Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I've got a nasty infection. Total Codec Pack.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 9th, 2014, 1:00 pm

Hi pgmigg,

I was able to shutdown, wait over a minute, then switch on my computer. I then restarted it again, all without the black screen problem. I just completed step 3, and here is the log file:

Zoek.exe v5.0.0.0 Updated 07-October-2014
Tool run by Rob on Thu 10/09/2014 at 11:15:40.92.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rob\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

10/9/2014 11:18:11 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2186564753-274233747-90243057-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CF02F5E1-5DBE-4BA9-B4D3-5BD1E66FD5F7} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.9 deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~2\SopCast deleted
C:\PROGRA~2\AVG Security Toolbar deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\COMMON~1\AVG Secure Search deleted
C:\extensions.sqlite deleted
C:\Users\Rob\AppData\Roaming\mcp.ico deleted
C:\Users\Rob\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\Avg_Update_0814tb deleted
C:\PROGRA~3\AVG Security Toolbar deleted
C:\PROGRA~3\AVG Secure Search deleted
C:\PROGRA~3\AVG SafeGuard toolbar deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Rob\AppData\Local\AVG SafeGuard toolbar deleted
C:\Users\Rob\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\wininit.ini deleted
C:\Windows\tasks\Wise Care 365.job deleted
C:\Windows\tasks\Wise Turbo Checker.job deleted
C:\windows\SysNative\tasks\Wise Care 365 deleted
C:\windows\SysNative\tasks\Wise Turbo Checker deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Rob\AppData\Roaming\ScanDisc.exe deleted
"C:\PROGRA~2\Coupons\CouponPrinterService.exe" deleted
"C:\PROGRA~2\Coupons\CouponPrinterService.exe" deleted
"C:\PROGRA~2\AVG SafeGuard toolbar\TBAPI.dll" deleted
"C:\PROGRA~2\Coupons" not deleted
"C:\PROGRA~2\Coupons" not deleted
"C:\PROGRA~2\AVG SafeGuard toolbar" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"avg@toolbar"="C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [10/04/2014 10:36 PM]

==== Chromium Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kpckgflgdapkpabemgkielbefdildaio - C:\Users\Rob\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx[]

Google Voice Search Hotword (Beta) - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Poppit - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
Bastion - Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://mysearch.avg.com/?cid=%7BEE31F0F3-E36D-4E2E-ACF5-3716D2B9CAE6%7D&mid=489fa0ee60ed47d3a054d15097a4ad12-b2caa50913269d80d7a53207c62e1096c522756e&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05%2023:08:50&v=18.1.9.799&pid=safeguard&sg=0&sap=hp"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear"
{87EE648D-33A6-4780-AC1D-5E37ACCF2E41} Google Url="https://www.google.com/search?q={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\kpckgflgdapkpabemgkielbefdildaio deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMSTD9A8 will be deleted at reboot
C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=431 folders=275 112785947 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Rob\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Rob\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat" not found
"C:\PROGRA~2\Coupons" not found
"C:\PROGRA~2\Coupons" not found
"C:\PROGRA~2\AVG SafeGuard toolbar" not found
"C:\Users\Rob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMSTD9A8" not found

==== EOF on Thu 10/09/2014 at 11:54:03.37 ======================
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm
Advertisement
Register to Remove

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 9th, 2014, 1:10 pm

Step 4, split in two posts:

