Scan MBR ==================================
19:48:26.0491 0x0e5c [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:48:27.0642 0x0e5c \Device\Harddisk0\DR0 - ok
19:48:27.0651 0x0e5c ================ Scan VBR ==================================
19:48:27.0664 0x0e5c [ ED337346FF6214B86FAD82E01830E234 ] \Device\Harddisk0\DR0\Partition1
19:48:27.0717 0x0e5c \Device\Harddisk0\DR0\Partition1 - ok
19:48:27.0762 0x0e5c [ 8B921CA17C28CE65E74AACBA88EDAA4B ] \Device\Harddisk0\DR0\Partition2
19:48:27.0802 0x0e5c \Device\Harddisk0\DR0\Partition2 - ok
19:48:27.0804 0x0e5c ================ Scan generic autorun ======================
19:48:27.0954 0x0e5c [ D8B83790F45403B83D24FC63310E3BC7, 627245DC56B55EC3851DC6BA594175841EA38D67C27A53B020C9C97859257AA4 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
19:48:28.0143 0x0e5c SynTPEnh - ok
19:48:28.0299 0x0e5c [ 267B3A856E9F4DB1CABD4E6DB71E07D2, E384B0204375A8E9DCAFB3FD6E72442F3E9418812637F4EFA2653F946EBE8E26 ] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
19:48:28.0336 0x0e5c dscactivate - detected UnsignedFile.Multi.Generic ( 1 )
19:48:33.0090 0x0e5c Detect skipped due to KSN trusted
19:48:33.0090 0x0e5c dscactivate - ok
19:48:33.0132 0x0e5c [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
19:48:33.0206 0x0e5c GrooveMonitor - ok
19:48:33.0758 0x0e5c [ 083649EF692A066880C9326020915AFE, 570DBF28F6D77890476F7B6A9C57F77DCC3C51038A1780540032B5FD9CF72190 ] C:\Program Files\Alwil Software\Avast5\avastUI.exe
19:48:34.0649 0x0e5c avast - ok
19:48:34.0777 0x0e5c [ DD5C2D9B33E8E3FF8A4A8BE892E3DCFB, A2C6C1B34B91D5BDD631729DA87522FAD2DEE4ACA7D6006964735D33531EA7EF ] C:\Windows\system32\igfxtray.exe
19:48:34.0847 0x0e5c IgfxTray - ok
19:48:34.0907 0x0e5c [ E51394C741D6A2C2DE3CE3DE3ABD1287, 1F9A84A171AD144203EACD8BCA9D50F12C5ADBEE6462BA65C8C74F62ACEF7F0A ] C:\Windows\system32\hkcmd.exe
19:48:34.0971 0x0e5c HotKeysCmds - ok
19:48:35.0005 0x0e5c [ C0D9CB9E24C541E87C26F0E0C0044CEA, 3FB4BA430481A3813F21D92E6D56B056BF00CC891F876BD94EBDD7EC2EA2C899 ] C:\Windows\system32\igfxpers.exe
19:48:35.0054 0x0e5c Persistence - ok
19:48:35.0117 0x0e5c [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
19:48:35.0238 0x0e5c ehTray.exe - ok
19:48:35.0425 0x0e5c [ 86C162E413451ECD9710D16B876B23F9, 70686C96DDD807CE2C25882E874385EF30CA7C15230E42B4BE38DFD7753FE65F ] C:\Program Files\Simnet\Simple Sticky Notes\ssn.exe
19:48:35.0625 0x0e5c Simple Sticky Notes - ok
19:48:35.0741 0x0e5c [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
19:48:35.0892 0x0e5c WMPNSCFG - ok
19:48:35.0920 0x0e5c [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
19:48:36.0028 0x0e5c ehTray.exe - ok
19:48:36.0031 0x0e5c Waiting for KSN requests completion. In queue: 104
19:48:37.0031 0x0e5c Waiting for KSN requests completion. In queue: 9
19:48:38.0031 0x0e5c Waiting for KSN requests completion. In queue: 9
19:48:39.0031 0x0e5c Waiting for KSN requests completion. In queue: 9
19:48:40.0031 0x0e5c Waiting for KSN requests completion. In queue: 9
19:48:41.0667 0x0e5c AV detected via SS2: avast! Antivirus, ?\Program Files\Alwil Software\Avast5\VisthAux.exe ( ), 0x41000 ( enabled : updated )
19:48:41.0815 0x0e5c Win FW state via NFP2: disabled ( not trusted )
19:48:46.0446 0x0e5c ============================================================
19:48:46.0446 0x0e5c Scan finished
19:48:46.0446 0x0e5c ============================================================
19:48:46.0485 0x05ac Detected object count: 1
19:48:46.0485 0x05ac Actual detected object count: 1
19:49:01.0963 0x05ac SRBoxDRv ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:01.0963 0x05ac SRBoxDRv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:06.0916 0x0524 Deinitialize success
Junk (from the Command Prompt)
2016-05-20 20:13:22, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:13:22, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2016-05-20 20:13:35, Info CSI 00000009 [SR] Verify complete
2016-05-20 20:13:36, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:13:36, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2016-05-20 20:13:50, Info CSI 0000000d [SR] Verify complete
2016-05-20 20:13:52, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:13:52, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2016-05-20 20:13:58, Info CSI 00000011 [SR] Verify complete
2016-05-20 20:13:59, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:13:59, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:02, Info CSI 00000015 [SR] Verify complete
2016-05-20 20:14:03, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:03, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:07, Info CSI 00000019 [SR] Verify complete
2016-05-20 20:14:08, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:08, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:11, Info CSI 0000001d [SR] Verify complete
2016-05-20 20:14:13, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:13, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:16, Info CSI 00000021 [SR] Verify complete
2016-05-20 20:14:17, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:17, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:20, Info CSI 00000025 [SR] Verify complete
2016-05-20 20:14:22, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:22, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:25, Info CSI 00000029 [SR] Verify complete
2016-05-20 20:14:27, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:27, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:30, Info CSI 0000002d [SR] Verify complete
2016-05-20 20:14:31, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:31, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:35, Info CSI 00000031 [SR] Verify complete
2016-05-20 20:14:36, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:36, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:39, Info CSI 00000035 [SR] Verify complete
2016-05-20 20:14:41, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:41, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:44, Info CSI 00000039 [SR] Verify complete
2016-05-20 20:14:46, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:46, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:50, Info CSI 0000003d [SR] Verify complete
2016-05-20 20:14:51, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:51, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2016-05-20 20:14:57, Info CSI 00000041 [SR] Verify complete
2016-05-20 20:14:59, Info CSI 00000042 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:14:59, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:02, Info CSI 00000045 [SR] Verify complete
2016-05-20 20:15:04, Info CSI 00000046 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:04, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:11, Info CSI 00000049 [SR] Verify complete
2016-05-20 20:15:13, Info CSI 0000004a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:13, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:17, Info CSI 0000004d [SR] Verify complete
2016-05-20 20:15:19, Info CSI 0000004e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:19, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:22, Info CSI 00000051 [SR] Verify complete