12:03:48.0362 0x0e9c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
12:04:01.0802 0x0e9c ============================================================
12:04:01.0802 0x0e9c Current date / time: 2014/10/09 12:04:01.0802
12:04:01.0802 0x0e9c SystemInfo:
12:04:01.0802 0x0e9c
12:04:01.0802 0x0e9c OS Version: 6.1.7601 ServicePack: 1.0
12:04:01.0802 0x0e9c Product type: Workstation
12:04:01.0802 0x0e9c ComputerName: ROB-PC
12:04:01.0805 0x0e9c UserName: Rob
12:04:01.0805 0x0e9c Windows directory: C:\Windows
12:04:01.0805 0x0e9c System windows directory: C:\Windows
12:04:01.0805 0x0e9c Running under WOW64
12:04:01.0805 0x0e9c Processor architecture: Intel x64
12:04:01.0805 0x0e9c Number of processors: 2
12:04:01.0805 0x0e9c Page size: 0x1000
12:04:01.0805 0x0e9c Boot type: Normal boot
12:04:01.0805 0x0e9c ============================================================
12:04:03.0443 0x0e9c KLMD registered as C:\Windows\system32\drivers\84704145.sys
12:04:03.0815 0x0e9c System UUID: {C72E2B4E-B9AE-1811-2566-069676101AAF}
12:04:05.0061 0x0e9c Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 ( 149.01 Gb ), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:04:05.0068 0x0e9c Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:04:05.0087 0x0e9c ============================================================
12:04:05.0087 0x0e9c \Device\Harddisk0\DR0:
12:04:05.0108 0x0e9c MBR partitions:
12:04:05.0108 0x0e9c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
12:04:05.0108 0x0e9c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x115E9800
12:04:05.0108 0x0e9c \Device\Harddisk1\DR1:
12:04:05.0109 0x0e9c MBR partitions:
12:04:05.0109 0x0e9c \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
12:04:05.0109 0x0e9c ============================================================
12:04:05.0145 0x0e9c C: <-> \Device\Harddisk0\DR0\Partition2
12:04:05.0180 0x0e9c D: <-> \Device\Harddisk0\DR0\Partition1
12:04:05.0181 0x0e9c G: <-> \Device\Harddisk1\DR1\Partition1
12:04:05.0181 0x0e9c ============================================================
12:04:05.0181 0x0e9c Initialize success
12:04:05.0181 0x0e9c ============================================================
12:04:41.0910 0x0d78 ============================================================
12:04:41.0910 0x0d78 Scan started
12:04:41.0910 0x0d78 Mode: Manual; SigCheck;
12:04:41.0910 0x0d78 ============================================================
12:04:41.0910 0x0d78 KSN ping started
12:04:45.0002 0x0d78 KSN ping finished: true
12:04:46.0400 0x0d78 ================ Scan system memory ========================
12:04:46.0400 0x0d78 System memory - ok
12:04:46.0402 0x0d78 ================ Scan services =============================
12:04:46.0634 0x0d78 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:04:47.0020 0x0d78 1394ohci - ok
12:04:47.0104 0x0d78 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:04:47.0198 0x0d78 ACPI - ok
12:04:47.0242 0x0d78 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:04:47.0379 0x0d78 AcpiPmi - ok
12:04:47.0496 0x0d78 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:04:47.0519 0x0d78 AdobeARMservice - ok
12:04:47.0717 0x0d78 [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:04:47.0771 0x0d78 AdobeFlashPlayerUpdateSvc - ok
12:04:47.0839 0x0d78 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:04:47.0906 0x0d78 adp94xx - ok
12:04:47.0943 0x0d78 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:04:47.0993 0x0d78 adpahci - ok
12:04:48.0044 0x0d78 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:04:48.0098 0x0d78 adpu320 - ok
12:04:48.0148 0x0d78 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:04:48.0441 0x0d78 AeLookupSvc - ok
12:04:48.0535 0x0d78 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
12:04:48.0669 0x0d78 AFD - ok
12:04:48.0721 0x0d78 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
12:04:48.0747 0x0d78 agp440 - ok
12:04:48.0780 0x0d78 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
12:04:48.0867 0x0d78 ALG - ok
12:04:48.0912 0x0d78 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
12:04:48.0963 0x0d78 aliide - ok
12:04:49.0031 0x0d78 [ 68B2C801CDB2B3838E9C27C3C6F66C73, D2E7A062973CB4D1C33A299D5AEFCE943EB59934EBA427F3C99D03A56EFF7A96 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:04:49.0171 0x0d78 AMD External Events Utility - ok
12:04:49.0188 0x0d78 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
12:04:49.0218 0x0d78 amdide - ok
12:04:49.0256 0x0d78 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:04:49.0339 0x0d78 AmdK8 - ok
12:04:49.0936 0x0d78 [ 784C941B5A19D69814F9514CFB733906, 496E78FE91B1D6E146EEB79297C4A131D50875A8385438C376CA58A245D4A77E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:04:50.0699 0x0d78 amdkmdag - ok
12:04:50.0783 0x0d78 [ 954759EAE7FB2591A5E7206AB0093AE7, A47FFCE75767CFE79A1CD2B42DC1FEEC8C65C0E503289DC70B751FECDD9CE9FF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:04:50.0946 0x0d78 amdkmdap - ok
12:04:50.0976 0x0d78 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:04:51.0080 0x0d78 AmdPPM - ok
12:04:51.0133 0x0d78 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:04:51.0161 0x0d78 amdsata - ok
12:04:51.0196 0x0d78 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:04:51.0246 0x0d78 amdsbs - ok
12:04:51.0264 0x0d78 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:04:51.0290 0x0d78 amdxata - ok
12:04:51.0361 0x0d78 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
12:04:51.0552 0x0d78 AppID - ok
12:04:51.0581 0x0d78 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:04:51.0675 0x0d78 AppIDSvc - ok
12:04:51.0713 0x0d78 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
12:04:51.0798 0x0d78 Appinfo - ok
12:04:51.0904 0x0d78 [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:04:51.0925 0x0d78 Apple Mobile Device - ok
12:04:51.0963 0x0d78 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
12:04:52.0035 0x0d78 AppMgmt - ok
12:04:52.0068 0x0d78 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:04:52.0098 0x0d78 arc - ok
12:04:52.0118 0x0d78 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:04:52.0149 0x0d78 arcsas - ok
12:04:52.0305 0x0d78 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:04:52.0361 0x0d78 aspnet_state - ok
12:04:52.0392 0x0d78 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:04:52.0476 0x0d78 AsyncMac - ok
12:04:52.0532 0x0d78 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
12:04:52.0560 0x0d78 atapi - ok
12:04:52.0614 0x0d78 [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:04:52.0718 0x0d78 AtiHDAudioService - ok
12:04:52.0801 0x0d78 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:04:52.0928 0x0d78 AudioEndpointBuilder - ok
12:04:52.0979 0x0d78 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:04:53.0073 0x0d78 AudioSrv - ok
12:04:53.0151 0x0d78 [ CDE60914D4ED81291F0CCFDB2CA311B9, 414D9BFF4E7DA17194695CB99B9E7F82C1616F4C228E6E9087208D290B9ED64D ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
12:04:53.0191 0x0d78 Avgdiska - ok
12:04:53.0402 0x0d78 [ B6E2D865C5936A4FEE68F11E97DF6B82, 02807C38BF6DF72BF49636371BA9CDBC1C531C239DF26930F320ABD937AA1B9D ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
12:04:53.0572 0x0d78 AVGIDSAgent - ok
12:04:53.0636 0x0d78 [ E7E1A0AB30587BF3734A2EC66BBCE743, F2D662A2CC29B9B8C1D7AA3424CAAB18A78C60E9557D992EF14BC15DB1438B54 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:04:53.0687 0x0d78 AVGIDSDriver - ok
12:04:53.0729 0x0d78 [ B0E4A1F342A3F8B75C4A4ADB044761C9, 208D033EE04206FEDFC99102025A53D53EF2D3FB373882776DE43D663BE9A01B ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
12:04:53.0762 0x0d78 AVGIDSHA - ok
12:04:53.0812 0x0d78 [ 5D115BF49AE159D4D7D1EBC640CB138F, F529FB749AB8098B657DEB4637B9B87FA2DE4806F37AC9257542B7E522BA487E ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
12:04:53.0866 0x0d78 Avgldx64 - ok
12:04:53.0922 0x0d78 [ 197F28711B4B71E6575E5298CCEDC737, 16B7A9E59CA5EF8241029E16408CC1DD77004B195C9FE0677DE35A723FCA3DB4 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
12:04:53.0958 0x0d78 Avgloga - ok
12:04:53.0978 0x0d78 [ 22B257B0A8A83924CB96D1BA2A076C2F, BA1E33DC2D76F9347160E159BFB857E673222745409686E32E707EB2847A2520 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
12:04:54.0003 0x0d78 Avgmfx64 - ok
12:04:54.0017 0x0d78 [ C4F9056928B26BCAF15872E46B29184F, 0A1574937D120B8872947C4C68F1706BB9713B0D00AD62BE8082499C944114BA ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
12:04:54.0048 0x0d78 Avgrkx64 - ok
12:04:54.0085 0x0d78 [ 0971913995F5FAFD711B0B2426A175E9, 1009E628997B56697BA976E376A9E9D39082E7057D6EFF37D57FDCA2057B9498 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
12:04:54.0131 0x0d78 Avgtdia - ok
12:04:54.0182 0x0d78 [ 68430AD3FB0FADBFA5D1677617D1E1F5, CF732DD21B472653AB0A4063455F2E7608F3075C255B9882D18CB52026B6C972 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
12:04:54.0214 0x0d78 avgtp - ok
12:04:54.0263 0x0d78 [ D7CBEEA4500BFDC63E99B06A1C512BE8, F8408E339AD022DD78D6C856A330F5A40CAF21F3B0C69FA352D66E3B8E75AA0F ] avgwd C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
12:04:54.0292 0x0d78 avgwd - ok
12:04:54.0369 0x0d78 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:04:54.0468 0x0d78 AxInstSV - ok
12:04:54.0535 0x0d78 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:04:54.0654 0x0d78 b06bdrv - ok
12:04:54.0702 0x0d78 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:04:54.0793 0x0d78 b57nd60a - ok
12:04:55.0102 0x0d78 [ FB4FDA64F2E8552EAEB5986C3F34462C, EFC81E1227339FC721B926633BE15B5476A161452D6D054455F4B1FE87D9B891 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
12:04:55.0227 0x0d78 BCM43XX - ok
12:04:55.0265 0x0d78 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
12:04:55.0345 0x0d78 BDESVC - ok
12:04:55.0377 0x0d78 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
12:04:55.0463 0x0d78 Beep - ok
12:04:55.0558 0x0d78 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
12:04:55.0650 0x0d78 BFE - ok
12:04:55.0728 0x0d78 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
12:04:55.0854 0x0d78 BITS - ok
12:04:55.0895 0x0d78 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:04:55.0936 0x0d78 blbdrive - ok
12:04:56.0069 0x0d78 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:04:56.0101 0x0d78 Bonjour Service - ok
12:04:56.0140 0x0d78 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:04:56.0197 0x0d78 bowser - ok
12:04:56.0240 0x0d78 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:04:56.0347 0x0d78 BrFiltLo - ok
12:04:56.0365 0x0d78 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:04:56.0405 0x0d78 BrFiltUp - ok
12:04:56.0436 0x0d78 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
12:04:56.0519 0x0d78 Browser - ok
12:04:56.0551 0x0d78 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:04:56.0648 0x0d78 Brserid - ok
12:04:56.0674 0x0d78 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:04:56.0730 0x0d78 BrSerWdm - ok
12:04:56.0751 0x0d78 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:04:56.0832 0x0d78 BrUsbMdm - ok
12:04:56.0840 0x0d78 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:04:56.0890 0x0d78 BrUsbSer - ok
12:04:56.0924 0x0d78 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:04:57.0004 0x0d78 BTHMODEM - ok
12:04:57.0060 0x0d78 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
12:04:57.0144 0x0d78 bthserv - ok
12:04:57.0178 0x0d78 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:04:57.0254 0x0d78 cdfs - ok
12:04:57.0317 0x0d78 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:04:57.0384 0x0d78 cdrom - ok
12:04:57.0439 0x0d78 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
12:04:57.0519 0x0d78 CertPropSvc - ok
12:04:57.0569 0x0d78 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:04:57.0632 0x0d78 circlass - ok
12:04:57.0689 0x0d78 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
12:04:57.0730 0x0d78 CLFS - ok
12:04:57.0779 0x0d78 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:04:57.0809 0x0d78 clr_optimization_v2.0.50727_32 - ok
12:04:57.0857 0x0d78 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:04:57.0881 0x0d78 clr_optimization_v2.0.50727_64 - ok
12:04:57.0960 0x0d78 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:04:58.0020 0x0d78 clr_optimization_v4.0.30319_32 - ok
12:04:58.0060 0x0d78 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:04:58.0091 0x0d78 clr_optimization_v4.0.30319_64 - ok
12:04:58.0116 0x0d78 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:04:58.0179 0x0d78 CmBatt - ok
12:04:58.0214 0x0d78 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:04:58.0240 0x0d78 cmdide - ok
12:04:58.0300 0x0d78 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
12:04:58.0361 0x0d78 CNG - ok
12:04:58.0403 0x0d78 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:04:58.0432 0x0d78 Compbatt - ok
12:04:58.0477 0x0d78 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:04:58.0544 0x0d78 CompositeBus - ok
12:04:58.0570 0x0d78 COMSysApp - ok
12:04:58.0614 0x0d78 CouponPrinterService - ok
12:04:58.0640 0x0d78 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:04:58.0665 0x0d78 crcdisk - ok
12:04:58.0737 0x0d78 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:04:58.0817 0x0d78 CryptSvc - ok
12:04:58.0881 0x0d78 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
12:04:59.0025 0x0d78 CSC - ok
12:04:59.0101 0x0d78 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
12:04:59.0224 0x0d78 CscService - ok
12:04:59.0287 0x0d78 [ D06E443457FADC6B1AFAF3AA4B6936F6, 109B4D05E156604AFB3D63B380CC063B900AEB12F57A1D235B9F9399EE0909C7 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
12:04:59.0313 0x0d78 dc3d - ok
12:04:59.0380 0x0d78 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:04:59.0483 0x0d78 DcomLaunch - ok
12:04:59.0545 0x0d78 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
12:04:59.0662 0x0d78 defragsvc - ok
12:04:59.0728 0x0d78 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:04:59.0821 0x0d78 DfsC - ok
12:04:59.0885 0x0d78 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:04:59.0982 0x0d78 Dhcp - ok
12:05:00.0014 0x0d78 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
12:05:00.0093 0x0d78 discache - ok
12:05:00.0127 0x0d78 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:05:00.0155 0x0d78 Disk - ok
12:05:00.0215 0x0d78 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:05:00.0298 0x0d78 Dnscache - ok
12:05:00.0350 0x0d78 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
12:05:00.0443 0x0d78 dot3svc - ok
12:05:00.0481 0x0d78 [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
12:05:00.0548 0x0d78 Dot4 - ok
12:05:00.0597 0x0d78 [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
12:05:00.0659 0x0d78 Dot4Print - ok
12:05:00.0688 0x0d78 [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
12:05:00.0762 0x0d78 dot4usb - ok
12:05:00.0802 0x0d78 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
12:05:00.0931 0x0d78 DPS - ok
12:05:00.0983 0x0d78 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:05:01.0072 0x0d78 drmkaud - ok
12:05:01.0151 0x0d78 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:05:01.0233 0x0d78 DXGKrnl - ok
12:05:01.0323 0x0d78 [ 099E01A94167CA8BDA2CF72037AD0E28, 937501E15A9C8E195DC778DBC9C3A45EB5DD024AF9E4C188ED5B69F94EEC233D ] e1express C:\Windows\system32\DRIVERS\e1e6232e.sys
12:05:01.0363 0x0d78 e1express - ok
12:05:01.0415 0x0d78 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
12:05:01.0508 0x0d78 EapHost - ok
12:05:01.0675 0x0d78 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:05:01.0908 0x0d78 ebdrv - ok
12:05:01.0950 0x0d78 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
12:05:02.0041 0x0d78 EFS - ok
12:05:02.0137 0x0d78 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:05:02.0254 0x0d78 ehRecvr - ok
12:05:02.0326 0x0d78 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
12:05:02.0427 0x0d78 ehSched - ok
12:05:02.0488 0x0d78 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:05:02.0562 0x0d78 elxstor - ok
12:05:02.0598 0x0d78 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:05:02.0645 0x0d78 ErrDev - ok
12:05:02.0715 0x0d78 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
12:05:02.0821 0x0d78 EventSystem - ok
12:05:02.0877 0x0d78 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
12:05:02.0984 0x0d78 exfat - ok
12:05:03.0009 0x0d78 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:05:03.0110 0x0d78 fastfat - ok
12:05:03.0193 0x0d78 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
12:05:03.0331 0x0d78 Fax - ok
12:05:03.0369 0x0d78 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:05:03.0428 0x0d78 fdc - ok
12:05:03.0451 0x0d78 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
12:05:03.0559 0x0d78 fdPHost - ok
12:05:03.0591 0x0d78 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
12:05:03.0699 0x0d78 FDResPub - ok
12:05:03.0731 0x0d78 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:05:03.0758 0x0d78 FileInfo - ok
12:05:03.0770 0x0d78 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:05:03.0870 0x0d78 Filetrace - ok
12:05:03.0915 0x0d78 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:05:03.0973 0x0d78 flpydisk - ok
12:05:04.0025 0x0d78 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:05:04.0074 0x0d78 FltMgr - ok
12:05:04.0174 0x0d78 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
12:05:04.0324 0x0d78 FontCache - ok
12:05:04.0385 0x0d78 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:05:04.0418 0x0d78 FontCache3.0.0.0 - ok
12:05:04.0452 0x0d78 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:05:04.0476 0x0d78 FsDepends - ok
12:05:04.0518 0x0d78 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:05:04.0546 0x0d78 Fs_Rec - ok
12:05:04.0583 0x0d78 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:05:04.0630 0x0d78 fvevol - ok
12:05:04.0647 0x0d78 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:05:04.0675 0x0d78 gagp30kx - ok
12:05:04.0719 0x0d78 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:05:04.0802 0x0d78 GEARAspiWDM - ok
12:05:04.0874 0x0d78 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
12:05:05.0007 0x0d78 gpsvc - ok
12:05:05.0092 0x0d78 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:05:05.0114 0x0d78 gupdate - ok
12:05:05.0124 0x0d78 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:05:05.0144 0x0d78 gupdatem - ok
12:05:05.0212 0x0d78 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:05:05.0273 0x0d78 gusvc - ok
12:05:05.0305 0x0d78 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:05:05.0440 0x0d78 hcw85cir - ok
12:05:05.0508 0x0d78 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:05:05.0633 0x0d78 HdAudAddService - ok
12:05:05.0709 0x0d78 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:05:05.0770 0x0d78 HDAudBus - ok
12:05:05.0806 0x0d78 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:05:05.0895 0x0d78 HidBatt - ok
12:05:05.0926 0x0d78 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:05:06.0047 0x0d78 HidBth - ok
12:05:06.0068 0x0d78 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:05:06.0158 0x0d78 HidIr - ok
12:05:06.0185 0x0d78 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
12:05:06.0306 0x0d78 hidserv - ok
12:05:06.0373 0x0d78 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:05:06.0433 0x0d78 HidUsb - ok
12:05:06.0481 0x0d78 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:05:06.0628 0x0d78 hkmsvc - ok
12:05:06.0677 0x0d78 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:05:06.0762 0x0d78 HomeGroupListener - ok
12:05:06.0809 0x0d78 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:05:06.0918 0x0d78 HomeGroupProvider - ok
12:05:07.0022 0x0d78 [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:05:07.0084 0x0d78 hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
12:05:10.0435 0x0d78 Detect skipped due to KSN trusted
12:05:10.0435 0x0d78 hpqcxs08 - ok
12:05:10.0467 0x0d78 [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:05:10.0524 0x0d78 hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
12:05:13.0478 0x0d78 Detect skipped due to KSN trusted
12:05:13.0478 0x0d78 hpqddsvc - ok
12:05:13.0514 0x0d78 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:05:13.0541 0x0d78 HpSAMD - ok
12:05:13.0613 0x0d78 [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:05:13.0709 0x0d78 HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
12:05:16.0811 0x0d78 Detect skipped due to KSN trusted
12:05:16.0812 0x0d78 HPSLPSVC - ok
12:05:16.0876 0x0d78 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:05:17.0028 0x0d78 HTTP - ok
12:05:17.0066 0x0d78 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:05:17.0091 0x0d78 hwpolicy - ok
12:05:17.0152 0x0d78 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:05:17.0248 0x0d78 i8042prt - ok
12:05:17.0298 0x0d78 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:05:17.0333 0x0d78 iaStorV - ok
12:05:17.0414 0x0d78 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:05:17.0517 0x0d78 idsvc - ok
12:05:17.0537 0x0d78 IEEtwCollectorService - ok
12:05:17.0571 0x0d78 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:05:17.0599 0x0d78 iirsp - ok
12:05:17.0659 0x0d78 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
12:05:17.0782 0x0d78 IKEEXT - ok
12:05:17.0813 0x0d78 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
12:05:17.0865 0x0d78 intelide - ok
12:05:17.0899 0x0d78 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:05:18.0024 0x0d78 intelppm - ok
12:05:18.0063 0x0d78 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:05:18.0158 0x0d78 IPBusEnum - ok
12:05:18.0208 0x0d78 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:05:18.0332 0x0d78 IpFilterDriver - ok
12:05:18.0384 0x0d78 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:05:18.0513 0x0d78 iphlpsvc - ok
12:05:18.0560 0x0d78 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:05:18.0656 0x0d78 IPMIDRV - ok
12:05:18.0682 0x0d78 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:05:18.0809 0x0d78 IPNAT - ok
12:05:18.0920 0x0d78 [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:05:18.0984 0x0d78 iPod Service - ok
12:05:19.0026 0x0d78 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:05:19.0107 0x0d78 IRENUM - ok
12:05:19.0149 0x0d78 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:05:19.0179 0x0d78 isapnp - ok
12:05:19.0224 0x0d78 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:05:19.0303 0x0d78 iScsiPrt - ok
12:05:19.0325 0x0d78 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:05:19.0353 0x0d78 kbdclass - ok
12:05:19.0400 0x0d78 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:05:19.0472 0x0d78 kbdhid - ok
12:05:19.0499 0x0d78 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
12:05:19.0548 0x0d78 KeyIso - ok
12:05:19.0588 0x0d78 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:05:19.0613 0x0d78 KSecDD - ok
12:05:19.0660 0x0d78 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:05:19.0689 0x0d78 KSecPkg - ok
12:05:19.0709 0x0d78 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:05:19.0836 0x0d78 ksthunk - ok
12:05:19.0887 0x0d78 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
12:05:20.0013 0x0d78 KtmRm - ok
12:05:20.0069 0x0d78 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:05:20.0182 0x0d78 LanmanServer - ok
12:05:20.0253 0x0d78 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:05:20.0396 0x0d78 LanmanWorkstation - ok
12:05:20.0453 0x0d78 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:05:20.0623 0x0d78 lltdio - ok
12:05:20.0678 0x0d78 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:05:20.0850 0x0d78 lltdsvc - ok
12:05:20.0880 0x0d78 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:05:20.0965 0x0d78 lmhosts - ok
12:05:21.0003 0x0d78 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:05:21.0039 0x0d78 LSI_FC - ok
12:05:21.0061 0x0d78 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:05:21.0114 0x0d78 LSI_SAS - ok
12:05:21.0133 0x0d78 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:05:21.0171 0x0d78 LSI_SAS2 - ok
12:05:21.0209 0x0d78 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:05:21.0249 0x0d78 LSI_SCSI - ok
12:05:21.0279 0x0d78 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
12:05:21.0376 0x0d78 luafv - ok
12:05:21.0426 0x0d78 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:05:21.0528 0x0d78 Mcx2Svc - ok
12:05:21.0549 0x0d78 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:05:21.0581 0x0d78 megasas - ok
12:05:21.0607 0x0d78 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:05:21.0656 0x0d78 MegaSR - ok
12:05:21.0689 0x0d78 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
12:05:21.0802 0x0d78 MMCSS - ok
12:05:21.0828 0x0d78 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
12:05:21.0922 0x0d78 Modem - ok
12:05:21.0976 0x0d78 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:05:22.0052 0x0d78 monitor - ok
12:05:22.0097 0x0d78 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:05:22.0128 0x0d78 mouclass - ok
12:05:22.0159 0x0d78 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:05:22.0245 0x0d78 mouhid - ok
12:05:22.0302 0x0d78 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:05:22.0356 0x0d78 mountmgr - ok
12:05:22.0415 0x0d78 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
12:05:22.0463 0x0d78 mpio - ok
12:05:22.0488 0x0d78 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:05:22.0603 0x0d78 mpsdrv - ok
12:05:22.0884 0x0d78 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:05:22.0990 0x0d78 MpsSvc - ok
12:05:23.0040 0x0d78 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:05:23.0133 0x0d78 MRxDAV - ok
12:05:23.0179 0x0d78 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:05:23.0272 0x0d78 mrxsmb - ok
12:05:23.0306 0x0d78 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:05:23.0411 0x0d78 mrxsmb10 - ok
12:05:23.0454 0x0d78 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:05:23.0498 0x0d78 mrxsmb20 - ok
12:05:23.0540 0x0d78 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
12:05:23.0584 0x0d78 msahci - ok
12:05:23.0626 0x0d78 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:05:23.0659 0x0d78 msdsm - ok
12:05:23.0684 0x0d78 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
12:05:23.0795 0x0d78 MSDTC - ok
12:05:23.0865 0x0d78 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:05:23.0931 0x0d78 Msfs - ok
12:05:23.0962 0x0d78 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:05:24.0073 0x0d78 mshidkmdf - ok
12:05:24.0107 0x0d78 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:05:24.0139 0x0d78 msisadrv - ok
12:05:24.0173 0x0d78 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:05:24.0273 0x0d78 MSiSCSI - ok
12:05:24.0281 0x0d78 msiserver - ok
12:05:24.0320 0x0d78 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:05:24.0403 0x0d78 MSKSSRV - ok
12:05:24.0440 0x0d78 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:05:24.0561 0x0d78 MSPCLOCK - ok
12:05:24.0579 0x0d78 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:05:24.0738 0x0d78 MSPQM - ok
12:05:24.0794 0x0d78 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:05:24.0838 0x0d78 MsRPC - ok
12:05:24.0866 0x0d78 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:05:24.0908 0x0d78 mssmbios - ok
12:05:24.0938 0x0d78 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:05:25.0022 0x0d78 MSTEE - ok
12:05:25.0046 0x0d78 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:05:25.0121 0x0d78 MTConfig - ok
12:05:25.0155 0x0d78 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
12:05:25.0180 0x0d78 Mup - ok
12:05:25.0245 0x0d78 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
12:05:25.0382 0x0d78 napagent - ok
12:05:25.0457 0x0d78 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:05:25.0565 0x0d78 NativeWifiP - ok
12:05:25.0663 0x0d78 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
12:05:25.0770 0x0d78 NDIS - ok
12:05:25.0803 0x0d78 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:05:25.0924 0x0d78 NdisCap - ok
12:05:25.0973 0x0d78 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 9th, 2014, 1:11 pm