2016-05-20 20:15:24, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:24, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:30, Info CSI 00000055 [SR] Verify complete
2016-05-20 20:15:31, Info CSI 00000056 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:31, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:36, Info CSI 00000059 [SR] Verify complete
2016-05-20 20:15:39, Info CSI 0000005a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:39, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:45, Info CSI 0000005d [SR] Verify complete
2016-05-20 20:15:46, Info CSI 0000005e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:46, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:50, Info CSI 00000061 [SR] Verify complete
2016-05-20 20:15:52, Info CSI 00000062 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:52, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:55, Info CSI 00000065 [SR] Verify complete
2016-05-20 20:15:56, Info CSI 00000066 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:15:56, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2016-05-20 20:15:59, Info CSI 00000069 [SR] Verify complete
2016-05-20 20:16:00, Info CSI 0000006a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:16:00, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2016-05-20 20:16:07, Info CSI 0000006d [SR] Verify complete
2016-05-20 20:16:09, Info CSI 0000006e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:16:09, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2016-05-20 20:16:12, Info CSI 00000071 [SR] Verify complete
2016-05-20 20:16:14, Info CSI 00000072 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:16:14, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2016-05-20 20:16:17, Info CSI 00000075 [SR] Verify complete
2016-05-20 20:16:18, Info CSI 00000076 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:16:18, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2016-05-20 20:16:26, Info CSI 00000079 [SR] Verify complete
2016-05-20 20:16:28, Info CSI 0000007a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:16:28, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2016-05-20 20:16:45, Info CSI 0000007d [SR] Verify complete
2016-05-20 20:16:47, Info CSI 0000007e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:16:47, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2016-05-20 20:17:04, Info CSI 00000081 [SR] Verify complete
2016-05-20 20:17:06, Info CSI 00000082 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:17:06, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2016-05-20 20:17:22, Info CSI 00000086 [SR] Verify complete
2016-05-20 20:17:25, Info CSI 00000087 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:17:25, Info CSI 00000088 [SR] Beginning Verify and Repair transaction
2016-05-20 20:17:39, Info CSI 0000008b [SR] Verify complete
2016-05-20 20:17:41, Info CSI 0000008c [SR] Verifying 100 (0x00000064) components
2016-05-20 20:17:41, Info CSI 0000008d [SR] Beginning Verify and Repair transaction
2016-05-20 20:18:00, Info CSI 0000008f [SR] Verify complete
2016-05-20 20:18:02, Info CSI 00000090 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:18:02, Info CSI 00000091 [SR] Beginning Verify and Repair transaction
2016-05-20 20:18:42, Info CSI 0000009b [SR] Verify complete
2016-05-20 20:18:44, Info CSI 0000009c [SR] Verifying 100 (0x00000064) components
2016-05-20 20:18:44, Info CSI 0000009d [SR] Beginning Verify and Repair transaction
2016-05-20 20:18:59, Info CSI 0000009f [SR] Verify complete
2016-05-20 20:19:01, Info CSI 000000a0 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:19:01, Info CSI 000000a1 [SR] Beginning Verify and Repair transaction
2016-05-20 20:19:16, Info CSI 000000a3 [SR] Verify complete
2016-05-20 20:19:17, Info CSI 000000a4 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:19:17, Info CSI 000000a5 [SR] Beginning Verify and Repair transaction
2016-05-20 20:19:37, Info CSI 000000a7 [SR] Verify complete
2016-05-20 20:19:38, Info CSI 000000a8 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:19:38, Info CSI 000000a9 [SR] Beginning Verify and Repair transaction
2016-05-20 20:20:20, Info CSI 000000ab [SR] Verify complete
2016-05-20 20:20:25, Info CSI 000000ac [SR] Verifying 100 (0x00000064) components
2016-05-20 20:20:25, Info CSI 000000ad [SR] Beginning Verify and Repair transaction
2016-05-20 20:20:58, Info CSI 000000b1 [SR] Verify complete
2016-05-20 20:20:59, Info CSI 000000b2 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:20:59, Info CSI 000000b3 [SR] Beginning Verify and Repair transaction
2016-05-20 20:22:32, Info CSI 000000b5 [SR] Verify complete
2016-05-20 20:22:35, Info CSI 000000b6 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:22:35, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2016-05-20 20:24:06, Info CSI 000000b9 [SR] Verify complete
2016-05-20 20:24:08, Info CSI 000000ba [SR] Verifying 100 (0x00000064) components
2016-05-20 20:24:08, Info CSI 000000bb [SR] Beginning Verify and Repair transaction
2016-05-20 20:24:32, Info CSI 000000bd [SR] Verify complete
2016-05-20 20:24:34, Info CSI 000000be [SR] Verifying 100 (0x00000064) components
2016-05-20 20:24:34, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2016-05-20 20:24:42, Info CSI 000000c1 [SR] Verify complete
2016-05-20 20:24:43, Info CSI 000000c2 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:24:43, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2016-05-20 20:24:48, Info CSI 000000c5 [SR] Verify complete
2016-05-20 20:24:49, Info CSI 000000c6 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:24:49, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2016-05-20 20:25:15, Info CSI 000000dd [SR] Verify complete
2016-05-20 20:25:16, Info CSI 000000de [SR] Verifying 100 (0x00000064) components
2016-05-20 20:25:16, Info CSI 000000df [SR] Beginning Verify and Repair transaction
2016-05-20 20:25:31, Info CSI 000000e9 [SR] Verify complete
2016-05-20 20:25:32, Info CSI 000000ea [SR] Verifying 100 (0x00000064) components
2016-05-20 20:25:32, Info CSI 000000eb [SR] Beginning Verify and Repair transaction
2016-05-20 20:25:37, Info CSI 000000ed [SR] Verify complete
2016-05-20 20:25:38, Info CSI 000000ee [SR] Verifying 100 (0x00000064) components
2016-05-20 20:25:38, Info CSI 000000ef [SR] Beginning Verify and Repair transaction
2016-05-20 20:25:49, Info CSI 000000f1 [SR] Verify complete
2016-05-20 20:25:51, Info CSI 000000f2 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:25:51, Info CSI 000000f3 [SR] Beginning Verify and Repair transaction
2016-05-20 20:26:04, Info CSI 000000f5 [SR] Verify complete
2016-05-20 20:26:05, Info CSI 000000f6 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:26:05, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2016-05-20 20:26:33, Info CSI 000000f9 [SR] Verify complete
2016-05-20 20:26:35, Info CSI 000000fa [SR] Verifying 100 (0x00000064) components
2016-05-20 20:26:35, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2016-05-20 20:26:41, Info CSI 000000fd [SR] Verify complete
2016-05-20 20:26:43, Info CSI 000000fe [SR] Verifying 100 (0x00000064) components
2016-05-20 20:26:43, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2016-05-20 20:27:04, Info CSI 00000101 [SR] Verify complete