12:05:26.0117 0x0d78 NdisTapi - ok
12:05:26.0178 0x0d78 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:05:26.0295 0x0d78 Ndisuio - ok
12:05:26.0345 0x0d78 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:05:26.0461 0x0d78 NdisWan - ok
12:05:26.0495 0x0d78 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:05:26.0605 0x0d78 NDProxy - ok
12:05:26.0685 0x0d78 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:05:26.0741 0x0d78 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
12:05:29.0638 0x0d78 Detect skipped due to KSN trusted
12:05:29.0638 0x0d78 Net Driver HPZ12 - ok
12:05:29.0665 0x0d78 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:05:29.0835 0x0d78 NetBIOS - ok
12:05:29.0877 0x0d78 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:05:30.0015 0x0d78 NetBT - ok
12:05:30.0059 0x0d78 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
12:05:30.0106 0x0d78 Netlogon - ok
12:05:30.0150 0x0d78 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
12:05:30.0270 0x0d78 Netman - ok
12:05:30.0321 0x0d78 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:05:30.0375 0x0d78 NetMsmqActivator - ok
12:05:30.0396 0x0d78 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:05:30.0423 0x0d78 NetPipeActivator - ok
12:05:30.0466 0x0d78 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
12:05:30.0588 0x0d78 netprofm - ok
12:05:30.0600 0x0d78 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:05:30.0630 0x0d78 NetTcpActivator - ok
12:05:30.0649 0x0d78 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:05:30.0674 0x0d78 NetTcpPortSharing - ok
12:05:30.0705 0x0d78 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:05:30.0734 0x0d78 nfrd960 - ok
12:05:30.0788 0x0d78 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:05:30.0884 0x0d78 NlaSvc - ok
12:05:30.0914 0x0d78 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:05:31.0012 0x0d78 Npfs - ok
12:05:31.0043 0x0d78 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
12:05:31.0161 0x0d78 nsi - ok
12:05:31.0197 0x0d78 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:05:31.0289 0x0d78 nsiproxy - ok
12:05:31.0390 0x0d78 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:05:31.0488 0x0d78 Ntfs - ok
12:05:31.0540 0x0d78 [ 96ACBF3DDC38A52FEE115F577F36568F, DB8CB01971208C8D7A306A5FEDA39A3802195123E6B801DFB905B0E1934D3C96 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
12:05:31.0563 0x0d78 NuidFltr - ok
12:05:31.0573 0x0d78 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
12:05:31.0687 0x0d78 Null - ok
12:05:31.0766 0x0d78 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:05:31.0816 0x0d78 nvraid - ok
12:05:31.0832 0x0d78 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:05:31.0912 0x0d78 nvstor - ok
12:05:31.0951 0x0d78 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:05:32.0019 0x0d78 nv_agp - ok
12:05:32.0138 0x0d78 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:05:32.0200 0x0d78 odserv - ok
12:05:32.0260 0x0d78 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:05:32.0346 0x0d78 ohci1394 - ok
12:05:32.0400 0x0d78 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:05:32.0442 0x0d78 ose - ok
12:05:32.0491 0x0d78 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:05:32.0599 0x0d78 p2pimsvc - ok
12:05:32.0637 0x0d78 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
12:05:32.0732 0x0d78 p2psvc - ok
12:05:32.0760 0x0d78 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:05:32.0817 0x0d78 Parport - ok
12:05:32.0853 0x0d78 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:05:32.0899 0x0d78 partmgr - ok
12:05:32.0928 0x0d78 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
12:05:33.0033 0x0d78 PcaSvc - ok
12:05:33.0075 0x0d78 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
12:05:33.0126 0x0d78 pci - ok
12:05:33.0171 0x0d78 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
12:05:33.0196 0x0d78 pciide - ok
12:05:33.0223 0x0d78 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:05:33.0262 0x0d78 pcmcia - ok
12:05:33.0295 0x0d78 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
12:05:33.0342 0x0d78 pcw - ok
12:05:33.0384 0x0d78 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:05:33.0538 0x0d78 PEAUTH - ok
12:05:33.0627 0x0d78 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:05:33.0779 0x0d78 PeerDistSvc - ok
12:05:33.0868 0x0d78 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:05:33.0932 0x0d78 PerfHost - ok
12:05:34.0044 0x0d78 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
12:05:34.0232 0x0d78 pla - ok
12:05:34.0293 0x0d78 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:05:34.0393 0x0d78 PlugPlay - ok
12:05:34.0453 0x0d78 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:05:34.0512 0x0d78 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
12:05:37.0978 0x0d78 Detect skipped due to KSN trusted
12:05:37.0978 0x0d78 Pml Driver HPZ12 - ok
12:05:38.0047 0x0d78 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:05:38.0129 0x0d78 PNRPAutoReg - ok
12:05:38.0163 0x0d78 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:05:38.0238 0x0d78 PNRPsvc - ok
12:05:38.0302 0x0d78 [ E4799B87675C59AA1F620DE5C6F113BB, 094EE16D4CEC68DB316002994482344A6BFCFDE399131F7FA11BB46C2DCBF218 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
12:05:38.0336 0x0d78 Point64 - ok
12:05:38.0401 0x0d78 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:05:38.0548 0x0d78 PolicyAgent - ok
12:05:38.0599 0x0d78 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
12:05:38.0736 0x0d78 Power - ok
12:05:38.0799 0x0d78 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:05:38.0999 0x0d78 PptpMiniport - ok
12:05:39.0034 0x0d78 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:05:39.0138 0x0d78 Processor - ok
12:05:39.0250 0x0d78 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
12:05:39.0385 0x0d78 ProfSvc - ok
12:05:39.0412 0x0d78 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:05:39.0478 0x0d78 ProtectedStorage - ok
12:05:39.0542 0x0d78 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:05:39.0666 0x0d78 Psched - ok
12:05:39.0784 0x0d78 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:05:39.0903 0x0d78 ql2300 - ok
12:05:39.0935 0x0d78 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:05:39.0966 0x0d78 ql40xx - ok
12:05:40.0000 0x0d78 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
12:05:40.0072 0x0d78 QWAVE - ok
12:05:40.0089 0x0d78 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:05:40.0187 0x0d78 QWAVEdrv - ok
12:05:40.0215 0x0d78 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:05:40.0293 0x0d78 RasAcd - ok
12:05:40.0332 0x0d78 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:05:40.0438 0x0d78 RasAgileVpn - ok
12:05:40.0457 0x0d78 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
12:05:40.0568 0x0d78 RasAuto - ok
12:05:40.0612 0x0d78 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:05:40.0760 0x0d78 Rasl2tp - ok
12:05:40.0807 0x0d78 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
12:05:40.0928 0x0d78 RasMan - ok
12:05:40.0959 0x0d78 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:05:41.0051 0x0d78 RasPppoe - ok
12:05:41.0088 0x0d78 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:05:41.0211 0x0d78 RasSstp - ok
12:05:41.0261 0x0d78 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:05:41.0418 0x0d78 rdbss - ok
12:05:41.0442 0x0d78 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:05:41.0543 0x0d78 rdpbus - ok
12:05:41.0571 0x0d78 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:05:41.0668 0x0d78 RDPCDD - ok
12:05:41.0712 0x0d78 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:05:41.0906 0x0d78 RDPDR - ok
12:05:41.0929 0x0d78 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:05:42.0046 0x0d78 RDPENCDD - ok
12:05:42.0095 0x0d78 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:05:42.0188 0x0d78 RDPREFMP - ok
12:05:42.0241 0x0d78 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:05:42.0445 0x0d78 RdpVideoMiniport - ok
12:05:42.0492 0x0d78 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:05:42.0639 0x0d78 RDPWD - ok
12:05:42.0728 0x0d78 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:05:42.0769 0x0d78 rdyboost - ok
12:05:42.0834 0x0d78 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:05:42.0956 0x0d78 RemoteAccess - ok
12:05:43.0007 0x0d78 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:05:43.0121 0x0d78 RemoteRegistry - ok
12:05:43.0161 0x0d78 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:05:43.0284 0x0d78 RpcEptMapper - ok
12:05:43.0315 0x0d78 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
12:05:43.0419 0x0d78 RpcLocator - ok
12:05:43.0485 0x0d78 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
12:05:43.0588 0x0d78 RpcSs - ok
12:05:43.0617 0x0d78 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:05:43.0726 0x0d78 rspndr - ok
12:05:43.0761 0x0d78 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:05:43.0835 0x0d78 s3cap - ok
12:05:43.0850 0x0d78 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
12:05:43.0900 0x0d78 SamSs - ok
12:05:43.0937 0x0d78 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:05:43.0967 0x0d78 sbp2port - ok
12:05:43.0998 0x0d78 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:05:44.0136 0x0d78 SCardSvr - ok
12:05:44.0168 0x0d78 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:05:44.0265 0x0d78 scfilter - ok
12:05:44.0344 0x0d78 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
12:05:44.0539 0x0d78 Schedule - ok
12:05:44.0586 0x0d78 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:05:44.0678 0x0d78 SCPolicySvc - ok
12:05:44.0740 0x0d78 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:05:44.0868 0x0d78 SDRSVC - ok
12:05:44.0897 0x0d78 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:05:44.0991 0x0d78 secdrv - ok
12:05:45.0046 0x0d78 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
12:05:45.0159 0x0d78 seclogon - ok
12:05:45.0210 0x0d78 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
12:05:45.0342 0x0d78 SENS - ok
12:05:45.0379 0x0d78 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:05:45.0483 0x0d78 SensrSvc - ok
12:05:45.0515 0x0d78 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:05:45.0604 0x0d78 Serenum - ok
12:05:45.0652 0x0d78 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:05:45.0726 0x0d78 Serial - ok
12:05:45.0767 0x0d78 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:05:45.0841 0x0d78 sermouse - ok
12:05:45.0920 0x0d78 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
12:05:46.0042 0x0d78 SessionEnv - ok
12:05:46.0086 0x0d78 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:05:46.0192 0x0d78 sffdisk - ok
12:05:46.0226 0x0d78 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:05:46.0351 0x0d78 sffp_mmc - ok
12:05:46.0359 0x0d78 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:05:46.0464 0x0d78 sffp_sd - ok
12:05:46.0485 0x0d78 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:05:46.0549 0x0d78 sfloppy - ok
12:05:46.0591 0x0d78 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:05:46.0749 0x0d78 SharedAccess - ok
12:05:46.0801 0x0d78 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:05:46.0935 0x0d78 ShellHWDetection - ok
12:05:46.0975 0x0d78 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:05:47.0003 0x0d78 SiSRaid2 - ok
12:05:47.0020 0x0d78 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:05:47.0074 0x0d78 SiSRaid4 - ok
12:05:47.0103 0x0d78 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:05:47.0205 0x0d78 Smb - ok
12:05:47.0275 0x0d78 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:05:47.0350 0x0d78 SNMPTRAP - ok
12:05:47.0423 0x0d78 [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan C:\Windows\syswow64\speedfan.sys
12:05:47.0477 0x0d78 speedfan - ok
12:05:47.0504 0x0d78 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
12:05:47.0527 0x0d78 spldr - ok
12:05:47.0581 0x0d78 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
12:05:47.0715 0x0d78 Spooler - ok
12:05:47.0904 0x0d78 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
12:05:48.0175 0x0d78 sppsvc - ok
12:05:48.0207 0x0d78 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:05:48.0288 0x0d78 sppuinotify - ok
12:05:48.0340 0x0d78 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:05:48.0481 0x0d78 srv - ok
12:05:48.0525 0x0d78 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:05:48.0616 0x0d78 srv2 - ok
12:05:48.0653 0x0d78 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:05:48.0711 0x0d78 srvnet - ok
12:05:48.0753 0x0d78 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:05:48.0890 0x0d78 SSDPSRV - ok
12:05:48.0920 0x0d78 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:05:49.0030 0x0d78 SstpSvc - ok
12:05:49.0053 0x0d78 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:05:49.0088 0x0d78 stexstor - ok
12:05:49.0200 0x0d78 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
12:05:49.0390 0x0d78 stisvc - ok
12:05:49.0455 0x0d78 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:05:49.0479 0x0d78 storflt - ok
12:05:49.0509 0x0d78 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
12:05:49.0655 0x0d78 StorSvc - ok
12:05:49.0702 0x0d78 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:05:49.0732 0x0d78 storvsc - ok
12:05:49.0774 0x0d78 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
12:05:49.0816 0x0d78 swenum - ok
12:05:49.0850 0x0d78 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
12:05:50.0006 0x0d78 swprv - ok
12:05:50.0111 0x0d78 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
12:05:50.0302 0x0d78 SysMain - ok
12:05:50.0380 0x0d78 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:05:50.0477 0x0d78 TabletInputService - ok
12:05:50.0529 0x0d78 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
12:05:50.0647 0x0d78 TapiSrv - ok
12:05:50.0682 0x0d78 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
12:05:50.0774 0x0d78 TBS - ok
12:05:50.0928 0x0d78 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:05:51.0038 0x0d78 Tcpip - ok
12:05:51.0142 0x0d78 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:05:51.0311 0x0d78 TCPIP6 - ok
12:05:51.0365 0x0d78 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:05:51.0426 0x0d78 tcpipreg - ok
12:05:51.0486 0x0d78 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:05:51.0656 0x0d78 TDPIPE - ok
12:05:51.0679 0x0d78 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:05:51.0769 0x0d78 TDTCP - ok
12:05:51.0803 0x0d78 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:05:51.0899 0x0d78 tdx - ok
12:05:52.0204 0x0d78 [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9 C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
12:05:52.0429 0x0d78 TeamViewer9 - ok
12:05:52.0498 0x0d78 [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
12:05:52.0541 0x0d78 teamviewervpn - ok
12:05:52.0582 0x0d78 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
12:05:52.0647 0x0d78 TermDD - ok
12:05:52.0735 0x0d78 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
12:05:52.0871 0x0d78 TermService - ok
12:05:52.0919 0x0d78 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
12:05:53.0029 0x0d78 Themes - ok
12:05:53.0069 0x0d78 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
12:05:53.0166 0x0d78 THREADORDER - ok
12:05:53.0198 0x0d78 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
12:05:53.0350 0x0d78 TrkWks - ok
12:05:53.0438 0x0d78 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:05:53.0537 0x0d78 TrustedInstaller - ok
12:05:53.0584 0x0d78 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:05:53.0711 0x0d78 tssecsrv - ok
12:05:53.0762 0x0d78 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:05:53.0918 0x0d78 TsUsbFlt - ok
12:05:53.0983 0x0d78 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:05:54.0115 0x0d78 tunnel - ok
12:05:54.0142 0x0d78 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:05:54.0172 0x0d78 uagp35 - ok
12:05:54.0243 0x0d78 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:05:54.0401 0x0d78 udfs - ok
12:05:54.0436 0x0d78 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:05:54.0512 0x0d78 UI0Detect - ok
12:05:54.0544 0x0d78 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:05:54.0575 0x0d78 uliagpkx - ok
12:05:54.0604 0x0d78 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
12:05:54.0742 0x0d78 umbus - ok
12:05:54.0765 0x0d78 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:05:54.0860 0x0d78 UmPass - ok
12:05:54.0907 0x0d78 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
12:05:54.0988 0x0d78 UmRdpService - ok
12:05:55.0034 0x0d78 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
12:05:55.0172 0x0d78 upnphost - ok
12:05:55.0242 0x0d78 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:05:55.0375 0x0d78 USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
12:05:58.0462 0x0d78 Detect skipped due to KSN trusted
12:05:58.0462 0x0d78 USBAAPL64 - ok
12:05:58.0534 0x0d78 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:05:58.0730 0x0d78 usbaudio - ok
12:05:58.0776 0x0d78 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:05:58.0842 0x0d78 usbccgp - ok
12:05:58.0894 0x0d78 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:05:59.0092 0x0d78 usbcir - ok
12:05:59.0178 0x0d78 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:05:59.0276 0x0d78 usbehci - ok
12:05:59.0313 0x0d78 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:05:59.0426 0x0d78 usbhub - ok
12:05:59.0454 0x0d78 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:05:59.0541 0x0d78 usbohci - ok
12:05:59.0562 0x0d78 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:05:59.0683 0x0d78 usbprint - ok
12:05:59.0712 0x0d78 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:05:59.0835 0x0d78 usbscan - ok
12:05:59.0876 0x0d78 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:06:00.0006 0x0d78 USBSTOR - ok
12:06:00.0036 0x0d78 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:06:00.0114 0x0d78 usbuhci - ok
12:06:00.0181 0x0d78 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:06:00.0352 0x0d78 usbvideo - ok
12:06:00.0402 0x0d78 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
12:06:00.0536 0x0d78 UxSms - ok
12:06:00.0565 0x0d78 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
12:06:00.0698 0x0d78 VaultSvc - ok
12:06:00.0733 0x0d78 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:06:00.0773 0x0d78 vdrvroot - ok
12:06:00.0899 0x0d78 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
12:06:01.0260 0x0d78 vds - ok
12:06:01.0292 0x0d78 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:06:01.0413 0x0d78 vga - ok
12:06:01.0437 0x0d78 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:06:01.0638 0x0d78 VgaSave - ok
12:06:01.0687 0x0d78 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:06:01.0751 0x0d78 vhdmp - ok
12:06:01.0791 0x0d78 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
12:06:01.0889 0x0d78 viaide - ok
12:06:01.0939 0x0d78 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:06:01.0978 0x0d78 vmbus - ok
12:06:01.0996 0x0d78 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:06:02.0188 0x0d78 VMBusHID - ok
12:06:02.0216 0x0d78 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:06:02.0275 0x0d78 volmgr - ok
12:06:02.0341 0x0d78 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:06:02.0384 0x0d78 volmgrx - ok
12:06:02.0441 0x0d78 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:06:02.0505 0x0d78 volsnap - ok
12:06:02.0559 0x0d78 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:06:02.0597 0x0d78 vsmraid - ok
12:06:02.0700 0x0d78 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
12:06:02.0934 0x0d78 VSS - ok
12:06:03.0020 0x0d78 [ 93132C69394A99D992095D8CFE464801, A76C0371E9E18B038B0745C3F38AC4E958D43CB87EAB358EB88F431A33EE1F6E ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
12:06:03.0270 0x0d78 VST64HWBS2 - ok
12:06:03.0411 0x0d78 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:06:03.0583 0x0d78 VST64_DPV - ok
12:06:03.0635 0x0d78 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:06:03.0775 0x0d78 vwifibus - ok
12:06:03.0805 0x0d78 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:06:03.0888 0x0d78 vwififlt - ok
12:06:03.0945 0x0d78 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
12:06:04.0087 0x0d78 W32Time - ok
12:06:04.0131 0x0d78 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:06:04.0250 0x0d78 WacomPen - ok
12:06:04.0315 0x0d78 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:06:04.0469 0x0d78 WANARP - ok
12:06:04.0567 0x0d78 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:06:04.0697 0x0d78 Wanarpv6 - ok
12:06:04.0812 0x0d78 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:06:04.0978 0x0d78 WatAdminSvc - ok
12:06:05.0116 0x0d78 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
12:06:05.0373 0x0d78 wbengine - ok
12:06:05.0418 0x0d78 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:06:05.0508 0x0d78 WbioSrvc - ok
12:06:05.0569 0x0d78 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:06:05.0742 0x0d78 wcncsvc - ok
12:06:05.0775 0x0d78 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:06:05.0891 0x0d78 WcsPlugInService - ok
12:06:05.0922 0x0d78 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:06:06.0012 0x0d78 Wd - ok
12:06:06.0089 0x0d78 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:06:06.0168 0x0d78 Wdf01000 - ok
12:06:06.0229 0x0d78 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:06:06.0398 0x0d78 WdiServiceHost - ok
12:06:06.0410 0x0d78 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:06:06.0483 0x0d78 WdiSystemHost - ok
12:06:06.0535 0x0d78 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
12:06:06.0660 0x0d78 WebClient - ok
12:06:06.0717 0x0d78 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:06:06.0865 0x0d78 Wecsvc - ok
12:06:06.0896 0x0d78 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:06:07.0084 0x0d78 wercplsupport - ok
12:06:07.0114 0x0d78 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
12:06:07.0306 0x0d78 WerSvc - ok
12:06:07.0373 0x0d78 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:06:07.0578 0x0d78 WfpLwf - ok
12:06:07.0595 0x0d78 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:06:07.0634 0x0d78 WIMMount - ok
12:06:07.0695 0x0d78 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:06:07.0862 0x0d78 winachsf - ok
12:06:07.0901 0x0d78 WinDefend - ok
12:06:07.0927 0x0d78 WinHttpAutoProxySvc - ok
12:06:08.0008 0x0d78 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:06:08.0140 0x0d78 Winmgmt - ok
12:06:08.0270 0x0d78 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
12:06:08.0516 0x0d78 WinRM - ok
12:06:08.0615 0x0d78 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:06:08.0729 0x0d78 WinUsb - ok
12:06:08.0816 0x0d78 [ A7C993F86BE5AF035DE06DF9160D7008, 9890293AD584C846C5F2444BEF8E6130C6EE450EFF0387FCECDE056CD7D0C02C ] WiseBootAssistant C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
12:06:08.0853 0x0d78 WiseBootAssistant - ok
12:06:08.0957 0x0d78 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:06:09.0085 0x0d78 Wlansvc - ok
12:06:09.0127 0x0d78 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:06:09.0251 0x0d78 WmiAcpi - ok
12:06:09.0283 0x0d78 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:06:09.0515 0x0d78 wmiApSrv - ok
12:06:09.0576 0x0d78 WMPNetworkSvc - ok
12:06:09.0613 0x0d78 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:06:09.0703 0x0d78 WPCSvc - ok
12:06:09.0755 0x0d78 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:06:09.0835 0x0d78 WPDBusEnum - ok
12:06:09.0870 0x0d78 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:06:09.0998 0x0d78 ws2ifsl - ok
12:06:10.0023 0x0d78 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
12:06:10.0092 0x0d78 wscsvc - ok
12:06:10.0099 0x0d78 WSearch - ok
12:06:10.0287 0x0d78 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
12:06:10.0434 0x0d78 wuauserv - ok
12:06:10.0594 0x0d78 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:06:10.0767 0x0d78 WudfPf - ok
12:06:10.0790 0x0d78 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:06:11.0177 0x0d78 WUDFRd - ok
12:06:11.0232 0x0d78 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:06:11.0330 0x0d78 wudfsvc - ok
12:06:11.0391 0x0d78 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
12:06:11.0507 0x0d78 WwanSvc - ok
12:06:11.0551 0x0d78 ================ Scan global ===============================
12:06:11.0577 0x0d78 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:06:11.0626 0x0d78 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:06:11.0664 0x0d78 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:06:11.0724 0x0d78 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:06:11.0765 0x0d78 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:06:11.0788 0x0d78 [ Global ] - ok
12:06:11.0789 0x0d78 ================ Scan MBR ==================================
12:06:11.0810 0x0d78 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:06:12.0044 0x0d78 \Device\Harddisk0\DR0 - ok
12:06:12.0063 0x0d78 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
12:06:12.0074 0x0d78 \Device\Harddisk1\DR1 - ok
12:06:12.0077 0x0d78 ================ Scan VBR ==================================
12:06:12.0086 0x0d78 [ 10A7EAF7544319EFFC60305F9FE1074A ] \Device\Harddisk0\DR0\Partition1
12:06:12.0131 0x0d78 \Device\Harddisk0\DR0\Partition1 - ok
12:06:12.0155 0x0d78 [ 7FD2B9D2F376E7034D9802477A811481 ] \Device\Harddisk0\DR0\Partition2
12:06:12.0157 0x0d78 \Device\Harddisk0\DR0\Partition2 - ok
12:06:12.0165 0x0d78 [ 0DE44416F2A07037E92C4D300C5F0FAB ] \Device\Harddisk1\DR1\Partition1
12:06:12.0235 0x0d78 \Device\Harddisk1\DR1\Partition1 - ok
12:06:12.0236 0x0d78 ================ Scan generic autorun ======================
12:06:13.0289 0x0d78 [ 361B0893A5C6741F347568A3232D2822, A1085FD8DCEA67E3760C5204C4FC0EADAAC2A9E3A1A498B0BE2F0883EE2B1A04 ] C:\Program Files (x86)\AVG\AVG2014\avgui.exe
12:06:13.0492 0x0d78 AVG_UI - ok
12:06:13.0616 0x0d78 [ 72860972F8196EBB3C896F53D2B95470, 95C046A66DD0089377867F073CADCE585B7C69CA23E724DCAD9D896BF01E023D ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
12:06:13.0684 0x0d78 hpqSRMon - detected UnsignedFile.Multi.Generic ( 1 )
12:06:22.0504 0x0d78 Detect skipped due to KSN trusted
12:06:22.0504 0x0d78 hpqSRMon - ok
12:06:22.0629 0x0d78 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:06:22.0709 0x0d78 Adobe ARM - ok
12:06:22.0776 0x0d78 [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
12:06:22.0851 0x0d78 APSDaemon - ok
12:06:22.0887 0x0d78 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
12:06:22.0921 0x0d78 SunJavaUpdateSched - ok
12:06:22.0942 0x0d78 vProt - ok
12:06:23.0057 0x0d78 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:06:23.0420 0x0d78 Sidebar - ok
12:06:23.0452 0x0d78 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:06:23.0574 0x0d78 mctadmin - ok
12:06:23.0655 0x0d78 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:06:23.0791 0x0d78 Sidebar - ok
12:06:23.0809 0x0d78 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:06:23.0876 0x0d78 mctadmin - ok
12:06:24.0007 0x0d78 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe
12:06:24.0026 0x0d78 Google Update - ok
12:06:24.0245 0x0d78 [ BAB442AE1AEF7D7CFAB62344FCCCFEA7, 8B757713D0B298B1762A617D29B688E11D82EAD9DF1605A6FCFA93BBC52646B9 ] C:\Users\Rob\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
12:06:24.0448 0x0d78 Google+ Auto Backup - ok
12:06:24.0560 0x0d78 [ 3B51A8E39E8F1AC3D8227D85562073D9, E8811A3127378C47CBDB54DFD16FAF1B0E0FA13E37D698D4FD11391CD084F335 ] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
12:06:24.0643 0x0d78 HydraVisionDesktopManager - detected UnsignedFile.Multi.Generic ( 1 )
12:06:28.0529 0x0d78 Detect skipped due to KSN trusted
12:06:28.0529 0x0d78 HydraVisionDesktopManager - ok
12:06:28.0702 0x0d78 [ 0DF3D43C5FE1495BEB3B6739379EF2B9, 44393AF83BC77C61E025FEF7143563018346F94CEAEE4FAEF9A8240AD0AB7F1F ] C:\Users\Rob\AppData\Roaming\uTorrent\uTorrent.exe
12:06:28.0798 0x0d78 uTorrent - ok
12:06:28.0917 0x0d78 [ 432BE6CF7311062633459EEF6B242FB5, 890C1734ED1EF6B2422A9B21D6205CF91E014ADD8A7F41AA5A294FCF60631A7B ] C:\Windows\SysWOW64\regsvr32.exe
12:06:29.0100 0x0d78 YmvPack - ok
12:06:29.0110 0x0d78 Andworks - ok
12:06:29.0115 0x0d78 Andworks Update - ok
12:06:29.0117 0x0d78 Waiting for KSN requests completion. In queue: 10
12:06:30.0117 0x0d78 Waiting for KSN requests completion. In queue: 10
12:06:31.0117 0x0d78 Waiting for KSN requests completion. In queue: 2
12:06:32.0117 0x0d78 Waiting for KSN requests completion. In queue: 2
12:06:33.0356 0x0d78 AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4765 ), 0x41000 ( enabled : updated )
12:06:33.0379 0x0d78 Win FW state via NFP2: enabled
12:06:36.0961 0x0d78 ============================================================
12:06:36.0961 0x0d78 Scan finished
12:06:36.0961 0x0d78 ============================================================
12:06:36.0981 0x1d5c Detected object count: 0
12:06:36.0981 0x1d5c Actual detected object count: 0
12:09:22.0981 0x1d10 Deinitialize success
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 9th, 2014, 1:38 pm