2016-05-20 20:27:06, Info CSI 00000102 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:27:06, Info CSI 00000103 [SR] Beginning Verify and Repair transaction
2016-05-20 20:27:15, Info CSI 00000105 [SR] Verify complete
2016-05-20 20:27:16, Info CSI 00000106 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:27:16, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2016-05-20 20:27:28, Info CSI 00000109 [SR] Verify complete
2016-05-20 20:27:30, Info CSI 0000010a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:27:30, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2016-05-20 20:27:57, Info CSI 00000124 [SR] Verify complete
2016-05-20 20:27:59, Info CSI 00000125 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:27:59, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2016-05-20 20:28:29, Info CSI 00000134 [SR] Verify complete
2016-05-20 20:28:31, Info CSI 00000135 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:28:31, Info CSI 00000136 [SR] Beginning Verify and Repair transaction
2016-05-20 20:29:36, Info CSI 00000138 [SR] Verify complete
2016-05-20 20:29:37, Info CSI 00000139 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:29:37, Info CSI 0000013a [SR] Beginning Verify and Repair transaction
2016-05-20 20:30:06, Info CSI 0000013c [SR] Verify complete
2016-05-20 20:30:07, Info CSI 0000013d [SR] Verifying 100 (0x00000064) components
2016-05-20 20:30:07, Info CSI 0000013e [SR] Beginning Verify and Repair transaction
2016-05-20 20:30:55, Info CSI 00000140 [SR] Verify complete
2016-05-20 20:30:57, Info CSI 00000141 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:30:57, Info CSI 00000142 [SR] Beginning Verify and Repair transaction
2016-05-20 20:31:01, Info CSI 00000144 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:31:06, Info CSI 00000146 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:31:06, Info CSI 00000147 [SR] This component was referenced by [l:160{80}]"Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-187_neutral_GDR"
2016-05-20 20:31:07, Info CSI 0000014a [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted
2016-05-20 20:31:10, Info CSI 0000014c [SR] Verify complete
2016-05-20 20:31:12, Info CSI 0000014d [SR] Verifying 100 (0x00000064) components
2016-05-20 20:31:12, Info CSI 0000014e [SR] Beginning Verify and Repair transaction
2016-05-20 20:31:30, Info CSI 00000150 [SR] Verify complete
2016-05-20 20:31:33, Info CSI 00000151 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:31:33, Info CSI 00000152 [SR] Beginning Verify and Repair transaction
2016-05-20 20:31:47, Info CSI 00000155 [SR] Verify complete
2016-05-20 20:31:49, Info CSI 00000156 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:31:49, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2016-05-20 20:32:40, Info CSI 00000159 [SR] Verify complete
2016-05-20 20:32:41, Info CSI 0000015a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:32:41, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2016-05-20 20:33:39, Info CSI 0000015d [SR] Verify complete
2016-05-20 20:33:42, Info CSI 0000015e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:33:42, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2016-05-20 20:33:44, Info CSI 00000161 [SR] Cannot repair member file [l:34{17}]"Solitaire.exe.mui" of Microsoft-Windows-Shell-InboxGames-Solitaire.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:34:00, Info CSI 00000163 [SR] Cannot repair member file [l:34{17}]"Solitaire.exe.mui" of Microsoft-Windows-Shell-InboxGames-Solitaire.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:34:00, Info CSI 00000164 [SR] This component was referenced by [l:188{94}]"Microsoft-Windows-Shell-InboxGames-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386.Solitaire"
2016-05-20 20:34:00, Info CSI 00000167 [SR] Could not reproject corrupted file [ml:520{260},l:104{52}]"\??\C:\Program Files\Microsoft Games\Solitaire\en-US"\[l:34{17}]"Solitaire.exe.mui"; source file in store is also corrupted
2016-05-20 20:34:01, Info CSI 00000169 [SR] Verify complete
2016-05-20 20:34:03, Info CSI 0000016a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:34:03, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2016-05-20 20:34:36, Info CSI 0000016d [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:34:43, Info CSI 0000016f [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:34:43, Info CSI 00000170 [SR] This component was referenced by [l:158{79}]"Package_20_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-33_neutral_GDR"
2016-05-20 20:34:43, Info CSI 00000173 [SR] Could not reproject corrupted file [ml:520{260},l:72{36}]"\??\C:\Program Files\Windows Sidebar"\[l:24{12}]"settings.ini"; source file in store is also corrupted
2016-05-20 20:34:59, Info CSI 00000175 [SR] Verify complete
2016-05-20 20:35:00, Info CSI 00000176 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:35:00, Info CSI 00000177 [SR] Beginning Verify and Repair transaction
2016-05-20 20:35:23, Info CSI 00000179 [SR] Verify complete
2016-05-20 20:35:26, Info CSI 0000017a [SR] Verifying 100 (0x00000064) components
2016-05-20 20:35:26, Info CSI 0000017b [SR] Beginning Verify and Repair transaction
2016-05-20 20:36:00, Info CSI 0000017d [SR] Verify complete
2016-05-20 20:36:02, Info CSI 0000017e [SR] Verifying 100 (0x00000064) components
2016-05-20 20:36:02, Info CSI 0000017f [SR] Beginning Verify and Repair transaction
2016-05-20 20:36:44, Info CSI 00000182 [SR] Verify complete
2016-05-20 20:36:46, Info CSI 00000183 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:36:46, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2016-05-20 20:37:04, Info CSI 00000186 [SR] Verify complete
2016-05-20 20:37:06, Info CSI 00000187 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:37:06, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2016-05-20 20:37:28, Info CSI 0000018a [SR] Verify complete
2016-05-20 20:37:30, Info CSI 0000018b [SR] Verifying 100 (0x00000064) components
2016-05-20 20:37:30, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2016-05-20 20:37:48, Info CSI 0000018e [SR] Verify complete
2016-05-20 20:37:49, Info CSI 0000018f [SR] Verifying 100 (0x00000064) components
2016-05-20 20:37:49, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2016-05-20 20:38:10, Info CSI 00000193 [SR] Verify complete
2016-05-20 20:38:12, Info CSI 00000194 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:38:12, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2016-05-20 20:38:38, Info CSI 00000197 [SR] Verify complete
2016-05-20 20:38:40, Info CSI 00000198 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:38:40, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2016-05-20 20:39:01, Info CSI 0000019b [SR] Verify complete
2016-05-20 20:39:03, Info CSI 0000019c [SR] Verifying 100 (0x00000064) components
2016-05-20 20:39:03, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2016-05-20 20:39:09, Info CSI 0000019f [SR] Verify complete
2016-05-20 20:39:11, Info CSI 000001a0 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:39:11, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2016-05-20 20:39:33, Info CSI 000001a3 [SR] Verify complete
2016-05-20 20:39:35, Info CSI 000001a4 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:39:35, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2016-05-20 20:39:58, Info CSI 000001a7 [SR] Verify complete
2016-05-20 20:40:00, Info CSI 000001a8 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:40:00, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2016-05-20 20:40:16, Info CSI 000001ab [SR] Verify complete
2016-05-20 20:40:17, Info CSI 000001ac [SR] Verifying 100 (0x00000064) components
2016-05-20 20:40:17, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2016-05-20 20:40:54, Info CSI 000001af [SR] Verify complete
2016-05-20 20:40:55, Info CSI 000001b0 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:40:55, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2016-05-20 20:41:08, Info CSI 000001b3 [SR] Verify complete
2016-05-20 20:41:09, Info CSI 000001b4 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:41:09, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2016-05-20 20:41:21, Info CSI 000001b7 [SR] Verify complete
2016-05-20 20:41:22, Info CSI 000001b8 [SR] Verifying 100 (0x00000064) components
2016-05-20 20:41:22, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2016-05-20 20:41:41, Info CSI 000001c4 [SR] Verify complete
2016-05-20 20:41:41, Info CSI 000001c5 [SR] Verifying 36 (0x00000024) components
2016-05-20 20:41:41, Info CSI 000001c6 [SR] Beginning Verify and Repair transaction
2016-05-20 20:41:46, Info CSI 000001c8 [SR] Verify complete
2016-05-20 20:41:46, Info CSI 000001c9 [SR] Repairing 3 components
2016-05-20 20:41:46, Info CSI 000001ca [SR] Beginning Verify and Repair transaction
2016-05-20 20:41:46, Info CSI 000001cc [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:41:46, Info CSI 000001ce [SR] Cannot repair member file [l:34{17}]"Solitaire.exe.mui" of Microsoft-Windows-Shell-InboxGames-Solitaire.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:41:46, Info CSI 000001d0 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:41:46, Info CSI 000001d2 [SR] Cannot repair member file [l:34{17}]"Solitaire.exe.mui" of Microsoft-Windows-Shell-InboxGames-Solitaire.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:41:46, Info CSI 000001d3 [SR] This component was referenced by [l:188{94}]"Microsoft-Windows-Shell-InboxGames-Package~31bf3856ad364e35~x86~en-US~6.0.6000.16386.Solitaire"
2016-05-20 20:41:46, Info CSI 000001d6 [SR] Could not reproject corrupted file [ml:520{260},l:104{52}]"\??\C:\Program Files\Microsoft Games\Solitaire\en-US"\[l:34{17}]"Solitaire.exe.mui"; source file in store is also corrupted
2016-05-20 20:41:46, Info CSI 000001d8 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:41:46, Info CSI 000001d9 [SR] This component was referenced by [l:160{80}]"Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-187_neutral_GDR"
2016-05-20 20:41:46, Info CSI 000001dc [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted
2016-05-20 20:41:46, Info CSI 000001de [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2016-05-20 20:41:46, Info CSI 000001df [SR] This component was referenced by [l:158{79}]"Package_20_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-33_neutral_GDR"
2016-05-20 20:41:46, Info CSI 000001e2 [SR] Could not reproject corrupted file [ml:520{260},l:72{36}]"\??\C:\Program Files\Windows Sidebar"\[l:24{12}]"settings.ini"; source file in store is also corrupted
2016-05-20 20:41:46, Info CSI 000001e4 [SR] Repair complete
2016-05-20 20:41:47, Info CSI 000001e5 [SR] Committing transaction
2016-05-20 20:41:47, Info CSI 000001e9 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-05-2016
Ran by Stevo (administrator) on AGNES (21-05-2016 08:18:30)
Running from C:\Users\Stevo.Agnes\Downloads
Loaded Profiles: Stevo (Available Profiles: Stevo & Stevo.old)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(UPEK Inc.) C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Simnet Ltd. ) C:\Program Files\Simnet\Simple Sticky Notes\ssn.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(KMP Media co.,Ltd) C:\Program Files\The KMPlayer\KMPlayer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
( ) C:\Users\Stevo.Agnes\Desktop\VEW.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-05-10] (Synaptics, Inc.)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [avast] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4297136 2012-10-31] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-08-04] (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll [2007-04-17] (UPEK Inc.)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [Simple Sticky Notes] => C:\Program Files\Simnet\Simple Sticky Notes\ssn.exe [552096 2013-05-25] (Simnet Ltd. )
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\photoscreensaver.scr [704512 2008-01-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli psqlpwd
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2012-10-31] (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2009-08-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Fingerprint Reader Suite\farchns.dll [2007-04-17] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Fingerprint Reader Suite\farchns.dll [2007-04-17] (UPEK Inc.)
Startup: C:\Users\Stevo.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2008-08-13]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Stevo.old\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-02-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Stevo.Agnes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Stevo.old_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2008-08-04]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C50C14DC-FFFF-4833-96AA-E3AA1792C207}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131071703050538729&GUID=8DAB5BAA-6A9E-4D5E-A184-CC50DD57C51A
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.joinred.com/
SearchScopes: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> DefaultScope E7553573543A49A0909FAAD87F40D908 URL = hxxp://yandex.com/yandsearch?win=160&clid=1989596&text={searchTerms}
SearchScopes: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> E7553573543A49A0909FAAD87F40D908 URL = hxxp://yandex.com/yandsearch?win=160&clid=1989596&text={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-10-31] (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll [2001-08-10] ()
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-10-31] (AVAST Software)
Toolbar: HKU\S-1-5-21-3227243064-1642654041-612091633-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems Incorporated)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()
FireFox:
========
FF ProfilePath: C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-05-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 8\npnitromozilla.dll [2012-11-29] (Nitro PDF)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.14 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2009-02-05] (Veetle, Inc.)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.14 -> C:\Program Files\Veetle\Player\npvlc.dll [2009-02-13] (VideoLAN Team)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin HKU\S-1-5-21-3227243064-1642654041-612091633-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2008-06-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-02-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-09-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-09-20] (Apple Inc.)
FF SearchPlugin: C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\searchplugins\yandex.com-161732.xml [2015-01-24]
FF Extension: Performance Cache - C:\Users\Stevo.Agnes\AppData\Roaming\Mozilla\Firefox\Profiles\f3h28uym.default\Extensions\[email protected] [2008-01-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-03-30] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-02-20]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.yandex.com/?__PARAM__from=chromehp
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR Profile: C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-07]
CHR Extension: (avast! WebRep) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-03-31]
CHR Extension: (YousableTubeFix for Chrome) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchfimlohbodnpamghfgfgabbnfajpbe [2013-03-21]
CHR Extension: (Boomerang for Gmail) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-05-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stevo.Agnes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-07]
CHR HKLM\...\Chrome\Extension: [cncgohepihcekklokhbhiblhfcmipbdh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gehngeifmelphpllncobkmimphfkckne] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2012-10-31]
Opera:
=======
OPR StartupUrls: "hxxp://www.yandex.com/?win=160&clid=1989595"
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
S4 emaudsv; C:\Windows\system32\emaudsv.exe [20992 2007-11-26] (E-MU Systems)
S4 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-01-13] (Macrovision Europe Ltd.) [File not signed]
S4 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-08-04] (Citrix Online, a division of Citrix Systems, Inc.)
S4 hasplms; C:\Windows\system32\hasplms.exe [2558464 2008-03-19] (Aladdin Knowledge Systems Ltd.)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S4 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2012-11-29] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2008-05-19] (Dell Inc.) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [350720 2008-03-18] (Aladdin Knowledge Systems Ltd.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [238976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [14976 2007-07-05] (Aladdin Knowledge Systems Ltd.)
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [35928 2012-10-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software)
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [625152 2008-08-02] (Microsoft Corporation) [File not signed]
S3 emusba10; C:\Windows\System32\DRIVERS\emusba10.sys [163352 2007-11-26] (E-MU Systems)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-21] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [56572 2008-11-02] (PowerISO Computing, Inc.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-12-12] (Duplex Secure Ltd.)
S3 SRBoxDRv; C:\Windows\System32\Drivers\SRBoxDRv.sys [11776 2006-04-12] (Psychology Software Tools) [File not signed]
U3 anvnwc6h; C:\Windows\system32\Drivers\anvnwc6h.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
U3 aoh1dcbs; C:\Windows\system32\Drivers\aoh1dcbs.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-21 08:18 - 2016-05-21 08:19 - 00023316 _____ C:\Users\Stevo.Agnes\Downloads\FRST.txt
2016-05-20 21:33 - 2016-05-20 21:33 - 00061440 _____ ( ) C:\Users\Stevo.Agnes\Desktop\VEW.exe
2016-05-20 19:45 - 2016-05-20 19:49 - 00194016 _____ C:\TDSSKiller.3.1.0.9_20.05.2016_19.45.31_log.txt
2016-05-20 19:42 - 2016-05-20 19:45 - 00191492 _____ C:\TDSSKiller.3.1.0.9_20.05.2016_19.42.39_log.txt
2016-05-20 19:40 - 2016-05-20 19:40 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Stevo.Agnes\Desktop\tdsskiller.exe
2016-05-20 19:36 - 2016-05-20 19:36 - 00029399 _____ C:\ComboFix.txt
2016-05-20 18:38 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-20 18:38 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-20 18:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-20 18:38 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-20 18:37 - 2016-05-20 19:36 - 00000000 ____D C:\Qoobox
2016-05-20 18:36 - 2016-05-20 19:32 - 00000000 ____D C:\Windows\erdnt
2016-05-20 18:36 - 2016-05-20 18:36 - 05659526 ____R (Swearware) C:\Users\Stevo.Agnes\Desktop\ComboFix.exe
2016-05-20 18:34 - 2016-05-20 18:34 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2016-05-20 18:33 - 2013-10-16 16:40 - 04009167 _____ C:\Users\Stevo.Agnes\Desktop\ServicesRepair.exe
2016-05-20 18:29 - 2016-05-20 18:30 - 00014922 _____ C:\Users\Stevo.Agnes\Downloads\Fixlog.txt
2016-05-20 18:27 - 2016-05-20 18:28 - 01732608 _____ (Farbar) C:\Users\Stevo.Agnes\Downloads\FRST.exe
2016-05-17 09:58 - 2016-05-17 09:58 - 00298819 _____ C:\Users\Stevo.Agnes\Downloads\WNL-Still-no-flying-cars-The-future-promises-something-better-int.pdf
2016-05-13 10:18 - 2016-05-13 10:21 - 00000000 ____D C:\Users\Stevo.Agnes\Desktop\SM - Matej
2016-05-12 13:39 - 2016-05-12 13:39 - 00310128 _____ C:\Users\Stevo.Agnes\Downloads\WNL-Wealth-therapy-for-the-rich-int.pdf
2016-05-12 13:38 - 2016-05-12 13:38 - 00321309 _____ C:\Users\Stevo.Agnes\Downloads\WNL-Wealth-therapy-for-the-rich-adv.pdf
2016-05-12 13:27 - 2016-05-12 13:28 - 00420192 _____ () C:\Users\Stevo.Agnes\Downloads\DellSystemDetectLauncher.exe
2016-05-12 13:15 - 2016-05-12 13:15 - 00000000 ____D C:\Windows\pss
2016-05-10 19:08 - 2016-05-10 19:08 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\LocalLow\uTorrent
2016-05-10 13:32 - 2016-05-10 13:33 - 00304940 _____ C:\Users\Stevo.Agnes\Downloads\WNL-Vienna-named-worlds-top-city-for-quality-of-life-int.pdf
2016-05-09 22:35 - 2016-05-11 06:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-09 20:13 - 2016-05-09 20:15 - 00000000 ____D C:\Users\Stevo.Agnes\Downloads\Game.of.Thrones.S06E03.HDTV.x264-KILLERS[ettv]
2016-05-09 10:47 - 2016-05-21 03:42 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-09 10:46 - 2016-05-09 10:46 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-09 10:45 - 2016-05-09 10:45 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-09 10:45 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-09 10:45 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-09 10:45 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-09 09:55 - 2016-05-09 09:55 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\ProductData
2016-05-09 09:55 - 2016-05-09 09:55 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\LocalLow\IObit
2016-05-09 09:54 - 2016-05-09 09:56 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\IObit
2016-05-09 09:54 - 2016-05-09 09:55 - 00000000 ____D C:\Program Files\IObit
2016-05-09 09:54 - 2016-05-09 09:54 - 00001931 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-05-08 20:11 - 2016-05-08 20:11 - 00056768 _____ C:\Users\Stevo.Agnes\Desktop\Nejtiv-LOGO.pdf
2016-05-08 14:07 - 2016-05-08 14:07 - 00000000 ____D C:\Windows\system32\Lang
2016-05-08 14:07 - 2008-01-29 09:46 - 00920088 _____ (Intel® Corporation) C:\Windows\system32\igxpun.exe
2016-05-08 14:07 - 2006-11-10 16:25 - 00319456 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll
2016-05-08 14:05 - 2008-01-29 09:47 - 00530968 _____ (Intel Corporation) C:\Windows\system32\igfxcfg.exe
2016-05-08 14:05 - 2008-01-29 09:47 - 00170520 _____ (Intel Corporation) C:\Windows\system32\igfxzoom.exe
2016-05-08 14:05 - 2008-01-29 09:47 - 00170520 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2016-05-08 14:05 - 2008-01-29 09:47 - 00141848 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2016-05-07 06:48 - 2016-05-21 08:18 - 00000000 ____D C:\FRST
2016-05-07 06:31 - 2016-05-07 06:38 - 00380240 _____ C:\Users\Stevo.Agnes\Desktop\cc_20160507_063101.reg
2016-05-06 21:37 - 2016-05-09 15:06 - 00000927 _____ C:\Users\Stevo.Agnes\Desktop\zdroje_MO.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-21 08:05 - 2013-07-15 18:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-21 08:02 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-21 08:02 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-21 06:30 - 2010-03-31 12:14 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 04:09 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2016-05-20 20:08 - 2012-08-12 14:45 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-20 20:08 - 2011-08-18 18:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-20 20:06 - 2010-03-31 12:14 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-20 20:05 - 2012-06-01 09:40 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Local\TSVNCache
2016-05-20 20:02 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-20 20:01 - 2006-11-02 15:01 - 00032614 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-20 19:24 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2016-05-17 10:06 - 2012-06-01 13:58 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\Skype
2016-05-13 10:19 - 2008-08-04 17:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-05-13 10:16 - 2008-08-04 17:31 - 00000000 ____D C:\Program Files\Adobe
2016-05-13 08:00 - 2014-07-30 21:29 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\uTorrent
2016-05-13 07:59 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2016-05-12 08:59 - 2012-06-01 09:46 - 00084992 ____H C:\Users\Stevo.Agnes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-12 07:34 - 2012-06-01 14:19 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\Dropbox
2016-05-11 21:56 - 2013-04-17 17:13 - 00000000 ____D C:\Users\Stevo.Agnes\Documents\DesktopReminder
2016-05-11 12:34 - 2014-02-16 13:49 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 08:56 - 2006-11-02 12:24 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-05-11 06:54 - 2012-05-28 08:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-05-10 19:08 - 2012-06-02 12:38 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\LocalLow\Temp
2016-05-10 18:45 - 2013-03-01 21:13 - 00000000 ____D C:\Program Files\Diablo II
2016-05-10 18:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Help
2016-05-10 13:14 - 2012-06-10 19:38 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Roaming\vlc
2016-05-09 10:35 - 2012-08-20 12:01 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\LocalLow\Unity
2016-05-09 10:35 - 2012-08-20 12:01 - 00000000 ____D C:\Users\Stevo.Agnes\AppData\Local\Unity
2016-05-09 09:50 - 2012-06-01 09:42 - 00000000 ____D C:\Users\Stevo.Agnes\.jedit
2016-05-08 14:11 - 2012-06-01 09:39 - 00000000 ____D C:\Users\Stevo.Agnes
2016-05-08 14:06 - 2008-08-13 17:33 - 00000000 ____D C:\Intel
2016-05-08 14:05 - 2008-08-04 19:56 - 00000000 ____D C:\DELL
2016-05-08 13:20 - 2006-11-02 13:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-04-21 15:05 - 2010-09-16 08:22 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2012-06-01 14:05 - 2012-06-01 14:05 - 0000600 _____ () C:\Users\Stevo.Agnes\AppData\Roaming\winscp.rnd
2012-06-01 11:37 - 2015-02-21 18:24 - 0006648 _____ () C:\Users\Stevo.Agnes\AppData\Local\d3d9caps.dat
2012-06-01 09:46 - 2016-05-12 08:59 - 0084992 ____H () C:\Users\Stevo.Agnes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-01 14:06 - 2012-06-01 14:19 - 0000600 _____ () C:\Users\Stevo.Agnes\AppData\Local\PUTTY.RND
2013-05-17 02:42 - 2013-05-17 02:42 - 0001360 _____ () C:\Users\Stevo.Agnes\AppData\Local\recently-used.xbel
2009-02-03 19:54 - 2009-02-03 19:54 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2010-09-20 12:39 - 2010-09-20 16:12 - 0004465 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-21 08:14
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-05-2016
Ran by Stevo (2016-05-21 08:21:25)
Running from C:\Users\Stevo.Agnes\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) (2008-08-04 10:10:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3227243064-1642654041-612091633-500 - Administrator - Disabled)
Guest (S-1-5-21-3227243064-1642654041-612091633-501 - Limited - Enabled)
Stevo (S-1-5-21-3227243064-1642654041-612091633-1000 - Administrator - Enabled) => C:\Users\Stevo.Agnes
Stevo.old (S-1-5-21-3227243064-1642654041-612091633-1001 - Administrator - Enabled) => C:\Users\Stevo.old
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 4.1.1 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) Hidden
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM\...\Adobe_8bb24e071e5922899698c2105557bd2) (Version: 1.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Muse (HKLM\...\AdobeMuse) (Version: 5.0.704 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-041B-0000-0000000FF1CE}_PROPLUS_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-041B-0000-0000000FF1CE}_PROPLUS_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-041B-0000-0000000FF1CE}_PROPLUS_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft)
akustyk (HKLM\...\akustyk) (Version: - )
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
avast! Free Antivirus (HKLM\...\avast) (Version: 7.0.1474.0 - AVAST Software)
Banctec Service Agreement (HKLM\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.01 - Broadcom Corporation)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
calibre (HKLM\...\{DA9E9010-058B-4159-8CC5-28298D90AE7B}) (Version: 0.7.49 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Desktop-Reminder 2 (HKLM\...\Desktop-Reminder 2) (Version: 2.56 - Polenter - Software Solutions)
Desktop-Reminder 2 (Version: 2.56 - Polenter - Software Solutions) Hidden
Diablo II (HKLM\...\Diablo II) (Version: - )
Diablo II (HKU\S-1-5-21-3227243064-1642654041-612091633-1000\...\Diablo II) (Version: - )
DMDX (HKLM\...\{D64B6C54-1BBF-4E72-B535-6FE3E0AFFEDF}) (Version: 1.0.0.0 - University of Arizona Psychology Dept.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
eM Client (HKLM\...\{B1E24C9A-ADF2-491A-AE71-12F4C66218E7}) (Version: 5.0.18025.0 - eM Client Inc.)
Email Verifier (HKLM\...\Email Verifier) (Version: - Live Software Inc)
Email Verifier (Version: 6.2 - Live Software Inc) Hidden
Emu Patch version 2.2.4_2 (HKLM\...\Emu Patch_is1) (Version: 2.2.4_2 - University Munich)
Emu Speech Tools (HKLM\...\Emu_is1) (Version: 2.2.4 - University Munich)
E-MU USB Audio (HKLM\...\{1C99893D-BC98-4456-AA3E-B67AB42301A6}) (Version: 1.0 - )
English Pronouncing Dictionary (HKLM\...\English Pronouncing Dictionary) (Version: - )
E-Prime 2.0 (2.0.8.22) (HKLM\...\{ADF3275B-23D9-4714-B357-4DED9D6EE705}) (Version: 2.0.08022 - Psychology Software Tools, Inc.)
Epson Easy Photo Print 2 (HKLM\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX125 Series Manual (HKLM\...\EPSON SX125 Series Manual) (Version: - )
EPSON SX125 Series Printer Uninstall (HKLM\...\EPSON SX125 Series) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Fingerprint Reader Suite 5.6 (HKLM\...\{A2289997-10A3-48F2-AA03-99180D761661}) (Version: 5.6.2.3476 - UPEK Inc.)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
Hardcore (HKLM\...\Hardcore) (Version: - Image-Line)
IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.3.0.138 - IObit)
IPA/SAM Phonetics Fonts (HKLM\...\IPA/SAM Phonetic Fonts_is1) (Version: - University College London)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.5.3104.1 - Creative)
Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2007a (HKLM\...\MatlabR2007a) (Version: 7.4 - The MathWorks, Inc.)
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
Mozilla Thunderbird 17.0.7 (x86 en-US) (HKLM\...\Mozilla Thunderbird 17.0.7 (x86 en-US)) (Version: 17.0.7 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Micro 8.1.1.4 (HKLM\...\Nero8Lite_is1) (Version: 8.1.1.4 - Updatepack.nl)
Nitro Pro 8 (HKLM\...\{F70D8C2A-9320-4DDC-8693-6E7DEAA5B096}) (Version: 8.0.9.8 - Nitro)
Notepad++ (HKLM\...\Notepad++) (Version: 5.8.7 - )
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PCFriendly (HKLM\...\PCFriendly) (Version: - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
PoiZone (HKLM\...\PoiZone) (Version: - Image-Line)
PowerISO (HKLM\...\PowerISO) (Version: - )
pzizz (HKLM\...\pzizz) (Version: 2.7.3.0 - Brainwave)
QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.)
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
R for Windows 2.10.0 (HKLM\...\R for Windows 2.10.0_is1) (Version: 2.10.0 - R Development Core Team)
Sawer (HKLM\...\Sawer) (Version: - Image-Line)
Simple Sticky Notes 2.1 (HKLM\...\Simple Sticky Notes_is1) (Version: - Simnet Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Noise Reduction Plug-In 2.0e (HKLM\...\{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}) (Version: 2.0.444 - Sony)
Sony Sound Forge 9.0 (HKLM\...\{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}) (Version: 9.0.297 - Sony)
SPSS 16.0 (HKLM\...\{9A657E90-E2B7-44DE-8929-055948162595}) (Version: 16.0.0 - SPSS Inc.)
Sublime Text 2.0.1 (HKLM\...\Sublime Text 2_is1) (Version: - )
Subversion (HKLM\...\{522C39C5-F781-49E5-AE1D-FE8A16B1A61A}) (Version: 1.6.6 - CollabNet)
The Bridge (HKLM\...\The Bridge_is1) (Version: - )
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.4.0.55 - KMP Media co., Ltd)
TortoiseSVN 1.6.6.17493 (32 bit) (HKLM\...\{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}) (Version: 1.6.17493 - TortoiseSVN)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50 - C. Ghisler & Co.)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)
Transcriber 1.5.1 (HKLM\...\Transcriber_is1) (Version: - DGA)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Veetle TV 0.9.14 (HKLM\...\Veetle TV) (Version: 0.9.14 - Veetle, Inc)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Mail (HKLM\...\{184E7118-0295-43C4-B72C-1D54AA75AAF7}) (Version: 12.0.1606.1023 - Microsoft Corporation)
Windows Live Photo Gallery (HKLM\...\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}) (Version: 12.0.1329.0201 - Microsoft Corporation)
Windows Live Writer (HKLM\...\{9176251A-4CC1-4DDB-B343-B487195EB397}) (Version: 12.0.1370.0325 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 4.1.6 (HKLM\...\winscp3_is1) (Version: 4.1.6 - Martin Prikryl)
XNote Stopwatch (HKLM\...\XNote Stopwatch) (Version: 1.63 - dnSoft Research Group)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3227243064-1642654041-612091633-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0090489B-E1D5-4736-99C6-AA7B25EF255B} - System32\Tasks\{1C71A993-704C-489F-BFA0-F75B6BDDE21A} => pcalua.exe -a "C:\Downloads\Nero 7 Premium\Nero_7_Premium.exe" -d "C:\Downloads\Nero 7 Premium"
Task: {03734FDB-CC5C-479B-A36E-FC7F47A9D56F} - System32\Tasks\AdobeAAMUpdater-1.0-Agnes-Stevo => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {0CB9BF4C-D160-4244-973F-46620F8EBD28} - System32\Tasks\{147ED7DF-D319-4976-B64E-3CF7E2C4A18E} => pcalua.exe -a C:\Windows\System32\igfxcfg.exe -d C:\Windows\system32
Task: {1699F5AF-65A3-428D-81C9-D7C219B29F28} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {2B53710A-5AA0-4BDE-B162-04E771C4A787} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {36E83CD5-08ED-4159-94FA-4B5040A12616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3A14D099-9E0C-4C65-8568-57BE42B7E39B} - System32\Tasks\{58F050AE-3EA9-4F50-84BF-66FD009CF0EE} => pcalua.exe -a "C:\Program Files\Sony Setup\Vegas Pro 8.0\Setup.exe" -d "C:\Program Files\Sony Setup\Vegas Pro 8.0"
Task: {488733A4-D06E-4AE3-A5A2-1EAEBE6964E3} - System32\Tasks\{D3D566E7-3204-4E2E-AC4D-E7B05105FEE6} => pcalua.exe -a C:\Users\Stevo\Documents\administrative\Diam_soft\Matlab\Program\setup.exe -d C:\Users\Stevo\Documents\administrative\Diam_soft\Matlab\Program
Task: {531D29CD-3309-487B-BC5B-2ED4A6757FDC} - System32\Tasks\{9A7F3D14-59DE-49FA-B04C-CE19F451F6F8} => Chrome.exe hxxp://ui.skype.com/ui/0/7.22.0.109/sk/abandoninstall?page=tsProgressBar
Task: {6E378AB6-BDDE-421D-8341-CF61A36FA4E7} - System32\Tasks\RunAsStdUser Task => c:\program files\matlab\r2010a\MATLAB R2010a.lnk [2011-08-04] ()
Task: {83C972DA-1518-46A7-B1B4-7942845AA8C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-20] (Adobe Systems Incorporated)
Task: {ABABE7CA-2DCB-48F6-B9F6-DD781E8CA566} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D18C4988-57CC-481E-A024-58E547C658E6} - System32\Tasks\Uninstaller_SkipUac_Stevo => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-25] (IObit)
Task: {FD25EE92-C12C-421A-B96F-92EA97BC0C8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {FE930BAA-C912-4B10-A747-B909BEF06C79} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2016-04-11] (Avast Software s.r.o.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1280,800
ShortcutWithArgument: C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1280,800
==================== Loaded Modules (Whitelisted) ==============
2008-08-04 17:29 - 2008-05-19 08:26 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2008-08-04 17:29 - 2008-05-19 08:25 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2016-05-20 19:26 - 2016-05-20 18:03 - 02926592 _____ () C:\Program Files\Alwil Software\Avast5\defs\16052006\algo.dll
2009-12-11 17:24 - 2001-08-10 15:23 - 00388608 _____ () C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll
2010-11-08 17:15 - 2010-11-08 17:15 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll
2013-03-01 21:24 - 2013-03-01 21:24 - 00043520 _____ () C:\Windows\system32\CmdLineExt03.dll
2009-10-20 01:11 - 2009-10-20 01:11 - 00101128 _____ () C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
2013-06-03 14:44 - 2012-12-04 21:19 - 00378368 _____ () C:\Program Files\Simnet\Simple Sticky Notes\sqlite3.dll
2012-10-31 10:59 - 2012-10-31 10:59 - 04562432 _____ () C:\Program Files\The KMPlayer\libcodec.dll
2008-12-05 09:42 - 2008-12-05 09:42 - 00123036 _____ () C:\Program Files\The KMPlayer\libmad.dll
2012-10-31 10:59 - 2012-10-31 10:59 - 00538112 _____ () C:\Program Files\The KMPlayer\libmplay.dll
2016-05-08 10:05 - 2016-05-08 10:06 - 19403968 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2016-05-20 19:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3227243064-1642654041-612091633-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stevo.Agnes\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: emaudsv => 2
MSCONFIG\Services: EPSON_EB_RPCV4_04 => 2
MSCONFIG\Services: EPSON_PM_RPCV4_04 => 2
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hasplms => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\startupfolder: C:^Users^Stevo.Agnes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: DesktopReminder2ByPolenter => "C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe" -silent
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: OEM02Mon.exe => C:\Windows\OEM02Mon.exe
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{AD5CFB18-5D42-4032-ADB9-EDF4969E3EA7}] => (Allow) LPort=80
FirewallRules: [{8FC3E496-32D4-4404-9A9E-66167CDA935C}] => (Allow) LPort=80
FirewallRules: [{E974353A-C32F-4379-9E0B-168CDDFB689D}] => (Allow) LPort=80
==================== Restore Points =========================
10-05-2016 07:12:09 Windows Update
10-05-2016 21:57:17 Windows Update
11-05-2016 07:35:46 Windows Update
11-05-2016 08:30:10 Windows Update
13-05-2016 07:51:57 Windows Update
16-05-2016 18:28:47 Scheduled Checkpoint
17-05-2016 08:31:37 Scheduled Checkpoint
17-05-2016 09:35:48 Windows Update
18-05-2016 12:04:15 Scheduled Checkpoint
19-05-2016 14:58:24 Scheduled Checkpoint
20-05-2016 07:23:21 Windows Update
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/20/2016 08:06:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (05/20/2016 08:04:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/20/2016 08:03:30 PM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY)
Description: STacSV connection to InputMonitor COM interface failed
System errors:
=============
Error: (05/21/2016 08:16:51 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a46\SystemRoot\System32\Config\RegBack\COMPONENTS
Error: (05/21/2016 08:01:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (05/21/2016 08:01:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (05/20/2016 08:06:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Microsoft .NET Framework NGEN v4.0.30319_X8611200001Restart the service
Error: (05/20/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (05/20/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: MBAMWebAccessControlBFE
Error: (05/20/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: MBAMWebAccessControlBFE
Error: (05/20/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (05/20/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (05/20/2016 08:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
CodeIntegrity:
===================================
Date: 2016-05-21 08:21:23.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-05-21 08:21:20.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-05-21 08:21:19.728
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-05-21 08:21:18.614
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-05-21 08:21:17.574
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-05-21 08:21:16.589
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-05-21 08:20:46.824
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-05-21 08:20:46.165
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-05-21 08:20:45.494
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-05-21 08:20:44.831
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 68%
Total physical RAM: 3573.12 MB
Available physical RAM: 1118.4 MB
Total Virtual: 7345.22 MB
Available Virtual: 4732.59 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:285.5 GB) (Free:5.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 78000000)
Partition 1: (Not Active) - (Size=94 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================