Step 5 OTL.txt:

OTL logfile created on: 10/9/2014 12:17:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rob\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.94 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.88% Memory free
7.87 Gb Paging File | 5.94 Gb Available in Paging File | 75.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 138.96 Gb Total Space | 63.89 Gb Free Space | 45.98% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.42 Gb Free Space | 34.25% Space Free | Partition Type: NTFS
Drive G: | 931.28 Gb Total Space | 657.62 Gb Free Space | 70.61% Space Free | Partition Type: FAT32

Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/09 12:13:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
PRC - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/08/25 11:37:18 | 005,188,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/06/17 17:43:07 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2012/01/31 21:35:40 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/07/13 20:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe


========== Modules (No Company Name) ==========

MOD - [2014/10/08 20:35:56 | 001,187,840 | ---- | M] () -- C:\Users\Rob\AppData\Local\Andworks\EPNHTX12.DLL
MOD - [2014/10/08 20:35:32 | 001,170,432 | ---- | M] () -- C:\Users\Rob\AppData\Local\Azsmworks\jinstall.dll
MOD - [2014/07/31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 12:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/08/18 17:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/08 07:52:58 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/10/04 19:56:57 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/07/07 17:03:30 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/08/11 22:53:43 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/08/06 10:50:04 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/07/21 21:03:12 | 000,244,504 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/06/30 12:43:02 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/17 16:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/06/17 16:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/17 16:06:58 | 000,269,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/06/17 16:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/03/19 15:27:44 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2014/03/19 15:23:14 | 000,050,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2014/01/07 09:02:06 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/10/17 10:32:56 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2013/10/08 08:58:42 | 012,534,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/10/08 07:27:46 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/05 03:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 19:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2186564753-274233747-90243057-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2186564753-274233747-90243057-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2186564753-274233747-90243057-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2186564753-274233747-90243057-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 95 E1 D6 C6 C2 CE 01 [binary data]
IE - HKU\S-1-5-21-2186564753-274233747-90243057-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2186564753-274233747-90243057-1001\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2186564753-274233747-90243057-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2186564753-274233747-90243057-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2186564753-274233747-90243057-1001\..\SearchScopes\{87EE648D-33A6-4780-AC1D-5E37ACCF2E41}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2186564753-274233747-90243057-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2186564753-274233747-90243057-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.1.10.2: C:\Users\Rob\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Rob\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/10/04 22:36:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/10/04 22:36:23 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_1\
CHR - Extension: No name found = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: No name found = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2014/09/17 07:06:59 | 000,001,394 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 193.107.16.144 www.google-analytics.com.
O1 - Hosts: 193.107.16.144 google-analytics.com.
O1 - Hosts: 193.107.16.144 connect.facebook.net.
O1 - Hosts: 188.40.62.184 www.google-analytics.com.
O1 - Hosts: 188.40.62.184 google-analytics.com.
O1 - Hosts: 188.40.62.184 connect.facebook.net.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKU\S-1-5-21-2186564753-274233747-90243057-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2186564753-274233747-90243057-1001..\Run: [Andworks] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2186564753-274233747-90243057-1001..\Run: [Andworks Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2186564753-274233747-90243057-1001..\Run: [Google+ Auto Backup] C:\Users\Rob\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (Google Inc.)
O4 - HKU\S-1-5-21-2186564753-274233747-90243057-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-2186564753-274233747-90243057-1001..\Run: [uTorrent] C:\Users\Rob\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-2186564753-274233747-90243057-1001..\Run: [YmvPack] C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fsutil.lnk = File not found
O4 - Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UserAccountControlSettings.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2186564753-274233747-90243057-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-2186564753-274233747-90243057-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB125F7-5AE6-4BE2-87BB-D38407939EB6}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB125F7-5AE6-4BE2-87BB-D38407939EB6}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{787A731F-3ED5-4062-825E-0600C0570306}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{787A731F-3ED5-4062-825E-0600C0570306}: NameServer = 8.8.8.8,8.8.8.8
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/14 13:36:32 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O33 - MountPoints2\{658be96b-3f43-11e3-9650-0019d14044e1}\Shell - "" = AutoRun
O33 - MountPoints2\{658be96b-3f43-11e3-9650-0019d14044e1}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe
O33 - MountPoints2\{f8003081-4fa3-11e3-ac8e-0019d14044e1}\Shell - "" = AutoRun
O33 - MountPoints2\{f8003081-4fa3-11e3-ac8e-0019d14044e1}\Shell\AutoRun\command - "" = H:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/09 12:13:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2014/10/09 12:01:58 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rob\Desktop\tdsskiller.exe
[2014/10/09 11:54:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/10/09 11:50:18 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/10/09 11:50:18 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Temp
[2014/10/09 11:42:36 | 000,000,000 | ---D | C] -- C:\zoek
[2014/10/09 11:15:31 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/10/07 18:44:19 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/10/07 18:44:19 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/10/07 17:33:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/07 16:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/10/04 20:16:10 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\16063
[2014/10/04 19:44:47 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\VirtualStore
[2014/09/23 17:51:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\mbar
[2014/09/23 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/09/18 15:55:34 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\Yoga.3.in.1.Workout
[2014/09/15 11:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/09/15 11:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/09/15 11:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/09/15 11:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/09/15 11:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/09/14 23:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAMN NFO Viewer
[2014/09/14 22:57:27 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Andworks
[2014/09/14 22:57:18 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Azsmworks
[2014/09/11 16:17:04 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/11 16:17:04 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/11 16:17:01 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/11 16:17:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/11 16:17:01 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/11 16:17:01 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/11 16:17:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/11 16:17:01 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/11 16:17:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/11 16:17:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/11 16:17:00 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/11 16:17:00 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/11 16:17:00 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/11 16:17:00 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/11 16:17:00 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/11 16:16:59 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/11 16:16:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/11 16:16:59 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/11 16:16:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/11 16:16:58 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/11 16:16:58 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/11 16:16:58 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/11 16:16:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/11 16:16:58 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/11 16:16:55 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/11 16:16:55 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/11 16:16:55 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/11 16:16:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/11 16:16:54 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/11 16:16:54 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/11 16:16:54 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/11 16:16:54 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/11 16:16:49 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/11 16:16:48 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/11 16:16:48 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/11 16:02:48 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/11 16:02:48 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/11 16:01:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2014/09/11 16:01:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2014/09/11 16:01:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2014/09/11 16:01:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2014/09/11 16:01:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2014/09/11 16:01:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2014/09/11 16:01:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2014/09/11 16:01:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2014/09/11 16:01:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2014/09/11 16:01:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2014/09/10 03:04:57 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/10 03:04:57 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/10 03:04:35 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/10 03:04:15 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/10 03:04:00 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/10 03:03:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

========== Files - Modified Within 30 Days ==========

[2014/10/09 12:16:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2186564753-274233747-90243057-1001UA.job
[2014/10/09 12:13:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2014/10/09 12:03:15 | 000,028,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/09 12:03:15 | 000,028,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/09 12:02:05 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rob\Desktop\tdsskiller.exe
[2014/10/09 11:56:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/09 11:53:48 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/09 11:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/09 11:52:52 | 3169,255,424 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/09 11:48:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/09 11:41:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2186564753-274233747-90243057-1001UA.job
[2014/10/09 11:41:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2186564753-274233747-90243057-1001Core.job
[2014/10/09 11:15:30 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/10/09 11:13:27 | 001,290,752 | ---- | M] () -- C:\Users\Rob\Desktop\zoek.exe
[2014/10/09 11:06:51 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2014/10/09 10:15:47 | 000,001,223 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UserAccountControlSettings.lnk
[2014/10/09 09:38:41 | 000,000,288 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\2EBF38F9.reg
[2014/10/08 19:16:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2186564753-274233747-90243057-1001Core.job
[2014/10/04 19:56:55 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/10/04 19:56:55 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/10/04 19:55:40 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/09/24 21:08:38 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/24 20:40:50 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/24 17:46:21 | 004,319,749 | ---- | M] () -- C:\Users\Rob\Desktop\Science LEsson 9.jpg
[2014/09/21 17:50:56 | 000,094,366 | ---- | M] () -- C:\Users\Rob\AppData\Local\census.cache
[2014/09/21 17:50:55 | 000,151,522 | ---- | M] () -- C:\Users\Rob\AppData\Local\ars.cache
[2014/09/21 17:46:04 | 000,000,010 | ---- | M] () -- C:\Users\Rob\AppData\Local\sponge.last.runtime.cache
[2014/09/21 17:40:38 | 000,000,036 | ---- | M] () -- C:\Users\Rob\AppData\Local\housecall.guid.cache
[2014/09/18 20:23:14 | 000,781,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/18 20:23:14 | 000,662,080 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/18 20:23:14 | 000,121,948 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/17 07:06:59 | 000,001,394 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/09/16 23:32:20 | 000,001,121 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fsutil.lnk
[2014/09/14 23:01:56 | 000,413,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/11 16:13:18 | 000,773,956 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2014/10/09 11:50:19 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/10/09 11:13:18 | 001,290,752 | ---- | C] () -- C:\Users\Rob\Desktop\zoek.exe
[2014/10/09 10:15:47 | 000,001,223 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UserAccountControlSettings.lnk
[2014/10/09 09:38:41 | 000,000,288 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\2EBF38F9.reg
[2014/10/06 11:01:39 | 000,004,720 | ---- | C] () -- C:\Users\Rob\Desktop\mbam-log-2014-09-01 (23-00-02).xml
[2014/09/24 17:46:43 | 004,319,749 | ---- | C] () -- C:\Users\Rob\Desktop\Science LEsson 9.jpg
[2014/09/21 17:50:56 | 000,094,366 | ---- | C] () -- C:\Users\Rob\AppData\Local\census.cache
[2014/09/21 17:50:55 | 000,151,522 | ---- | C] () -- C:\Users\Rob\AppData\Local\ars.cache
[2014/09/21 17:46:04 | 000,000,010 | ---- | C] () -- C:\Users\Rob\AppData\Local\sponge.last.runtime.cache
[2014/09/21 17:40:38 | 000,000,036 | ---- | C] () -- C:\Users\Rob\AppData\Local\housecall.guid.cache
[2014/09/18 19:40:03 | 3059,310,364 | ---- | C] () -- C:\Users\Rob\Desktop\Don.Jon.2013.1080p.BRRiP.H264.AAC.Dual.Audio-BLiTZCRiEG.mp4
[2014/09/18 19:39:07 | 1443,055,825 | ---- | C] () -- C:\Users\Rob\Desktop\2 Guns 2013 BRRip 720p AC3 x264 Temporal.mkv
[2014/09/16 23:32:20 | 000,001,121 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fsutil.lnk
[2014/06/24 21:32:37 | 000,005,120 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/16 12:10:17 | 000,007,597 | ---- | C] () -- C:\Users\Rob\AppData\Local\Resmon.ResmonCfg
[2013/11/18 20:47:16 | 000,773,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/08 10:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/10/08 08:39:08 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/08 08:39:08 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/10/06 23:40:42 | 000,202,758 | ---- | C] () -- C:\Windows\hpoins18.dat
[2013/10/06 23:40:42 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2013/10/06 13:56:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/18 09:44:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/10/18 09:44:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2014/10/07 21:24:52 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\.ACEStream
[2014/10/04 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\16063
[2014/10/07 21:24:55 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ACEStream
[2014/10/04 22:36:47 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Audacity
[2013/10/06 17:58:13 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\AVG2014
[2014/10/04 22:36:47 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Battle.net
[2013/10/14 12:14:49 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\com.connectionsEducation.activityTracker
[2013/10/27 15:00:41 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DVDFab9
[2014/02/23 10:54:30 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ImgBurn
[2013/10/16 20:11:35 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Oracle
[2014/10/07 21:23:53 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\StreamTorrent
[2014/10/04 22:18:57 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TeamViewer
[2013/10/06 17:57:28 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TuneUp Software
[2014/10/09 11:57:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\uTorrent
[2014/10/07 21:24:56 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Wise Care 365

========== Purity Check ==========



< End of report >
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 9th, 2014, 1:39 pm

Step 5 Extras.txt:

OTL Extras logfile created on: 10/9/2014 12:17:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rob\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.94 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.88% Memory free
7.87 Gb Paging File | 5.94 Gb Available in Paging File | 75.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 138.96 Gb Total Space | 63.89 Gb Free Space | 45.98% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.42 Gb Free Space | 34.25% Space Free | Partition Type: NTFS
Drive G: | 931.28 Gb Total Space | 657.62 Gb Free Space | 70.61% Space Free | Partition Type: FAT32

Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2186564753-274233747-90243057-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A672F46-A2C3-4603-9643-3A7BB7346ABB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{421EF8F9-A6C8-4F0C-BE39-02BB0491E143}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42290070-D2CF-4CCF-B8AB-DEC63969DA1D}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D5597F8-0E9B-40DA-B106-89DA82F13D14}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5893F351-A7C8-4A16-AE07-A188E7CCF117}" = rport=137 | protocol=17 | dir=out | app=system |
"{65372215-6A09-45BF-BF3D-0626802B08E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{661023BB-5EC0-4070-9392-D6036F9653EE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{7568A4A7-9382-4760-BD12-0CC9B74AB056}" = lport=445 | protocol=6 | dir=in | app=system |
"{7CFFE773-5411-4D0C-A235-467985178CA4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80251805-4068-4366-AFF2-5939C112ADF0}" = rport=445 | protocol=6 | dir=out | app=system |
"{9D77D3A7-2943-4729-8631-FBF38F7509D3}" = rport=138 | protocol=17 | dir=out | app=system |
"{CE1AEF31-E53B-4924-950B-E8B5F39F0347}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D3FBC157-8FFF-4379-8167-D29102C3DD70}" = rport=139 | protocol=6 | dir=out | app=system |
"{FC0F4C1F-2512-4A04-82A3-D40B29C5FC63}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C804DC-C8C1-498D-81F3-14AD3436A7E5}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{0A0AB482-3999-4DA7-8CA6-E310EF3D8364}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{0F9DB8A5-3786-42B9-AA3D-7B5B4DD2C23E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{14AE6F74-E00C-4855-A9FF-E8A25AA8D36B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{15FBCCA1-F964-4873-9C82-CF1B002C2C27}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{18FC40A7-2615-4ACA-A25B-A9B302B8CEBD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{19229CFC-E33D-4ACC-93DC-14E97EEC4770}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1D8BC6BA-4249-4253-AD6D-F9DE2A21393F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{200D6DE4-F0F9-49B6-93BA-F242FD6DBEC5}" = dir=in | app=c:\windows\system32\rundll32.exe |
"{2093028C-D3D0-46E7-B7EE-63F6137EEF9D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{22D2248C-FE82-44CB-9A12-ED3A9CBE2505}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2B45C7F7-3F4B-4BED-A1FD-D972F520647E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2C236F71-CED4-4361-86CF-5EC8E0BD96B4}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{31367845-E14A-4F4E-8866-C15E374737BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3158EB69-73B7-447B-B17A-85596A8D296F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{333D03C1-A81C-41DA-B78E-FABA7A43F2FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{349F4227-C5C3-4B29-BA88-942543D1A525}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{3893D4E6-D968-425F-BF23-B2956778F1C9}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{38FB33FA-B92E-4148-920F-E49CE7B14ED1}" = protocol=6 | dir=in | app=c:\users\rob\appdata\roaming\utorrent\utorrent.exe |
"{3B69B9F4-D7E9-4EB2-B753-BD3476A6AB30}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{3CEDEA08-8992-43DF-B8EB-192DD1F87A86}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{3D605C51-0C5C-4EF4-960E-1940A5982EB2}" = protocol=6 | dir=in | app=c:\users\rob\appdata\roaming\utorrent\utorrent.exe |
"{4255C159-4F21-4F1C-90B7-088B1DB2FC32}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{49316C61-7088-4474-9989-E498C5BAB1CE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{4A8D5E08-D13C-41F0-A15B-015E33F7F04F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5685B9C0-1043-4C64-99E6-807C5A194A74}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{58165DC7-E103-43BB-9138-5BD531702FA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{59E6B746-8560-42CA-BF73-23D74B6D01ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59F147E9-3B40-4C95-B637-F9E0746AE907}" = dir=in | app=c:\windows\explorer.exe |
"{612013B9-E274-48CD-AB75-8967E059D6B6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{68E5CB06-1489-4070-AE58-EC0564F79041}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{769FA823-B06A-40B2-A312-5F94C9376604}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7842D5E0-5D88-45E8-84C0-E0DBF8234283}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7C52B423-A325-45B0-AA64-FAEE697239ED}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{82195E60-D849-42CD-B7DE-8C268306C3A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{82709751-7657-4ECA-AF62-191543339FAD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8CD501A5-C443-4C16-A3EB-860A2CD16645}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{9191CE6E-D443-4824-94D0-4CAF1C99D458}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{925DD75A-F975-46FB-B150-F701E92497BE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{99FFB03F-FAF1-45A6-AEAF-B69F41E8465D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{A3C40583-2A0F-49F7-84D8-C54BA4F53F34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{A6107FE4-607B-483A-85C1-2ECF94C7411F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{AF7A6FB0-05F5-4C76-B35D-0D68A5842E8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B06D6A10-4DB4-4F3E-8177-FE94E3F22DFE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{B7C06F12-1E51-4F75-B3BC-8363596B9A09}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{BE9B99E8-205C-4AD4-86F1-1729D84C2E08}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{BFAA6544-C4FA-4C02-9B08-A69B9D9497DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{C19ADE75-DCFE-4370-BFF4-24F71D6C8FBA}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{C59FCA84-1E64-4F36-92AE-58768CF72EF8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{CE25F8C6-A670-42AC-80F2-E83069CCA451}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{CEE4D455-E83F-4163-9F9B-D56718A08B16}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{D49BA36D-3A52-4324-999E-29D614DD0E72}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DA5734D0-95CD-48F4-B895-470AB2DF6C2C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DEB8D896-A78E-4290-913B-33D11483BA25}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DF378111-E02D-4019-ABFF-C53A4575AD33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{E6D8D85A-FDD0-4245-ABC3-276842840BD0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{E820B047-8A94-40EA-8F33-B7CE4C004802}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E9281842-8857-4692-B7C0-17403E29C862}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{EA73F70B-1C94-44A2-9D0E-34CAFA2FE410}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{EDEBB9A3-FEC6-4CFC-8E27-281879546AC4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F4E91351-AFA6-4342-8C17-1C65EC8B0398}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{F58EE31A-2FC3-4349-BEBE-6E17AB405FAD}" = protocol=17 | dir=in | app=c:\users\rob\appdata\roaming\utorrent\utorrent.exe |
"{F5D73843-808F-4BD5-8398-0014997672C1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{F89F065D-DDFF-46C3-99A8-55AC9F468D16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{F90774FE-99CC-4610-8E98-609D79DEC8EE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{F9AED665-4585-4818-8B06-B0ADCC76B2DC}" = protocol=17 | dir=in | app=c:\users\rob\appdata\roaming\utorrent\utorrent.exe |
"{FB049C3A-868C-45C8-A6FD-909D0451936A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{4AE7D20D-BA9A-4AFC-8DFB-456F9DDEA0D7}C:\users\rob\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{52360A57-88D4-4F94-9A59-96750FB7623E}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{53768D33-CC59-4724-A1BE-964B876C2457}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{563D9CC8-2A4D-4820-9F39-8A8921D91179}C:\programdata\battle.net\agent\agent.beta.2753\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"TCP Query User{5F3BEF8E-5E45-42F2-BA30-02731CDA6E0F}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{6C4DA0B3-B2C9-403B-93F6-D83118640E16}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{AAED6ABD-74EE-403D-A66A-16F9A6CEF0BF}C:\programdata\battle.net\agent\agent.beta.2753\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"UDP Query User{E24DA005-C877-4947-ADBA-3D83D68B3B2B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{EB145B6B-C1A3-441E-B9DD-283EB0548986}C:\users\rob\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\roaming\acestream\engine\ace_engine.exe |
"UDP Query User{EC3F1EAC-C120-4F6B-92BF-799A5BDFE3E6}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}" = AMD Catalyst Install Manager
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{977EBBDB-BA86-4975-803C-A7FDDF92A10C}" = AVG 2014
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ADCB5F9E-EF88-6D61-EE2F-99F51DF1B6EF}" = AMD Media Foundation Decoders
"{B42D82E8-FF97-48BB-91AA-86717B2B6B16}" = AVG 2014
"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support
"{BB8B580B-8119-0235-C923-5F1EECE66561}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E57289A3-B314-F00A-F0D0-7CB63E588CFF}" = AMD Accelerated Video Transcoding
"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes
"{FEB22B7A-7B05-4A49-3BA3-D24815D37FAE}" = ccc-utility64
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2014
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Recuva" = Recuva
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{170236F2-1F88-A116-DA64-3FEED17B9387}" = CCC Help Italian
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{2178EDD8-A3A6-50E3-407B-6629EA8E6ECE}" = AMD Catalyst Control Center
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{32957F2B-A371-151F-9DA1-7BCA54BA2C71}" = CCC Help Danish
"{398004A7-6198-B8AB-443A-D250FFA57446}" = CCC Help Greek
"{3A29665B-2304-A9F7-601D-86340BD29D57}" = CCC Help Korean
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{4310E447-8AF3-020C-06D0-CB317D1BC92B}" = CCC Help Spanish
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4DF0CAAC-F479-1673-EE92-03FFB9A05C1A}" = CCC Help English
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6670AE0A-83FD-C514-C4EC-51618BEDCF04}" = Catalyst Control Center InstallProxy
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DD76706-759A-1D77-9D1B-39FFFEC203BE}" = CCC Help Hungarian
"{6DF3C5B5-AEA5-198E-289C-CAADC4A17C04}" = CCC Help Dutch
"{6F9B3984-08EB-19EE-5E93-E79FD0854596}" = CCC Help Czech
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82DA3D5E-0041-D8F7-6ACD-53A06C863FD4}" = CCC Help Swedish
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8E63AD00-6BEB-9E98-739E-C8EE42CF0419}" = CCC Help Norwegian
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9584BE1B-2FBE-4F45-13EA-6567F3E2D9A2}" = CCC Help Chinese Traditional
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{993609E5-B0A7-0270-BA78-385016D5A4FA}" = CCC Help Chinese Standard
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C50B767-48BA-A567-0CFE-31620AE8FC97}" = CCC Help German
"{9E94C6F8-2B4E-D900-E73C-E7BCC7653188}" = CCC Help Japanese
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B6916E4B-FD07-47E7-B906-B3F734F08E29}" = C4100
"{BAF7AD00-6FF9-CB6E-066F-255F24418356}" = Activity Tracker
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEFD4139-C684-DBF8-33F2-7963161E2F10}" = CCC Help Russian
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CA00F224-335F-6A70-DC7A-45D26F61C443}" = HydraVision
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CFBC3C9F-C781-4A0A-4AC9-BEBDE9850C16}" = CCC Help Turkish
"{D17BE572-CBFB-2AA4-759B-E21F04093001}" = CCC Help Thai
"{D3C44AE6-7A77-6CB3-0708-C970C53E8136}" = Catalyst Control Center Localization All
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E9E87CFE-894C-8FFB-31C2-61C6B640F2B2}" = CCC Help Finnish
"{E9F63F5F-00EF-516C-C7F6-ABD3DC174B5E}" = CCC Help Polish
"{EA3960CB-883C-5B18-FA85-7C36C320E4BC}" = Catalyst Control Center Graphics Previews Common
"{ED62231A-B71D-C39A-7CE0-B2C8388A67C2}" = CCC Help French
"{FBC9A8BD-C74D-86B3-7818-D584C9174F48}" = CCC Help Portuguese
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Battle.net" = Battle.net
"com.connectionsEducation.activityTracker" = Activity Tracker
"Diablo III" = Diablo III
"DVDFab 9_is1" = DVDFab 9.0.7.2 (18/10/2013)
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007
"SopCast" = SopCast 3.8.3
"SpeedFan" = SpeedFan (remove only)
"StreamTorrent 1.0" = StreamTorrent 1.0
"TeamViewer 9" = TeamViewer 9
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"VLC media player" = VLC media player
"Wise Care 365_is1" = Wise Care 365 3.23

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2186564753-274233747-90243057-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AceStream" = Ace Stream Media 2.1.10.2
"Google+ Auto Backup" = Google+ Auto Backup
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2014 11:09:30 AM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10733

Error - 10/9/2014 11:09:31 AM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/9/2014 11:09:31 AM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11763

Error - 10/9/2014 11:09:31 AM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11763

Error - 10/9/2014 11:09:32 AM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/9/2014 11:09:32 AM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12824

Error - 10/9/2014 11:09:32 AM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12824

Error - 10/9/2014 11:09:34 AM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/9/2014 11:09:34 AM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14914

Error - 10/9/2014 11:09:34 AM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14914

[ System Events ]
Error - 10/9/2014 12:44:12 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/9/2014 12:44:12 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/9/2014 12:44:13 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/9/2014 12:44:14 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/9/2014 12:44:15 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/9/2014 12:44:16 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/9/2014 12:44:17 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/9/2014 12:44:18 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/9/2014 12:53:43 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7000
Description = The Coupon Printer Service service failed to start due to the following
error: %%2

Error - 10/9/2014 12:56:19 PM | Computer Name = Rob-PC | Source = DCOM | ID = 10010
Description =


< End of report >
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 9th, 2014, 1:42 pm

Since completing Steps 3,4 and 5, I have not gotten any reports of viruses from AVG Free. Chrome is still getting redirected sometimes. I clicked on page one of this post, but was instead directed to:

hxxp://.enigmasoftware.com/spyhunter-rw/

Otherwise I have noticed no other strange behavior.
Last edited by Cypher on October 10th, 2014, 8:12 am, edited 1 time in total.
Reason: Disabled link
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby pgmigg » October 10th, 2014, 12:30 am

Hello rigidee,

I clicked on page one of this post, but was instead directed to: hxxp://...
Firstly, may I draw your attention to the fact that posting of the any links like you did is potentially dangerous, especially if such links were results from redirection, because somebody can click on it and infect his computer. Our forum admins will need to edit such links for disabling.
Please don't do it again!

Step 1.
TSG - SysInfo utility
  1. Please download SysInfo.exe and save it to your Desktop.
  2. Right click SysInfo.exe and select "Run As Administrator" to run it... if UAC prompts, please allow it.
  3. The small square window will be opened with already highlighted text - please right click on it, select Copy and then paste it in your next post.

Step 2.
MiniToolBox
Please download MiniToolBox.exe ... by Farbar and save it to your Desktop.
  1. Right click MiniToolBox and select "Run As Administrator...", to run the tool.
  2. Check the following in the list:
    • List content of Hosts
    • List IP configuration
    • List Installed Programs
    • List Devices - Only Problems (default)... No Driver... All
    • List Users, Partitions and Memory size.
    • List Minidump Files
    • List Restore Points
  3. Press the Go button.
    A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  4. Close the MiniToolBox window.
  5. Please post the contents of the Result.txt in your next reply.

Step 3.
MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  1. Please download this tool from Microsoft and save it to your Desktop.
  2. Right click on MGADiag.exe and select Run As Administrator to run it.
  3. Click "Run" again and then click "Continue".
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Step 4.
WVCheck
  1. Please download WVCheck.exe and save it to your Desktop.
  2. Right-click WVCheck.exe and select Run as administrator... to run the process.
  3. Read the comments on the screen, then press Enter.
    The scan can take a while depending on the size of your hard drive.
  4. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
  5. Please copy and paste the contents of the Notepad file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Answers to my questions related to type of using of your computer and the origin of Microsoft Office .
  3. Contents of TSG - SysInfo utility
  4. Contents of a Result.txt log file created by [b]MiniToolBox[/b]
  5. Contents of a log created by MGADiag.exe
  6. Contents of a log created by WVCheck.exe

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 12th, 2014, 6:47 pm

Hi pgmigg,

Sorry about the link. It won't happen again. Here is the TSG - SysInfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) D CPU 2.80GHz, Intel64 Family 15 Model 6 Stepping 4
Processor Count: 2
RAM: 4029 Mb
Graphics Card: AMD Radeon HD 7700 Series, 1024 Mb
Hard Drives: C: Total - 142290 MB, Free - 63313 MB; D: Total - 10239 MB, Free - 3507 MB; G: Total - 953634 MB, Free - 673399 MB;
Motherboard: Dell Inc., 0WG864
Antivirus: AVG AntiVirus Free Edition 2014, Updated and Enabled
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 12th, 2014, 6:50 pm

Result.txt:

MiniToolBox by Farbar Version: 21-07-2014
Ran by Rob (administrator) on 12-10-2014 at 17:48:22
Running from "C:\Users\Rob\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

::1 localhost








































































































































































































158.58.173.194 www.google-analytics.com.
158.58.173.194 google-analytics.com.
158.58.173.194 connect.facebook.net.
198.37.114.177 www.google-analytics.com.
198.37.114.177 google-analytics.com.
198.37.114.177 connect.facebook.net.

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel(R) 82562GT 10/100 Network Connection = Local Area Connection (Connected)
Broadcom 802.11g Network Adapter = Wireless Network Connection (Media disconnected)
TeamViewer VPN Adapter = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Rob-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TeamViewer VPN Adapter
Physical Address. . . . . . . . . : 00-FF-81-1E-BF-7B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 00-14-A5-9B-34-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82562GT 10/100 Network Connection
Physical Address. . . . . . . . . : 00-19-D1-40-44-E1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ec03:ed62:257:b539%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, October 09, 2014 11:53:21 AM
Lease Expires . . . . . . . . . . : Monday, October 13, 2014 11:53:22 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234887633
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-E3-70-06-00-19-D1-40-44-E1
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.8.8
8.8.8.8
8.8.8.8
8.8.8.8
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{811EBF7B-56FF-4B08-B712-BF10A4BC82EC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:10d4:15c7:b8dd:e4df(Preferred)
Link-local IPv6 Address . . . . . : fe80::10d4:15c7:b8dd:e4df%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{3CB125F7-5AE6-4BE2-87BB-D38407939EB6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{787A731F-3ED5-4062-825E-0600C0570306}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com
Addresses: 2607:f8b0:4009:801::1005
74.125.225.101
74.125.225.97
74.125.225.99
74.125.225.103
74.125.225.104
74.125.225.96
74.125.225.98
74.125.225.100
74.125.225.102
74.125.225.110
74.125.225.105


Pinging google.com [173.194.46.105] with 32 bytes of data:
Reply from 173.194.46.105: bytes=32 time=77ms TTL=57
Reply from 173.194.46.105: bytes=32 time=35ms TTL=57

Ping statistics for 173.194.46.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 77ms, Average = 56ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=86ms TTL=51
Reply from 206.190.36.45: bytes=32 time=86ms TTL=51

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 86ms, Maximum = 86ms, Average = 86ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...00 ff 81 1e bf 7b ......TeamViewer VPN Adapter
12...00 14 a5 9b 34 61 ......Broadcom 802.11g Network Adapter
10...00 19 d1 40 44 e1 ......Intel(R) 82562GT 10/100 Network Connection
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:5ef5:79fb:10d4:15c7:b8dd:e4df/128
On-link
10 276 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::10d4:15c7:b8dd:e4df/128
On-link
10 276 fe80::ec03:ed62:257:b539/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None


=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Ace Stream Media 2.1.10.2 (HKCU\...\AceStream) (Version: 2.1.10.2 - Ace Stream Media)
Activity Tracker (HKLM-x32\...\com.connectionsEducation.activityTracker) (Version: 2.1 - Connections Education, LLC)
Activity Tracker (x32 Version: 2.1 - Connections Education, LLC) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVDFab 9.0.7.2 (18/10/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.228.0 - Advanced Micro Devices, Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version: - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.8 - Tweaking.com)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wise Care 365 3.23 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.23 - WiseCleaner.com, Inc.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 68%
Total physical RAM: 4029.92 MB
Available physical RAM: 1252.47 MB
Total Pagefile: 8458.02 MB
Available Pagefile: 1490.72 MB
Total Virtual: 4095.88 MB
Available Virtual: 3764.48 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:61.83 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.42 GB) NTFS
5 Drive g: (My Book) (Fixed) (Total:931.28 GB) (Free:657.62 GB) FAT32

========================= Users: ========================================

User accounts for \\ROB-PC

Administrator Guest Rob

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

07-10-2014 20:16:42 Installed Java 7 Update 67
07-10-2014 21:14:16 Windows Update
07-10-2014 21:17:48 Removed Java 7 Update 45 (64-bit)
07-10-2014 21:24:21 Revo Uninstaller's restore point - AVG SafeGuard toolbar
07-10-2014 22:33:39 OTL Restore Point - 10/7/2014 5:33:39 PM
09-10-2014 02:01:02 Windows Update
09-10-2014 16:17:20 zoek.exe restore point

**** End of log ****
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 12th, 2014, 6:53 pm

MGA Diagnostics:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-RFP2Y
Windows Product Key Hash: 2CyYWWgHNRLGjZfGCROFNdF+rkg=
Windows Product ID: 55041-149-2558096-86836
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {60159BB7-FAE6-4340-B448-F60B0859EE5C}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{60159BB7-FAE6-4340-B448-F60B0859EE5C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-149-2558096-86836</PID><PIDType>6</PIDType><SID>S-1-5-21-2186564753-274233747-90243057</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DM061 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>2.4.0 </Version><SMBIOSVersion major="2" minor="3"/><Date>20070524000000.000000+000</Date></BIOS><HWID>FC593807018400F6</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>B8K </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0014-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional 2007</Name><Ver>12</Ver><Val>7A55BD2A1D48F12</Val><Hash>xdkHvdgydkSwTi1tBYNEEnvgkGs=</Hash><Pid>81605-905-3974165-65731</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, VOLUME_MAK channel
Activation ID: 9abf5984-9c16-46f2-ad1e-7fe15931a8dd
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00172-149-255809-03-1033-7600.0000-2802013
Installation ID: 020843320722197870895580965042031285790362487251192802
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: RFP2Y
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 10/12/2014 5:51:49 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MgAAAAIAAAABAAEAAQACAAAAAwABAAEA6GFKb2yJ0JZEakISPEqKm7iGVH7ce2g9gNc=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL B8K
FACP DELL B8K
HPET DELL B8K
BOOT DELL B8K
MCFG DELL B8K
SSDT DELL st_ex
DUMY DELL B8K
SLIC DELL B8K
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby pgmigg » October 12th, 2014, 11:13 pm

Hello rigidee,

Can you tell me how you obtained your copy of Microsoft Windows 7 Professional edition?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I've got a nasty infection. Total Codec Pack.

Unread postby rigidee » October 13th, 2014, 6:00 pm

Hi pgmigg,

I obtained my copy of Microsoft Windows 7 Professional through the University I was attending at the time. The had a deal with Microsoft so that all the students could get a copy of Windows 7. That's also where I got my copy of Office 2007 from.

Here is my WVCheck.exe log:

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1754_12-10-2014
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
WVCheck could not read the Auto-Update Option.
-----------------------
Last Success Time for Update Detection: 2014-10-12 08:10:33
Last Success Time for Update Download: 2014-10-07 23:44:19
Last Success Time for Update Installation: 2014-10-09 02:02:42


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 7/10/2013 1:21:21
Modification; 20/11/2010 6:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 7/10/2013 1:21:21
Modification; 20/11/2010 6:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 13/7/2009 18:52:11
Modification; 13/7/2009 20:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 7/10/2013 1:21:37
Modification; 20/11/2010 7:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 18:36:22
Modification; 13/7/2009 20:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 7/10/2013 1:21:21
Modification; 20/11/2010 6:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 1804_12-10-2014 --------
rigidee
Regular Member
 
Posts: 19
Joined: September 30th, 2014, 2:09 pm

Re: I've got a nasty infection. Total Codec Pack.

Unread postby pgmigg » October 13th, 2014, 11:43 pm

Hello rigidee,

I obtained my copy of Microsoft Windows 7 Professional through the University I was attending at the time. The had a deal with Microsoft so that all the students could get a copy of Windows 7. That's also where I got my copy of Office 2007 from.
Your original computer was manufactured by Dell in 2007 and has Windows XP or Vista. Currently you have Windows 7 with MAK (Multiple Activation Key) license which is legal for business or educational computer as that you obtained when you was attending to University.

I'm sorry to say that the your Volume MAK license cannot be valid on your machine as you are not a student for now.

As you are in need of a valid license, I am requesting the thread be closed for an illegal operating system.

When you get a new license, post in a new thread with all fresh:
  1. DDS and Attach logs
  2. MGA log
  3. Windows Validation Check
  4. A link to this thread

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: I've got a nasty infection. Total Codec Pack.

Unread postby Gary R » October 14th, 2014, 1:05 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware