Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirecting to iLivid and other websites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Redirecting to iLivid-TDSSKiller Report p2 of 3

Unread postby goalie79 » March 23rd, 2015, 2:45 pm

08:02:21.0282 0x07e0 ================ Scan global ===============================
08:02:21.0298 0x07e0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
08:02:21.0329 0x07e0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:02:21.0345 0x07e0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:02:21.0391 0x07e0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:02:21.0423 0x07e0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
08:02:21.0423 0x07e0 [ Global ] - ok
08:02:21.0423 0x07e0 ================ Scan MBR ==================================
08:02:21.0438 0x07e0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:02:21.0906 0x07e0 \Device\Harddisk0\DR0 - ok
08:02:21.0906 0x07e0 [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk1\DR1
08:02:21.0906 0x07e0 \Device\Harddisk1\DR1 - ok
08:02:21.0906 0x07e0 ================ Scan VBR ==================================
08:02:21.0922 0x07e0 [ 621E1A48FEA2C9E6369E66C39E008F9E ] \Device\Harddisk0\DR0\Partition1
08:02:21.0922 0x07e0 \Device\Harddisk0\DR0\Partition1 - ok
08:02:21.0953 0x07e0 [ A49C3BD25B7DDEB63AA5B996518CF2DD ] \Device\Harddisk0\DR0\Partition2
08:02:22.0000 0x07e0 \Device\Harddisk0\DR0\Partition2 - ok
08:02:22.0000 0x07e0 [ 94D11496758F299104DBD18A10CC3649 ] \Device\Harddisk1\DR1\Partition1
08:02:22.0015 0x07e0 \Device\Harddisk1\DR1\Partition1 - ok
08:02:22.0015 0x07e0 ================ Scan generic autorun ======================
08:02:22.0078 0x07e0 [ 87A4570E9D15A2821015B7FB6B821654, BDF5266905DC3F9ED0DBE41798D9907FC9E8D030DD5C28975BBF9BFD8BD9DA71 ] C:\Windows\system32\igfxtray.exe
08:02:22.0078 0x07e0 IgfxTray - ok
08:02:22.0140 0x07e0 [ 842683D8F1A58A76E5A03DA35B4962EE, 7D1B1918D69566694D7D0E82A8A1C7537A5C3A1533DC80F60FE212DD2DBC6099 ] C:\Windows\system32\hkcmd.exe
08:02:22.0140 0x07e0 HotKeysCmds - ok
08:02:22.0171 0x07e0 [ 99F8C1060BFB20D2039716BBF741D6C2, 8C578E288D88697E88AB9BEAE79D33AF23AD6176D830D5916BD2DD42EC6FADC5 ] C:\Windows\system32\igfxpers.exe
08:02:22.0187 0x07e0 Persistence - ok
08:02:22.0218 0x07e0 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
08:02:22.0234 0x07e0 Logitech Download Assistant - ok
08:02:22.0312 0x07e0 [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
08:02:22.0312 0x07e0 iTunesHelper - ok
08:02:22.0468 0x07e0 [ 55F8B430E029CEE65AE366E3219665D6, 4284E647BC54F7E0785EC73B407B7C63B11D990923802A4BA0A795604E6057E3 ] C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe
08:02:22.0483 0x07e0 Intel Scheduler2 Service - ok
08:02:23.0778 0x07e0 [ AC5406D1A6C19D83F92FA22697F3F072, 592BD212F1C0F6FE8605328F2D4A3EA360FF74B42E467E7ED201492A800181C8 ] C:\Program Files\Logitech Gaming Software\LCore.exe
08:02:24.0012 0x07e0 Launch LCore - ok
08:02:24.0137 0x07e0 [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
08:02:24.0137 0x07e0 BCSSync - ok
08:02:24.0277 0x07e0 [ 4E8C895616B22D8A7AFA6AC52E02E996, 41589C10705E36B08A661E48BB8058D5E80671A7522C3B9441F29C9345AC8EF7 ] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
08:02:24.0309 0x07e0 BrMfcWnd - ok
08:02:24.0387 0x07e0 [ 4DE3EF07E0854547309C6B40235A9D44, F73D8E6D98583865D1C8DB728058D83C72A3908E21E04EF313FCB829C040A1EC ] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
08:02:24.0387 0x07e0 ControlCenter3 - ok
08:02:24.0636 0x07e0 [ 15F3F063FAABB583C0A383DC0D4AAACC, FC0044F32E7805E382AED9670C59D1FC3238B43F9797839981B010E794BC7D24 ] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
08:02:24.0699 0x07e0 Fitbit Connect - ok
08:02:24.0964 0x07e0 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
08:02:24.0995 0x07e0 Adobe ARM - ok
08:02:25.0089 0x07e0 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
08:02:25.0104 0x07e0 QuickTime Task - ok
08:02:25.0354 0x07e0 [ 05D4A2EB4764FB137C6ED3245028A06D, E4700AD6877B02F6D22F636E16A9DE344189AE9F3E5400AF7FEFBBD8AE72898C ] C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
08:02:25.0401 0x07e0 DataMigrationSoftwareMonitor.exe - ok
08:02:25.0759 0x07e0 [ 938FA6F63B210FB8EF5A7B2FC1229431, 545DDA9C32DF14B50688F8192A345FE66D2DB3F8763ECBF85B38AC829E49E1D9 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
08:02:25.0962 0x07e0 AvastUI.exe - ok
08:02:26.0040 0x07e0 [ 3FDCA1F725CA8E367B9DBBC43F983423, 95DCC1C68433FA8E0223F0A798A2BEC269564C6107E246222202757E2503E6DA ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
08:02:26.0040 0x07e0 SunJavaUpdateSched - ok
08:02:26.0181 0x07e0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:02:26.0227 0x07e0 Sidebar - ok
08:02:26.0259 0x07e0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:02:26.0274 0x07e0 mctadmin - ok
08:02:26.0305 0x07e0 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:02:26.0321 0x07e0 Sidebar - ok
08:02:26.0368 0x07e0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:02:26.0368 0x07e0 mctadmin - ok
08:02:26.0508 0x07e0 [ 15F3F063FAABB583C0A383DC0D4AAACC, FC0044F32E7805E382AED9670C59D1FC3238B43F9797839981B010E794BC7D24 ] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
08:02:26.0571 0x07e0 Fitbit Connect - ok
08:02:27.0226 0x07e0 [ 14EF06B1EA531D681B5738F37388B99C, AB74735A3569B7995572FD7B0D026919CADA27C43A6AD0503659CE7CA3FF6B84 ] C:\Program Files\CCleaner\CCleaner64.exe
08:02:27.0351 0x07e0 CCleaner Monitoring - ok
08:02:27.0429 0x07e0 [ 173D93AB55B6602C115E1E0BCDA3BDBC, 938C02C2C682B542788F0D94ABAB2FA7D80D00E1B8A55E19BEE49AF31AB10D9F ] C:\Windows\Speech\Common\sapisvr.exe
08:02:27.0429 0x07e0 Speech Recognition - ok
08:02:28.0177 0x07e0 [ 14EF06B1EA531D681B5738F37388B99C, AB74735A3569B7995572FD7B0D026919CADA27C43A6AD0503659CE7CA3FF6B84 ] C:\Program Files\CCleaner\CCleaner64.exe
08:02:28.0302 0x07e0 CCleaner - ok
08:02:28.0318 0x07e0 Waiting for KSN requests completion. In queue: 107
08:02:29.0332 0x07e0 Waiting for KSN requests completion. In queue: 107
08:02:30.0346 0x07e0 Waiting for KSN requests completion. In queue: 107
08:02:31.0375 0x07e0 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2214.845 ), 0x41000 ( enabled : updated )
08:02:31.0438 0x07e0 Win FW state via NFP2: enabled
08:02:33.0965 0x07e0 ============================================================
08:02:33.0965 0x07e0 Scan finished
08:02:33.0965 0x07e0 ============================================================
08:02:33.0965 0x17b4 Detected object count: 0
08:02:33.0965 0x17b4 Actual detected object count: 0
08:03:56.0130 0x147c ============================================================
08:03:56.0130 0x147c Scan started
08:03:56.0130 0x147c Mode: Manual; SigCheck;
08:03:56.0130 0x147c ============================================================
08:03:56.0130 0x147c KSN ping started
08:03:58.0626 0x147c KSN ping finished: true
08:03:59.0484 0x147c ================ Scan system memory ========================
08:03:59.0484 0x147c System memory - ok
08:03:59.0484 0x147c ================ Scan services =============================
08:03:59.0625 0x147c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:03:59.0687 0x147c 1394ohci - ok
08:03:59.0718 0x147c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:03:59.0750 0x147c ACPI - ok
08:03:59.0812 0x147c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:03:59.0828 0x147c AcpiPmi - ok
08:04:00.0015 0x147c [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:04:00.0030 0x147c AdobeARMservice - ok
08:04:00.0405 0x147c [ B0FE8D243A4EC6727D7EC5019C4B26B1, 6A319A77E19937208237BDBD2A545367EEC7B4B7ED732E0BAF616070C2FD88A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:04:00.0436 0x147c AdobeFlashPlayerUpdateSvc - ok
08:04:00.0483 0x147c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:04:00.0498 0x147c adp94xx - ok
08:04:00.0545 0x147c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:04:00.0561 0x147c adpahci - ok
08:04:00.0608 0x147c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:04:00.0623 0x147c adpu320 - ok
08:04:00.0670 0x147c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:04:00.0748 0x147c AeLookupSvc - ok
08:04:00.0857 0x147c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
08:04:00.0888 0x147c AFD - ok
08:04:00.0935 0x147c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
08:04:00.0935 0x147c agp440 - ok
08:04:01.0029 0x147c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
08:04:01.0060 0x147c ALG - ok
08:04:01.0076 0x147c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
08:04:01.0091 0x147c aliide - ok
08:04:01.0138 0x147c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
08:04:01.0154 0x147c amdide - ok
08:04:01.0185 0x147c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:04:01.0216 0x147c AmdK8 - ok
08:04:01.0232 0x147c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:04:01.0263 0x147c AmdPPM - ok
08:04:01.0294 0x147c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:04:01.0310 0x147c amdsata - ok
08:04:01.0388 0x147c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:04:01.0403 0x147c amdsbs - ok
08:04:01.0419 0x147c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:04:01.0434 0x147c amdxata - ok
08:04:01.0466 0x147c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
08:04:01.0497 0x147c AppID - ok
08:04:01.0528 0x147c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:04:01.0590 0x147c AppIDSvc - ok
08:04:01.0622 0x147c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
08:04:01.0653 0x147c Appinfo - ok
08:04:01.0793 0x147c [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:04:01.0809 0x147c Apple Mobile Device Service - ok
08:04:01.0871 0x147c [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
08:04:01.0902 0x147c AppMgmt - ok
08:04:01.0934 0x147c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
08:04:01.0949 0x147c arc - ok
08:04:01.0965 0x147c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:04:01.0980 0x147c arcsas - ok
08:04:02.0339 0x147c [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:04:02.0355 0x147c aspnet_state - ok
08:04:02.0402 0x147c [ BA4B999D245287608A79C92CDAE6F3C1, 799CC0FB185FDF3438687184944E6F6AB6EE73B3B542542D3C13C0FF1A8C0276 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
08:04:02.0417 0x147c aswHwid - ok
08:04:02.0448 0x147c [ 245D3A0670491E1F88759EC45C9F7314, 1FFBDDDC6FCD29770B439933EEB8BE1ABA9149193932B2481720E8E9F265A797 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
08:04:02.0464 0x147c aswMonFlt - ok
08:04:02.0495 0x147c [ BC18D5B42B19564BA09156410E1FB9BE, 0DA9636632462208AE4D360BFE5A8187644B036A0D43E981665D888A5363B953 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
08:04:02.0511 0x147c aswRdr - ok
08:04:02.0526 0x147c [ 713AFFD4E38553AEF04617C985B4030B, A09FBE4D49390024E8CF93352EACEB5AC53BEE5A4E5A76F5BE0341F8A002C4DD ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
08:04:02.0542 0x147c aswRvrt - ok
08:04:02.0698 0x147c [ 669F6B37965756E407B447272B5EE39F, FE2C0A8F96415191650485AED637A45B26E7B9A25A4BFB5D809844BD24FD6BA9 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
08:04:02.0729 0x147c aswSnx - ok
08:04:02.0823 0x147c [ 3A145C94A519E52FE7E99460DD0DF53C, 91E9544B1B72FCC32463BF34838DAA9F14DCABF3BE9FE9382087ACDB3B4FC598 ] aswSP C:\Windows\system32\drivers\aswSP.sys
08:04:02.0838 0x147c aswSP - ok
08:04:02.0885 0x147c [ 8CDA894FA86D03FB43063D5FD85EFCAE, 20D110ACC84300514557AB6E565CFA0101DA749559B52877A41A509E79314AF6 ] aswStm C:\Windows\system32\drivers\aswStm.sys
08:04:02.0901 0x147c aswStm - ok
08:04:02.0932 0x147c [ 11644D8399F4AC8BB12C2364DCB87CB4, 828C3A03AB9D5F0650C7B90B7479CCAAD586B22BB7AC6DB7C91E8D9D80427DFB ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
08:04:02.0948 0x147c aswVmm - ok
08:04:02.0979 0x147c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:04:03.0041 0x147c AsyncMac - ok
08:04:03.0104 0x147c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
08:04:03.0119 0x147c atapi - ok
08:04:03.0182 0x147c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:04:03.0213 0x147c AudioEndpointBuilder - ok
08:04:03.0244 0x147c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:04:03.0275 0x147c AudioSrv - ok
08:04:03.0447 0x147c [ 35714DC1ADD995681D890D4382C75721, C1D10F2D47D348DCEA363B676E35A363FE8FA0E24295C4AD90F7EA37826A822D ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:04:03.0462 0x147c avast! Antivirus - ok
08:04:03.0806 0x147c [ 986B03BCC7679B181EC540249956B080, 35FD1229DD016B0837A2879E685A830034DD36D5F52ECBAFA358299DCB126989 ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
08:04:03.0915 0x147c AvastVBoxSvc - ok
08:04:03.0946 0x147c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:04:03.0993 0x147c AxInstSV - ok
08:04:04.0071 0x147c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:04:04.0102 0x147c b06bdrv - ok
08:04:04.0180 0x147c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:04:04.0211 0x147c b57nd60a - ok
08:04:04.0258 0x147c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
08:04:04.0289 0x147c BDESVC - ok
08:04:04.0305 0x147c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
08:04:04.0352 0x147c Beep - ok
08:04:04.0430 0x147c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
08:04:04.0461 0x147c BFE - ok
08:04:04.0539 0x147c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
08:04:04.0617 0x147c BITS - ok
08:04:04.0648 0x147c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:04:04.0664 0x147c blbdrive - ok
08:04:04.0757 0x147c [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:04:04.0773 0x147c Bonjour Service - ok
08:04:04.0804 0x147c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:04:04.0851 0x147c bowser - ok
08:04:04.0866 0x147c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:04:04.0898 0x147c BrFiltLo - ok
08:04:04.0913 0x147c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:04:04.0944 0x147c BrFiltUp - ok
08:04:04.0960 0x147c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
08:04:04.0991 0x147c Browser - ok
08:04:05.0007 0x147c [ 63A00CDBEB300522C49EC7CA77324060, 99CB6D37C7D898982A192AAA8DE5CE255E6FA482E19FE9032BAA7069E652F6F5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
08:04:05.0022 0x147c BrSerIb - ok
08:04:05.0132 0x147c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:04:05.0163 0x147c Brserid - ok
08:04:05.0194 0x147c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:04:05.0225 0x147c BrSerWdm - ok
08:04:05.0256 0x147c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:04:05.0272 0x147c BrUsbMdm - ok
08:04:05.0288 0x147c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:04:05.0319 0x147c BrUsbSer - ok
08:04:05.0334 0x147c [ BBCFD6C6EF66449F55AF1BFDB08C9B12, D6D5D408FCFFF9ED69D095948E786C08EEECD5F55905A3D8FE2BB08944C5E1F2 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
08:04:05.0350 0x147c BrUsbSIb - ok
08:04:05.0366 0x147c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:04:05.0412 0x147c BTHMODEM - ok
08:04:05.0444 0x147c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
08:04:05.0490 0x147c bthserv - ok
08:04:05.0506 0x147c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:04:05.0584 0x147c cdfs - ok
08:04:05.0615 0x147c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:04:05.0646 0x147c cdrom - ok
08:04:05.0709 0x147c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
08:04:05.0771 0x147c CertPropSvc - ok
08:04:05.0802 0x147c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:04:05.0849 0x147c circlass - ok
08:04:05.0927 0x147c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
08:04:05.0943 0x147c CLFS - ok
08:04:06.0146 0x147c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:04:06.0161 0x147c clr_optimization_v2.0.50727_32 - ok
08:04:06.0270 0x147c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:04:06.0286 0x147c clr_optimization_v2.0.50727_64 - ok
08:04:06.0754 0x147c [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:04:06.0770 0x147c clr_optimization_v4.0.30319_32 - ok
08:04:06.0816 0x147c [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:04:06.0832 0x147c clr_optimization_v4.0.30319_64 - ok
08:04:06.0848 0x147c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:04:06.0879 0x147c CmBatt - ok
08:04:06.0926 0x147c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:04:06.0926 0x147c cmdide - ok
08:04:07.0004 0x147c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
08:04:07.0035 0x147c CNG - ok
08:04:07.0113 0x147c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:04:07.0128 0x147c Compbatt - ok
08:04:07.0160 0x147c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:04:07.0191 0x147c CompositeBus - ok
08:04:07.0206 0x147c COMSysApp - ok
08:04:07.0238 0x147c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:04:07.0238 0x147c crcdisk - ok
08:04:07.0284 0x147c [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:04:07.0331 0x147c CryptSvc - ok
08:04:07.0378 0x147c [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
08:04:07.0409 0x147c CSC - ok
08:04:07.0518 0x147c [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
08:04:07.0550 0x147c CscService - ok
08:04:07.0674 0x147c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:04:07.0737 0x147c DcomLaunch - ok
08:04:07.0784 0x147c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
08:04:07.0846 0x147c defragsvc - ok
08:04:07.0877 0x147c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:04:07.0940 0x147c DfsC - ok
08:04:08.0033 0x147c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:04:08.0064 0x147c Dhcp - ok
08:04:08.0080 0x147c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
08:04:08.0127 0x147c discache - ok
08:04:08.0142 0x147c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:04:08.0158 0x147c Disk - ok
08:04:08.0220 0x147c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:04:08.0267 0x147c Dnscache - ok
08:04:08.0298 0x147c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
08:04:08.0361 0x147c dot3svc - ok
08:04:08.0408 0x147c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
08:04:08.0454 0x147c DPS - ok
08:04:08.0517 0x147c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:04:08.0548 0x147c drmkaud - ok
08:04:08.0720 0x147c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:04:08.0751 0x147c DXGKrnl - ok
08:04:08.0798 0x147c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
08:04:08.0860 0x147c EapHost - ok
08:04:09.0094 0x147c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:04:09.0203 0x147c ebdrv - ok
08:04:09.0234 0x147c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS C:\Windows\System32\lsass.exe
08:04:09.0266 0x147c EFS - ok
08:04:09.0406 0x147c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:04:09.0437 0x147c ehRecvr - ok
08:04:09.0500 0x147c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
08:04:09.0515 0x147c ehSched - ok
08:04:09.0609 0x147c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:04:09.0624 0x147c elxstor - ok
08:04:09.0656 0x147c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:04:09.0702 0x147c ErrDev - ok
08:04:09.0749 0x147c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
08:04:09.0796 0x147c EventSystem - ok
08:04:09.0843 0x147c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
08:04:09.0890 0x147c exfat - ok
08:04:09.0936 0x147c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:04:09.0999 0x147c fastfat - ok
08:04:10.0108 0x147c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
08:04:10.0139 0x147c Fax - ok
08:04:10.0170 0x147c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:04:10.0186 0x147c fdc - ok
08:04:10.0217 0x147c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
08:04:10.0280 0x147c fdPHost - ok
08:04:10.0326 0x147c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
08:04:10.0389 0x147c FDResPub - ok
08:04:10.0420 0x147c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:04:10.0436 0x147c FileInfo - ok
08:04:10.0482 0x147c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:04:10.0514 0x147c Filetrace - ok
08:04:10.0794 0x147c [ 31AC02203B716CBF8829343C91C8FD75, 6231A842733887C9A0CD513E9AFEF4A35152F4BCC9706EEAB38DC898B10AF9BD ] Fitbit Connect C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
08:04:10.0841 0x147c Fitbit Connect - ok
08:04:10.0857 0x147c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:04:10.0888 0x147c flpydisk - ok
08:04:10.0935 0x147c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:04:10.0950 0x147c FltMgr - ok
08:04:10.0982 0x147c [ F0CC1A9106F9FB0F704F6ED95622B43E, DE09E37619B91AD4F43B473A41E6563F4FCFB891A7F9665E8631131A49FA96A1 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
08:04:10.0997 0x147c fltsrv - ok
08:04:11.0106 0x147c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
08:04:11.0153 0x147c FontCache - ok
08:04:11.0200 0x147c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:04:11.0216 0x147c FontCache3.0.0.0 - ok
08:04:11.0247 0x147c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:04:11.0262 0x147c FsDepends - ok
08:04:11.0294 0x147c [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
08:04:11.0309 0x147c fssfltr - ok
08:04:11.0340 0x147c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:04:11.0356 0x147c Fs_Rec - ok
08:04:11.0403 0x147c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:04:11.0418 0x147c fvevol - ok
08:04:11.0465 0x147c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:04:11.0481 0x147c gagp30kx - ok
08:04:11.0528 0x147c [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:04:11.0543 0x147c GEARAspiWDM - ok
08:04:11.0606 0x147c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
08:04:11.0652 0x147c gpsvc - ok
08:04:11.0746 0x147c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:04:11.0762 0x147c gupdate - ok
08:04:11.0762 0x147c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:04:11.0777 0x147c gupdatem - ok
08:04:11.0793 0x147c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:04:11.0824 0x147c hcw85cir - ok
08:04:11.0933 0x147c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:04:11.0964 0x147c HdAudAddService - ok
08:04:11.0980 0x147c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:04:12.0011 0x147c HDAudBus - ok
08:04:12.0042 0x147c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:04:12.0058 0x147c HidBatt - ok
08:04:12.0089 0x147c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:04:12.0120 0x147c HidBth - ok
08:04:12.0136 0x147c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:04:12.0152 0x147c HidIr - ok
08:04:12.0214 0x147c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
08:04:12.0261 0x147c hidserv - ok
08:04:12.0292 0x147c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:04:12.0308 0x147c HidUsb - ok
08:04:12.0339 0x147c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:04:12.0386 0x147c hkmsvc - ok
08:04:12.0432 0x147c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:04:12.0464 0x147c HomeGroupListener - ok
08:04:12.0526 0x147c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:04:12.0557 0x147c HomeGroupProvider - ok
08:04:12.0573 0x147c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:04:12.0588 0x147c HpSAMD - ok
08:04:12.0666 0x147c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:04:12.0729 0x147c HTTP - ok
08:04:12.0776 0x147c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:04:12.0791 0x147c hwpolicy - ok
08:04:12.0822 0x147c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:04:12.0838 0x147c i8042prt - ok
08:04:12.0900 0x147c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:04:12.0916 0x147c iaStorV - ok
08:04:13.0056 0x147c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:04:13.0088 0x147c idsvc - ok
08:04:13.0088 0x147c IEEtwCollectorService - ok
08:04:13.0836 0x147c [ C6238C6ABD6AC99F5D152DA4E9439A3D, 6FC490B94CEF523C7C099AEA3D36AB75C9896B1D83D4467D237E698A8E0D9E7B ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:04:14.0102 0x147c igfx - ok
08:04:14.0148 0x147c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:04:14.0164 0x147c iirsp - ok
08:04:14.0273 0x147c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
08:04:14.0336 0x147c IKEEXT - ok
08:04:14.0367 0x147c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
08:04:14.0382 0x147c intelide - ok
08:04:14.0414 0x147c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:04:14.0445 0x147c intelppm - ok
08:04:14.0554 0x147c [ EB48BE1B42A2D1F8884184076A8BAC1B, ECDF7468814A090C5297CF5DEB03F427E0580530F9F2DFAB1CDE7A4EEE107264 ] IntSch2Svc C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe
08:04:14.0585 0x147c IntSch2Svc - ok
08:04:14.0648 0x147c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:04:14.0694 0x147c IPBusEnum - ok
08:04:14.0741 0x147c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:04:14.0772 0x147c IpFilterDriver - ok
08:04:14.0897 0x147c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:04:14.0960 0x147c iphlpsvc - ok
08:04:14.0975 0x147c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:04:14.0991 0x147c IPMIDRV - ok
08:04:15.0038 0x147c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:04:15.0084 0x147c IPNAT - ok
08:04:15.0225 0x147c [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:04:15.0240 0x147c iPod Service - ok
08:04:15.0256 0x147c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:04:15.0303 0x147c IRENUM - ok
08:04:15.0318 0x147c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:04:15.0334 0x147c isapnp - ok
08:04:15.0443 0x147c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:04:15.0474 0x147c iScsiPrt - ok
08:04:15.0490 0x147c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:04:15.0506 0x147c kbdclass - ok
08:04:15.0521 0x147c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:04:15.0537 0x147c kbdhid - ok
08:04:15.0552 0x147c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso C:\Windows\system32\lsass.exe
08:04:15.0568 0x147c KeyIso - ok
08:04:15.0599 0x147c [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:04:15.0615 0x147c KSecDD - ok
08:04:15.0693 0x147c [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:04:15.0708 0x147c KSecPkg - ok
08:04:15.0740 0x147c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:04:15.0771 0x147c ksthunk - ok
08:04:15.0833 0x147c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
08:04:15.0896 0x147c KtmRm - ok
08:04:16.0020 0x147c [ 305BB2AC00D46542E0A653AB63F4ABB1, E3BE57A0EBB1194656D20C11688863A7864B06223419F688D82881F9F49604B6 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
08:04:16.0036 0x147c LADF_CaptureOnly - ok
08:04:16.0052 0x147c [ 28CDDC7D478A6313F55077416DCBD0DE, EE4174FC9444856DF0693D1A5F16EB88352A3B012AA82D49C462980703981A7A ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
08:04:16.0067 0x147c LADF_RenderOnly - ok
08:04:16.0114 0x147c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:04:16.0208 0x147c LanmanServer - ok
08:04:16.0223 0x147c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:04:16.0270 0x147c LanmanWorkstation - ok
08:04:16.0317 0x147c [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
08:04:16.0332 0x147c LGBusEnum - ok
08:04:16.0364 0x147c [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
08:04:16.0379 0x147c LGVirHid - ok
08:04:16.0410 0x147c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:04:16.0457 0x147c lltdio - ok
08:04:16.0551 0x147c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:04:16.0613 0x147c lltdsvc - ok
08:04:16.0629 0x147c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:04:16.0660 0x147c lmhosts - ok
08:04:16.0691 0x147c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:04:16.0707 0x147c LSI_FC - ok
08:04:16.0722 0x147c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:04:16.0738 0x147c LSI_SAS - ok
08:04:16.0754 0x147c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:04:16.0769 0x147c LSI_SAS2 - ok
08:04:16.0800 0x147c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:04:16.0816 0x147c LSI_SCSI - ok
08:04:16.0847 0x147c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
08:04:16.0894 0x147c luafv - ok
08:04:16.0925 0x147c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:04:16.0941 0x147c Mcx2Svc - ok
08:04:16.0972 0x147c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:04:16.0988 0x147c megasas - ok
08:04:17.0066 0x147c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:04:17.0097 0x147c MegaSR - ok
08:04:17.0222 0x147c Microsoft SharePoint Workspace Audit Service - ok
08:04:17.0253 0x147c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
08:04:17.0300 0x147c MMCSS - ok
08:04:17.0331 0x147c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
08:04:17.0378 0x147c Modem - ok
08:04:17.0393 0x147c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:04:17.0424 0x147c monitor - ok
08:04:17.0440 0x147c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:04:17.0456 0x147c mouclass - ok
08:04:17.0471 0x147c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:04:17.0502 0x147c mouhid - ok
08:04:17.0534 0x147c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:04:17.0549 0x147c mountmgr - ok
08:04:17.0596 0x147c [ 0A68B3E37961CEC327EED518F6D62530, EDEB16545ECDDEA2ADFF73E4DF3E9FD87E4B7126C8CFB037ABAF883D157103DE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:04:17.0612 0x147c MozillaMaintenance - ok
08:04:17.0705 0x147c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
08:04:17.0721 0x147c mpio - ok
08:04:17.0736 0x147c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:04:17.0783 0x147c mpsdrv - ok
08:04:17.0939 0x147c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:04:18.0017 0x147c MpsSvc - ok
08:04:18.0048 0x147c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:04:18.0080 0x147c MRxDAV - ok
08:04:18.0126 0x147c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:04:18.0173 0x147c mrxsmb - ok
08:04:18.0236 0x147c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:04:18.0251 0x147c mrxsmb10 - ok
08:04:18.0298 0x147c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:04:18.0314 0x147c mrxsmb20 - ok
08:04:18.0345 0x147c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
08:04:18.0360 0x147c msahci - ok
08:04:18.0407 0x147c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:04:18.0423 0x147c msdsm - ok
08:04:18.0454 0x147c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
08:04:18.0485 0x147c MSDTC - ok
08:04:18.0563 0x147c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:04:18.0610 0x147c Msfs - ok
08:04:18.0626 0x147c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:04:18.0672 0x147c mshidkmdf - ok
08:04:18.0704 0x147c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:04:18.0719 0x147c msisadrv - ok
08:04:18.0766 0x147c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:04:18.0828 0x147c MSiSCSI - ok
08:04:18.0828 0x147c msiserver - ok
08:04:18.0860 0x147c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:04:18.0906 0x147c MSKSSRV - ok
08:04:18.0922 0x147c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:04:19.0000 0x147c MSPCLOCK - ok
08:04:19.0031 0x147c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:04:19.0094 0x147c MSPQM - ok
08:04:19.0156 0x147c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:04:19.0172 0x147c MsRPC - ok
08:04:19.0218 0x147c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:04:19.0234 0x147c mssmbios - ok
08:04:19.0265 0x147c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:04:19.0328 0x147c MSTEE - ok
08:04:19.0343 0x147c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:04:19.0374 0x147c MTConfig - ok
08:04:19.0390 0x147c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
08:04:19.0406 0x147c Mup - ok
08:04:19.0484 0x147c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
08:04:19.0530 0x147c napagent - ok
08:04:19.0577 0x147c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:04:19.0640 0x147c NativeWifiP - ok
08:04:19.0686 0x147c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
08:04:19.0718 0x147c NDIS - ok
08:04:19.0780 0x147c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:04:19.0827 0x147c NdisCap - ok
08:04:19.0842 0x147c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:04:19.0889 0x147c NdisTapi - ok
08:04:19.0920 0x147c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:04:19.0967 0x147c Ndisuio - ok
08:04:20.0030 0x147c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:04:20.0076 0x147c NdisWan - ok
08:04:20.0108 0x147c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:04:20.0139 0x147c NDProxy - ok
08:04:20.0170 0x147c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:04:20.0232 0x147c NetBIOS - ok
08:04:20.0279 0x147c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:04:20.0326 0x147c NetBT - ok
08:04:20.0342 0x147c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon C:\Windows\system32\lsass.exe
08:04:20.0357 0x147c Netlogon - ok
08:04:20.0435 0x147c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
08:04:20.0513 0x147c Netman - ok
08:04:20.0544 0x147c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:04:20.0560 0x147c NetMsmqActivator - ok
08:04:20.0576 0x147c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:04:20.0591 0x147c NetPipeActivator - ok
08:04:20.0700 0x147c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
08:04:20.0763 0x147c netprofm - ok
08:04:20.0794 0x147c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:04:20.0810 0x147c NetTcpActivator - ok
08:04:20.0825 0x147c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:04:20.0841 0x147c NetTcpPortSharing - ok
08:04:20.0888 0x147c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:04:20.0888 0x147c nfrd960 - ok
08:04:20.0966 0x147c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
08:04:20.0997 0x147c NlaSvc - ok
08:04:21.0012 0x147c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:04:21.0059 0x147c Npfs - ok
08:04:21.0090 0x147c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
08:04:21.0137 0x147c nsi - ok
08:04:21.0184 0x147c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:04:21.0215 0x147c nsiproxy - ok
08:04:21.0371 0x147c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:04:21.0434 0x147c Ntfs - ok
08:04:21.0465 0x147c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
08:04:21.0527 0x147c Null - ok
08:04:21.0574 0x147c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:04:21.0590 0x147c nvraid - ok
08:04:21.0636 0x147c [ AFDE3015BB8D76E26BEC3B287C5443A0, 6D4804392149EA9B8BC555D4BEBB84A39DE14E62ACCD7EEBBE21D2D8E37E32B0 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
08:04:21.0652 0x147c nvsmu - ok
08:04:21.0668 0x147c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:04:21.0683 0x147c nvstor - ok
08:04:21.0714 0x147c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:04:21.0730 0x147c nv_agp - ok
08:04:21.0730 0x147c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:04:21.0761 0x147c ohci1394 - ok
08:04:21.0855 0x147c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:04:21.0870 0x147c ose - ok
08:04:22.0494 0x147c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:04:22.0619 0x147c osppsvc - ok
08:04:22.0728 0x147c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:04:22.0775 0x147c p2pimsvc - ok
08:04:22.0791 0x147c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
08:04:22.0822 0x147c p2psvc - ok
08:04:22.0869 0x147c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:04:22.0884 0x147c Parport - ok
08:04:22.0916 0x147c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:04:22.0931 0x147c partmgr - ok
08:04:22.0994 0x147c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:04:23.0025 0x147c PcaSvc - ok
08:04:23.0072 0x147c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
08:04:23.0103 0x147c pci - ok
08:04:23.0134 0x147c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
08:04:23.0150 0x147c pciide - ok
08:04:23.0228 0x147c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:04:23.0243 0x147c pcmcia - ok
08:04:23.0243 0x147c PCTINDIS5 - ok
08:04:23.0274 0x147c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
08:04:23.0290 0x147c pcw - ok
08:04:23.0337 0x147c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:04:23.0399 0x147c PEAUTH - ok
08:04:23.0524 0x147c [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:04:23.0586 0x147c PeerDistSvc - ok
08:04:23.0696 0x147c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:04:23.0758 0x147c PerfHost - ok
08:04:23.0836 0x147c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
08:04:23.0898 0x147c pla - ok
08:04:23.0961 0x147c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:04:24.0008 0x147c PlugPlay - ok
08:04:24.0023 0x147c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:04:24.0054 0x147c PNRPAutoReg - ok
08:04:24.0117 0x147c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:04:24.0148 0x147c PNRPsvc - ok
08:04:24.0226 0x147c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:04:24.0273 0x147c PolicyAgent - ok
08:04:24.0351 0x147c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
08:04:24.0413 0x147c Power - ok
08:04:24.0444 0x147c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:04:24.0491 0x147c PptpMiniport - ok
08:04:24.0522 0x147c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:04:24.0554 0x147c Processor - ok
08:04:24.0585 0x147c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
08:04:24.0616 0x147c ProfSvc - ok
08:04:24.0632 0x147c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:04:24.0663 0x147c ProtectedStorage - ok
08:04:24.0725 0x147c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:04:24.0772 0x147c Psched - ok
08:04:24.0928 0x147c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:04:24.0975 0x147c ql2300 - ok
08:04:25.0006 0x147c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:04:25.0022 0x147c ql40xx - ok
08:04:25.0068 0x147c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
08:04:25.0115 0x147c QWAVE - ok
08:04:25.0131 0x147c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:04:25.0162 0x147c QWAVEdrv - ok
08:04:25.0178 0x147c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:04:25.0224 0x147c RasAcd - ok
08:04:25.0287 0x147c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:04:25.0349 0x147c RasAgileVpn - ok
08:04:25.0396 0x147c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
08:04:25.0458 0x147c RasAuto - ok
08:04:25.0490 0x147c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:04:25.0536 0x147c Rasl2tp - ok
08:04:25.0583 0x147c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
08:04:25.0646 0x147c RasMan - ok
08:04:25.0677 0x147c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:04:25.0724 0x147c RasPppoe - ok
08:04:25.0770 0x147c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:04:25.0833 0x147c RasSstp - ok
08:04:25.0880 0x147c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:04:25.0926 0x147c rdbss - ok
08:04:25.0942 0x147c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:04:25.0958 0x147c rdpbus - ok
08:04:25.0973 0x147c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:04:26.0020 0x147c RDPCDD - ok
08:04:26.0051 0x147c [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:04:26.0082 0x147c RDPDR - ok
08:04:26.0098 0x147c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:04:26.0160 0x147c RDPENCDD - ok
08:04:26.0160 0x147c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:04:26.0223 0x147c RDPREFMP - ok
08:04:26.0285 0x147c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:04:26.0316 0x147c RdpVideoMiniport - ok
08:04:26.0348 0x147c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:04:26.0379 0x147c RDPWD - ok
08:04:26.0441 0x147c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:04:26.0457 0x147c rdyboost - ok
08:04:26.0472 0x147c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:04:26.0535 0x147c RemoteAccess - ok
08:04:26.0582 0x147c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:04:26.0644 0x147c RemoteRegistry - ok
08:04:26.0675 0x147c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:04:26.0722 0x147c RpcEptMapper - ok
08:04:26.0753 0x147c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
08:04:26.0784 0x147c RpcLocator - ok
08:04:26.0878 0x147c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
08:04:26.0940 0x147c RpcSs - ok
08:04:26.0972 0x147c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:04:27.0034 0x147c rspndr - ok
08:04:27.0081 0x147c [ ABCB5A38A0D85BDF69B7877E1AD1EED5, 44DF1A92E8FA53677A04C46088B0AD49F1F6A090820BE550A514C4FBFD91444D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:04:27.0096 0x147c RTL8167 - ok
08:04:27.0143 0x147c [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
08:04:27.0143 0x147c s3cap - ok
08:04:27.0174 0x147c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs C:\Windows\system32\lsass.exe
08:04:27.0190 0x147c SamSs - ok
08:04:27.0237 0x147c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:04:27.0252 0x147c sbp2port - ok
08:04:27.0330 0x147c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:04:27.0377 0x147c SCardSvr - ok
08:04:27.0408 0x147c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:04:27.0455 0x147c scfilter - ok
08:04:27.0611 0x147c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
08:04:27.0674 0x147c Schedule - ok
08:04:27.0720 0x147c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:04:27.0767 0x147c SCPolicySvc - ok
08:04:27.0814 0x147c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:04:27.0845 0x147c SDRSVC - ok
08:04:27.0876 0x147c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:04:27.0923 0x147c secdrv - ok
08:04:27.0954 0x147c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
08:04:28.0001 0x147c seclogon - ok
08:04:28.0048 0x147c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
08:04:28.0095 0x147c SENS - ok
08:04:28.0142 0x147c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:04:28.0173 0x147c SensrSvc - ok
08:04:28.0204 0x147c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:04:28.0235 0x147c Serenum - ok
08:04:28.0251 0x147c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:04:28.0266 0x147c Serial - ok
08:04:28.0298 0x147c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:04:28.0313 0x147c sermouse - ok
08:04:28.0360 0x147c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
08:04:28.0407 0x147c SessionEnv - ok
08:04:28.0438 0x147c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:04:28.0469 0x147c sffdisk - ok
08:04:28.0485 0x147c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:04:28.0500 0x147c sffp_mmc - ok
08:04:28.0516 0x147c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:04:28.0532 0x147c sffp_sd - ok
08:04:28.0563 0x147c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:04:28.0594 0x147c sfloppy - ok
08:04:28.0672 0x147c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:04:28.0750 0x147c SharedAccess - ok
08:04:28.0797 0x147c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:04:28.0890 0x147c ShellHWDetection - ok
08:04:28.0906 0x147c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:04:28.0922 0x147c SiSRaid2 - ok
08:04:28.0953 0x147c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:04:28.0968 0x147c SiSRaid4 - ok
08:04:29.0015 0x147c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:04:29.0062 0x147c Smb - ok
08:04:29.0140 0x147c [ FDB6E127DF739D4911319F0C8D339CAF, 8A61851C07F686838BD0816683620B5856D3F698E5F1AEC5ECD75F69817287B1 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
08:04:29.0156 0x147c snapman - ok
08:04:29.0187 0x147c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:04:29.0218 0x147c SNMPTRAP - ok
08:04:29.0234 0x147c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
08:04:29.0249 0x147c spldr - ok
08:04:29.0327 0x147c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
08:04:29.0358 0x147c Spooler - ok
08:04:29.0561 0x147c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
08:04:29.0702 0x147c sppsvc - ok
08:04:29.0717 0x147c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:04:29.0764 0x147c sppuinotify - ok
08:04:29.0826 0x147c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:04:29.0858 0x147c srv - ok
08:04:29.0889 0x147c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:04:29.0920 0x147c srv2 - ok
08:04:29.0936 0x147c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:04:29.0951 0x147c srvnet - ok
08:04:29.0998 0x147c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:04:30.0060 0x147c SSDPSRV - ok
08:04:30.0076 0x147c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:04:30.0123 0x147c SstpSvc - ok
08:04:30.0185 0x147c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:04:30.0201 0x147c stexstor - ok
08:04:30.0232 0x147c [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
08:04:30.0248 0x147c StillCam - ok
08:04:30.0357 0x147c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
08:04:30.0404 0x147c stisvc - ok
08:04:30.0435 0x147c [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
08:04:30.0450 0x147c storflt - ok
08:04:30.0482 0x147c [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
08:04:30.0513 0x147c StorSvc - ok
08:04:30.0560 0x147c [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
08:04:30.0575 0x147c storvsc - ok
08:04:30.0622 0x147c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
08:04:30.0638 0x147c swenum - ok
08:04:30.0669 0x147c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
08:04:30.0716 0x147c swprv - ok
08:04:30.0840 0x147c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
08:04:30.0903 0x147c SysMain - ok
08:04:30.0950 0x147c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:04:30.0981 0x147c TabletInputService - ok
08:04:31.0059 0x147c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
08:04:31.0106 0x147c TapiSrv - ok
08:04:31.0137 0x147c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
08:04:31.0199 0x147c TBS - ok
08:04:31.0355 0x147c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:04:31.0418 0x147c Tcpip - ok
08:04:31.0527 0x147c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:04:31.0589 0x147c TCPIP6 - ok
08:04:31.0620 0x147c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:04:31.0652 0x147c tcpipreg - ok
08:04:31.0683 0x147c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:04:31.0698 0x147c TDPIPE - ok
08:04:31.0714 0x147c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:04:31.0730 0x147c TDTCP - ok
08:04:31.0776 0x147c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:04:31.0808 0x147c tdx - ok
08:04:31.0823 0x147c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
08:04:31.0839 0x147c TermDD - ok
08:04:31.0964 0x147c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
08:04:31.0995 0x147c TermService - ok
08:04:32.0057 0x147c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
08:04:32.0073 0x147c Themes - ok
08:04:32.0104 0x147c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
08:04:32.0151 0x147c THREADORDER - ok
08:04:32.0198 0x147c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
08:04:32.0260 0x147c TrkWks - ok
08:04:32.0322 0x147c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:04:32.0369 0x147c TrustedInstaller - ok
08:04:32.0400 0x147c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:04:32.0432 0x147c tssecsrv - ok
08:04:32.0463 0x147c [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:04:32.0510 0x147c TsUsbFlt - ok
08:04:32.0541 0x147c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:04:32.0588 0x147c tunnel - ok
08:04:32.0634 0x147c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:04:32.0650 0x147c uagp35 - ok
08:04:32.0728 0x147c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:04:32.0775 0x147c udfs - ok
08:04:32.0806 0x147c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:04:32.0822 0x147c UI0Detect - ok
08:04:32.0837 0x147c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:04:32.0853 0x147c uliagpkx - ok
08:04:32.0900 0x147c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:04:32.0915 0x147c umbus - ok
08:04:32.0978 0x147c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:04:32.0993 0x147c UmPass - ok
08:04:33.0056 0x147c [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
08:04:33.0102 0x147c UmRdpService - ok
08:04:33.0134 0x147c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
08:04:33.0180 0x147c upnphost - ok
08:04:33.0227 0x147c [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:04:33.0258 0x147c USBAAPL64 - ok
08:04:33.0290 0x147c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:04:33.0305 0x147c usbaudio - ok
08:04:33.0352 0x147c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:04:33.0368 0x147c usbccgp - ok
08:04:33.0414 0x147c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:04:33.0430 0x147c usbcir - ok
08:04:33.0461 0x147c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:04:33.0492 0x147c usbehci - ok
08:04:33.0555 0x147c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:04:33.0586 0x147c usbhub - ok
08:04:33.0617 0x147c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:04:33.0633 0x147c usbohci - ok
08:04:33.0664 0x147c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:04:33.0695 0x147c usbprint - ok
08:04:33.0711 0x147c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:04:33.0758 0x147c usbscan - ok
08:04:33.0804 0x147c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:04:33.0836 0x147c USBSTOR - ok
08:04:33.0867 0x147c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:04:33.0882 0x147c usbuhci - ok
08:04:33.0929 0x147c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
08:04:33.0992 0x147c UxSms - ok
08:04:33.0992 0x147c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc C:\Windows\system32\lsass.exe
08:04:34.0007 0x147c VaultSvc - ok
08:04:34.0226 0x147c [ CD74DB141650A8E131F30250381E5A77, C3F6CC4FA70D73A0453126AD6FB1A8A285A6B66EC2C661D9B4F798F8D9CB3976 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
08:04:34.0241 0x147c VBoxAswDrv - ok
08:04:34.0272 0x147c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:04:34.0288 0x147c vdrvroot - ok
08:04:34.0413 0x147c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
08:04:34.0475 0x147c vds - ok
08:04:34.0491 0x147c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:04:34.0506 0x147c vga - ok
08:04:34.0522 0x147c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:04:34.0584 0x147c VgaSave - ok
08:04:34.0647 0x147c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:04:34.0662 0x147c vhdmp - ok
08:04:34.0678 0x147c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
08:04:34.0694 0x147c viaide - ok
08:04:34.0709 0x147c [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
08:04:34.0725 0x147c vmbus - ok
08:04:34.0756 0x147c [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
08:04:34.0818 0x147c VMBusHID - ok
08:04:34.0818 0x147c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:04:34.0834 0x147c volmgr - ok
08:04:34.0881 0x147c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:04:34.0896 0x147c volmgrx - ok
08:04:34.0943 0x147c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:04:34.0959 0x147c volsnap - ok
08:04:35.0037 0x147c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:04:35.0052 0x147c vsmraid - ok
08:04:35.0255 0x147c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
08:04:35.0349 0x147c VSS - ok
08:04:35.0364 0x147c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:04:35.0427 0x147c vwifibus - ok
08:04:35.0505 0x147c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
08:04:35.0552 0x147c W32Time - ok
08:04:35.0598 0x147c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:04:35.0630 0x147c WacomPen - ok
08:04:35.0661 0x147c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:04:35.0692 0x147c WANARP - ok
08:04:35.0708 0x147c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:04:35.0754 0x147c Wanarpv6 - ok
08:04:35.0926 0x147c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:04:35.0973 0x147c WatAdminSvc - ok
08:04:36.0176 0x147c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
08:04:36.0238 0x147c wbengine - ok
08:04:36.0269 0x147c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:04:36.0316 0x147c WbioSrvc - ok
08:04:36.0347 0x147c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:04:36.0378 0x147c wcncsvc - ok
08:04:36.0394 0x147c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:04:36.0410 0x147c WcsPlugInService - ok
08:04:36.0472 0x147c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:04:36.0488 0x147c Wd - ok
08:04:36.0566 0x147c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:04:36.0597 0x147c Wdf01000 - ok
08:04:36.0628 0x147c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:04:36.0644 0x147c WdiServiceHost - ok
08:04:36.0644 0x147c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:04:36.0675 0x147c WdiSystemHost - ok
08:04:36.0722 0x147c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
08:04:36.0753 0x147c WebClient - ok
08:04:36.0784 0x147c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:04:36.0831 0x147c Wecsvc - ok
08:04:36.0846 0x147c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:04:36.0893 0x147c wercplsupport - ok
08:04:36.0893 0x147c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
08:04:36.0940 0x147c WerSvc - ok
08:04:36.0956 0x147c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:04:37.0002 0x147c WfpLwf - ok
08:04:37.0034 0x147c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:04:37.0049 0x147c WIMMount - ok
08:04:37.0080 0x147c WinDefend - ok
08:04:37.0080 0x147c WinHttpAutoProxySvc - ok
08:04:37.0143 0x147c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:04:37.0205 0x147c Winmgmt - ok
08:04:37.0361 0x147c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
08:04:37.0455 0x147c WinRM - ok
08:04:37.0517 0x147c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:04:37.0548 0x147c WinUsb - ok
08:04:37.0595 0x147c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:04:37.0642 0x147c Wlansvc - ok
08:04:37.0736 0x147c [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:04:37.0751 0x147c wlcrasvc - ok
08:04:37.0938 0x147c [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:04:38.0001 0x147c wlidsvc - ok
08:04:38.0032 0x147c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:04:38.0063 0x147c WmiAcpi - ok
08:04:38.0141 0x147c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:04:38.0188 0x147c wmiApSrv - ok
08:04:38.0219 0x147c WMPNetworkSvc - ok
08:04:38.0266 0x147c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:04:38.0297 0x147c WPCSvc - ok
08:04:38.0344 0x147c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:04:38.0375 0x147c WPDBusEnum - ok
08:04:38.0422 0x147c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:04:38.0453 0x147c ws2ifsl - ok
08:04:38.0469 0x147c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
08:04:38.0500 0x147c wscsvc - ok
08:04:38.0500 0x147c WSearch - ok
08:04:38.0656 0x147c [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
08:04:38.0734 0x147c wuauserv - ok
08:04:38.0765 0x147c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:04:38.0781 0x147c WudfPf - ok
08:04:38.0828 0x147c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:04:38.0843 0x147c WUDFRd - ok
08:04:38.0859 0x147c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:04:38.0890 0x147c wudfsvc - ok
08:04:38.0937 0x147c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
08:04:38.0984 0x147c WwanSvc - ok
08:04:38.0999 0x147c ================ Scan global ===
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am
Advertisement
Register to Remove

Re: Redirecting to iLivid -TDSSKiller Report pt 3 of 3

Unread postby goalie79 » March 23rd, 2015, 2:46 pm

08:04:38.0999 0x147c ================ Scan global ===============================
08:04:39.0015 0x147c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
08:04:39.0077 0x147c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:04:39.0093 0x147c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:04:39.0124 0x147c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:04:39.0155 0x147c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
08:04:39.0171 0x147c [ Global ] - ok
08:04:39.0171 0x147c ================ Scan MBR ==================================
08:04:39.0186 0x147c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:04:39.0608 0x147c \Device\Harddisk0\DR0 - ok
08:04:39.0623 0x147c [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk1\DR1
08:04:39.0623 0x147c \Device\Harddisk1\DR1 - ok
08:04:39.0639 0x147c ================ Scan VBR ==================================
08:04:39.0654 0x147c [ 621E1A48FEA2C9E6369E66C39E008F9E ] \Device\Harddisk0\DR0\Partition1
08:04:39.0654 0x147c \Device\Harddisk0\DR0\Partition1 - ok
08:04:39.0654 0x147c [ A49C3BD25B7DDEB63AA5B996518CF2DD ] \Device\Harddisk0\DR0\Partition2
08:04:39.0654 0x147c \Device\Harddisk0\DR0\Partition2 - ok
08:04:39.0670 0x147c [ 94D11496758F299104DBD18A10CC3649 ] \Device\Harddisk1\DR1\Partition1
08:04:39.0670 0x147c \Device\Harddisk1\DR1\Partition1 - ok
08:04:39.0670 0x147c ================ Scan generic autorun ======================
08:04:39.0717 0x147c [ 87A4570E9D15A2821015B7FB6B821654, BDF5266905DC3F9ED0DBE41798D9907FC9E8D030DD5C28975BBF9BFD8BD9DA71 ] C:\Windows\system32\igfxtray.exe
08:04:39.0732 0x147c IgfxTray - ok
08:04:39.0764 0x147c [ 842683D8F1A58A76E5A03DA35B4962EE, 7D1B1918D69566694D7D0E82A8A1C7537A5C3A1533DC80F60FE212DD2DBC6099 ] C:\Windows\system32\hkcmd.exe
08:04:39.0779 0x147c HotKeysCmds - ok
08:04:39.0810 0x147c [ 99F8C1060BFB20D2039716BBF741D6C2, 8C578E288D88697E88AB9BEAE79D33AF23AD6176D830D5916BD2DD42EC6FADC5 ] C:\Windows\system32\igfxpers.exe
08:04:39.0826 0x147c Persistence - ok
08:04:39.0857 0x147c [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
08:04:39.0873 0x147c Logitech Download Assistant - ok
08:04:39.0966 0x147c [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
08:04:39.0982 0x147c iTunesHelper - ok
08:04:40.0107 0x147c [ 55F8B430E029CEE65AE366E3219665D6, 4284E647BC54F7E0785EC73B407B7C63B11D990923802A4BA0A795604E6057E3 ] C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe
08:04:40.0122 0x147c Intel Scheduler2 Service - ok
08:04:41.0121 0x147c [ AC5406D1A6C19D83F92FA22697F3F072, 592BD212F1C0F6FE8605328F2D4A3EA360FF74B42E467E7ED201492A800181C8 ] C:\Program Files\Logitech Gaming Software\LCore.exe
08:04:41.0417 0x147c Launch LCore - ok
08:04:41.0573 0x147c [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
08:04:41.0589 0x147c BCSSync - ok
08:04:41.0698 0x147c [ 4E8C895616B22D8A7AFA6AC52E02E996, 41589C10705E36B08A661E48BB8058D5E80671A7522C3B9441F29C9345AC8EF7 ] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
08:04:41.0745 0x147c BrMfcWnd - detected UnsignedFile.Multi.Generic ( 1 )
08:04:41.0745 0x147c Detect skipped due to KSN trusted
08:04:41.0745 0x147c BrMfcWnd - ok
08:04:41.0760 0x147c [ 4DE3EF07E0854547309C6B40235A9D44, F73D8E6D98583865D1C8DB728058D83C72A3908E21E04EF313FCB829C040A1EC ] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
08:04:41.0776 0x147c ControlCenter3 - detected UnsignedFile.Multi.Generic ( 1 )
08:04:41.0776 0x147c Detect skipped due to KSN trusted
08:04:41.0776 0x147c ControlCenter3 - ok
08:04:42.0072 0x147c [ 15F3F063FAABB583C0A383DC0D4AAACC, FC0044F32E7805E382AED9670C59D1FC3238B43F9797839981B010E794BC7D24 ] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
08:04:42.0166 0x147c Fitbit Connect - ok
08:04:42.0322 0x147c [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
08:04:42.0353 0x147c Adobe ARM - ok
08:04:42.0462 0x147c [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
08:04:42.0478 0x147c QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
08:04:42.0478 0x147c Detect skipped due to KSN trusted
08:04:42.0478 0x147c QuickTime Task - ok
08:04:42.0728 0x147c [ 05D4A2EB4764FB137C6ED3245028A06D, E4700AD6877B02F6D22F636E16A9DE344189AE9F3E5400AF7FEFBBD8AE72898C ] C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
08:04:42.0806 0x147c DataMigrationSoftwareMonitor.exe - ok
08:04:43.0242 0x147c [ 938FA6F63B210FB8EF5A7B2FC1229431, 545DDA9C32DF14B50688F8192A345FE66D2DB3F8763ECBF85B38AC829E49E1D9 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
08:04:43.0383 0x147c AvastUI.exe - ok
08:04:43.0476 0x147c [ 3FDCA1F725CA8E367B9DBBC43F983423, 95DCC1C68433FA8E0223F0A798A2BEC269564C6107E246222202757E2503E6DA ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
08:04:43.0492 0x147c SunJavaUpdateSched - ok
08:04:43.0648 0x147c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:04:43.0710 0x147c Sidebar - ok
08:04:43.0742 0x147c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:04:43.0757 0x147c mctadmin - ok
08:04:43.0788 0x147c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:04:43.0835 0x147c Sidebar - ok
08:04:43.0851 0x147c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:04:43.0866 0x147c mctadmin - ok
08:04:44.0085 0x147c [ 15F3F063FAABB583C0A383DC0D4AAACC, FC0044F32E7805E382AED9670C59D1FC3238B43F9797839981B010E794BC7D24 ] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
08:04:44.0178 0x147c Fitbit Connect - ok
08:04:44.0724 0x147c [ 14EF06B1EA531D681B5738F37388B99C, AB74735A3569B7995572FD7B0D026919CADA27C43A6AD0503659CE7CA3FF6B84 ] C:\Program Files\CCleaner\CCleaner64.exe
08:04:44.0896 0x147c CCleaner Monitoring - ok
08:04:44.0943 0x147c [ 173D93AB55B6602C115E1E0BCDA3BDBC, 938C02C2C682B542788F0D94ABAB2FA7D80D00E1B8A55E19BEE49AF31AB10D9F ] C:\Windows\Speech\Common\sapisvr.exe
08:04:44.0958 0x147c Speech Recognition - ok
08:04:45.0723 0x147c [ 14EF06B1EA531D681B5738F37388B99C, AB74735A3569B7995572FD7B0D026919CADA27C43A6AD0503659CE7CA3FF6B84 ] C:\Program Files\CCleaner\CCleaner64.exe
08:04:45.0894 0x147c CCleaner - ok
08:04:45.0910 0x147c AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2214.845 ), 0x41000 ( enabled : updated )
08:04:45.0910 0x147c Win FW state via NFP2: enabled
08:05:00.0449 0x147c ============================================================
08:05:00.0449 0x147c Scan finished
08:05:00.0449 0x147c ============================================================
08:05:00.0449 0x1544 Detected object count: 0
08:05:00.0449 0x1544 Actual detected object count: 0
08:11:43.0277 0x09a0 Deinitialize success
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby goalie79 » March 23rd, 2015, 2:48 pm

FYI...I was redirected several times in the process of uploading the TDSSKiller log in 3 parts. Thanks again for your assistance and persistence.
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » March 24th, 2015, 1:00 am

Hello goalie79,

FYI...I was redirected several times in the process of uploading the TDSSKiller log in 3 parts.
We are not finished yet. Let continue our treatment...

[quoteThanks again for your assistance and persistence.][/quote] You are very welcome! :)

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Files
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z
    C:\Users\Dawn\Desktop\032215_malware_Issue\Old Firefox Data\0f00p9he.default\extensions\toolbar@ask.com
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
    "DllName"=-
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QAccessibleFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QAccessibleFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ZOEK Auto Clean
  1. First please Disable any Antivirus you have active, as shown in This topic.
    Note: Don't forget to re-enable it after the scan.
  2. Next please download zoek.exe and save it to your desktop.
  3. Close any open browsers.
  4. Right click on zoek.exe and select "Run as administrator..." to run it.
  5. Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  6. Click the More Options button below the large panel and check the box:
    • Auto Clean
  7. Click on Run script button
  8. Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  9. Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Step 3.
Scan with FRST
  1. Please download FRST ... by Farbar, from the link For 64-bit Systems and save it to your Desktop.
  2. Right-click FRST64.exe and select "Run as administrator..." to run it.
  3. When the tool opens click Yes to the disclaimer.
  4. Check the boxes labeled List BCD and Drivers MD5 under Optional Scan.
  5. Press Scan button. ... When finished a log file FRST.txt will be created .
  6. The first time the tool is run, it will create another log... Addition.txt.
  7. Please post the content of both FRST.txt and Addition.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the zoek-results.log file
  4. Contents of the FRST.txt file
  5. Contents of the Addition.txt file
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Redirecting to iLivid -OTL RunFixReply

Unread postby goalie79 » March 24th, 2015, 7:37 am

All processes killed
========== FILES ==========
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z moved successfully.
C:\Users\Dawn\Desktop\032215_malware_Issue\Old Firefox Data\0f00p9he.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Dawn\Desktop\032215_malware_Issue\Old Firefox Data\0f00p9he.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Dawn\Desktop\032215_malware_Issue\Old Firefox Data\0f00p9he.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Dawn\Desktop\032215_malware_Issue\Old Firefox Data\0f00p9he.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Dawn\Desktop\032215_malware_Issue\Old Firefox Data\0f00p9he.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Dawn\Desktop\032215_malware_Issue\Old Firefox Data\0f00p9he.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Dawn\Desktop\032215_malware_Issue\Old Firefox Data\0f00p9he.default\extensions\toolbar@ask.com folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\\DllName not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QAccessibleFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QAccessibleFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Dawn
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Dawn
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Dawn
->Temp folder emptied: 293826 bytes
->Temporary Internet Files folder emptied: 1030324 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22491326 bytes
->Google Chrome cache emptied: 119980598 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9724 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 137.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03242015_072652

Files\Folders moved on Reboot...
C:\Users\Dawn\AppData\Local\Temp\acrord32_sbx\Z@R187.tmp moved successfully.
C:\Users\Dawn\AppData\Local\Temp\acrord32_sbx\Z@R206.tmp moved successfully.
C:\Users\Dawn\AppData\Local\Temp\acrord32_sbx\Z@R256.tmp moved successfully.
C:\Users\Dawn\AppData\Local\Temp\acrord32_sbx\Z@R323.tmp moved successfully.
C:\Users\Dawn\AppData\Local\Temp\acrord32_sbx\Z@R344.tmp moved successfully.
C:\Users\Dawn\AppData\Local\Temp\acrord32_sbx\Z@R3D.tmp moved successfully.
C:\Users\Dawn\AppData\Local\Temp\acrord32_sbx\Z@RF7D3.tmp moved successfully.
C:\Users\Dawn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dawn\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid -Challenges with ZOEK

Unread postby goalie79 » March 24th, 2015, 7:47 am

several redirects, then received a Windows popup window "Not a valid Win32 application" Clicked ok but nothing happened. I'm deleting and redownloading the ZOEK app to try again.
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid-ZOEK Results

Unread postby goalie79 » March 24th, 2015, 8:33 am

- Step 1- disabled Avast AntiVirus
- Suggestion - in the This Topic page, suggest for this step the user disable until next reboot.
- First time attempted to execute step 4 I received a "Not a Valid Win32 App. Clicked ok - nothing happened for a long time.
- I deleted the zoek.exe file and re-executed step 2-4, then it ran correctly as administrator.
- rebooted as requested, and obtained the following ZOEK-results
- Avast re-enabled
-------------

Zoek.exe v5.0.0.0 Updated 23-March-2015
Tool run by Dawn on Tue 03/24/2015 at 7:48:57.69.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dawn\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

3/24/2015 7:50:04 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Dawn\AppData\Roaming\AdobeUM deleted successfully
C:\Users\Dawn\AppData\Roaming\rmi deleted successfully
C:\Users\Dawn\AppData\Local\Garmin deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\ESET Activation Helper (Noderator) deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\4nkuiskk.default-1426366701779\extensions\firefox@ghostery.com.xpi deleted
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\4nkuiskk.default-1426366701779\jetpack deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\4nkuiskk.default-1426366701779
user_pref("browser.startup.homepage", "http://www.loudoun.k12.va.us/mses");
user_pref("browser.search.defaultenginename.US", "Google");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [03/18/2015 06:48 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\4nkuiskk.default-1426366701779
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

ProfilePath: C:\Users\Dawn\AppData\Roaming\Thunderbird\Profiles\m8jd8663.default
- Google Search for Thunderbird - %ProfilePath%\extensions\gsearch@standard8.plus.com
- Extra Folder Columns - %ProfilePath%\extensions\extra-cols@jminta_gmail.com.xpi
- NoGlass - %ProfilePath%\extensions\noglass@paenglab.ch.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 41.0.2272.101 (Latest Stable version: 41.0.2272.101)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/18/2015 06:47 AM]

Avast Online Security - Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Java for Web Pages - Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpomcmpdonjdffeabllcklpbnfdknnko
Chrome Hotword Shared Module - Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Ghostery - Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij

==== Chromium Startpages ======================

C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.loudoun.k12.va.us/mses",
"startup_urls": [ "http://www.google.com" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.loudoun.k12.va.us/mses"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.loudoun.k12.va.us/mses"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0E11A243-082B-4A31-8BC3-CEDD8C6231E0} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dawn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=12 folders=14 9598550 bytes)

==== Empty Temp Folders ======================

C:\Users\Dawn\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Dawn\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Tue 03/24/2015 at 8:27:21.45 ======================
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid-FRST64 results

Unread postby goalie79 » March 24th, 2015, 8:42 am

- Step 1 - Closed browser after download.
- all steps ran without incident
- no browser redirects when posting this time
- Following is the FRST Log file
----------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Dawn (administrator) on DAWNDESKTOP on 24-03-2015 08:35:48
Running from C:\Users\Dawn\Desktop
Loaded Profiles: Dawn (Available profiles: Dawn)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel) C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel) C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel) C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Intel Scheduler2 Service] => C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe [404384 2013-03-11] (Intel)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-02-26] (Logitech Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2011-04-01] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DataMigrationSoftwareMonitor.exe] => C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe [3209184 2013-03-11] (Intel)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-18] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-961907201-2733856658-2972413326-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-961907201-2733856658-2972413326-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-961907201-2733856658-2972413326-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-961907201-2733856658-2972413326-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-961907201-2733856658-2972413326-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.loudoun.k12.va.us/mses
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-961907201-2733856658-2972413326-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-18] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-18] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
Toolbar: HKU\S-1-5-21-961907201-2733856658-2972413326-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/nirvana/controls/pcmatic.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\4nkuiskk.default-1426366701779
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.loudoun.k12.va.us/mses
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-22]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.loudoun.k12.va.us/mses
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (No Name) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Ebates Cash Back Button) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-01-04]
CHR Extension: (Google Search) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (Avast Online Security) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-22]
CHR Extension: (Java for Web Pages) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpomcmpdonjdffeabllcklpbnfdknnko [2015-03-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Ghostery) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-03-15]
CHR Extension: (No Name) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Gmail) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-18] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-18] (Avast Software)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 IntSch2Svc; C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe [1127944 2013-03-11] (Intel)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-18] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-18] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-18] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-18] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-18] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-18] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-18] (Avast Software)
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys BA4B999D245287608A79C92CDAE6F3C1
C:\Windows\system32\drivers\aswMonFlt.sys 245D3A0670491E1F88759EC45C9F7314
C:\Windows\system32\drivers\aswRdr2.sys BC18D5B42B19564BA09156410E1FB9BE
C:\Windows\System32\Drivers\aswRvrt.sys 713AFFD4E38553AEF04617C985B4030B
C:\Windows\system32\drivers\aswSnx.sys 669F6B37965756E407B447272B5EE39F
C:\Windows\system32\drivers\aswSP.sys 3A145C94A519E52FE7E99460DD0DF53C
C:\Windows\system32\drivers\aswStm.sys 8CDA894FA86D03FB43063D5FD85EFCAE
C:\Windows\System32\Drivers\aswVmm.sys 11644D8399F4AC8BB12C2364DCB87CB4
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrSerIb.sys 63A00CDBEB300522C49EC7CA77324060
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrUsbSIb.sys BBCFD6C6EF66449F55AF1BFDB08C9B12
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fltsrv.sys F0CC1A9106F9FB0F704F6ED95622B43E
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys C6238C6ABD6AC99F5D152DA4E9439A3D
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 56ED3EE5FED6BF2FC1305CF872042868
C:\Windows\System32\Drivers\ksecpkg.sys 8BA90F480705D7153AD0060CCA62222A
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ladfGSCamd64.sys 305BB2AC00D46542E0A653AB63F4ABB1
C:\Windows\System32\DRIVERS\ladfGSRamd64.sys 28CDDC7D478A6313F55077416DCBD0DE
C:\Windows\System32\drivers\LGBusEnum.sys FA529FB35694C24BF98A9EF67C1CD9D0
C:\Windows\System32\drivers\LGVirHid.sys 94B29CE153765E768F004FB3440BE2B0
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\DRIVERS\nvsmu.sys AFDE3015BB8D76E26BEC3B287C5443A0
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ABCB5A38A0D85BDF69B7877E1AD1EED5
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys FDB6E127DF739D4911319F0C8D339CAF
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys CD74DB141650A8E131F30250381E5A77
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 08:35 - 2015-03-24 08:36 - 00031619 _____ () C:\Users\Dawn\Desktop\FRST.txt
2015-03-24 08:35 - 2015-03-24 08:35 - 00000000 ____D () C:\FRST
2015-03-24 08:09 - 2015-03-24 07:48 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-03-24 07:49 - 2015-03-24 08:27 - 00006611 _____ () C:\zoek-results.log
2015-03-24 07:48 - 2015-03-24 08:04 - 00000000 ____D () C:\zoek_backup
2015-03-24 07:48 - 2015-03-24 07:48 - 01305600 _____ () C:\Users\Dawn\Desktop\zoek.exe
2015-03-24 07:22 - 2015-03-24 07:22 - 02095616 _____ (Farbar) C:\Users\Dawn\Desktop\FRST64.exe
2015-03-23 08:13 - 2015-03-23 08:35 - 00015326 _____ () C:\Users\Dawn\Desktop\SystemLook.txt
2015-03-23 07:47 - 2015-03-23 07:47 - 00000000 ____D () C:\_OTL
2015-03-23 07:41 - 2015-03-23 07:41 - 00165376 _____ () C:\Users\Dawn\Desktop\SystemLook_x64.exe
2015-03-23 07:39 - 2015-03-23 07:39 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Dawn\Desktop\tdsskiller.exe
2015-03-22 16:16 - 2015-03-22 16:13 - 00000765 _____ () C:\Users\Dawn\Downloads\2014 - Shortcut.lnk
2015-03-22 16:16 - 2015-03-22 16:12 - 00000765 _____ () C:\Users\Dawn\Downloads\2015 - Shortcut.lnk
2015-03-22 16:13 - 2015-03-22 16:13 - 00000765 _____ () C:\Users\Dawn\Documents\2014 - Shortcut.lnk
2015-03-22 16:12 - 2015-03-22 16:12 - 00000765 _____ () C:\Users\Dawn\Documents\2015 - Shortcut.lnk
2015-03-22 12:10 - 2015-03-22 12:11 - 00602112 _____ (OldTimer Tools) C:\Users\Dawn\Desktop\OTL.exe
2015-03-22 11:11 - 2015-03-24 08:34 - 00000000 ____D () C:\Users\Dawn\Desktop\032215_malware_Issue
2015-03-21 21:24 - 2015-03-21 21:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 13:12 - 2009-07-13 21:15 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Difx2fa8.rra
2015-03-18 06:48 - 2015-03-18 06:48 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-18 06:47 - 2015-03-18 06:47 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-15 15:26 - 2015-03-15 15:26 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-03-15 15:24 - 2015-03-15 15:24 - 00000000 ____D () C:\Users\Dawn\AppData\Local\Logitech
2015-03-15 15:20 - 2015-03-15 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-03-15 15:17 - 2015-03-15 15:23 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2015-03-15 15:15 - 2015-03-15 15:15 - 00000000 ____D () C:\Users\Dawn\AppData\Roaming\Logitech
2015-03-15 15:15 - 2015-03-15 15:15 - 00000000 ____D () C:\Users\Dawn\AppData\Roaming\Logishrd
2015-03-14 17:18 - 2015-03-14 17:18 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-14 17:15 - 2015-03-14 17:15 - 00000197 _____ () C:\Windows\system32\2015-03-14-21-15-41.062-AvastVBoxSVC.exe-3068.log
2015-03-14 17:03 - 2015-03-22 14:05 - 00000000 ____D () C:\AdwCleaner
2015-03-10 16:50 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 16:50 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 16:50 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 16:50 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 16:50 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 16:50 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 16:50 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 16:50 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 16:50 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 16:50 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 16:50 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 16:50 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 16:50 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 16:50 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 16:50 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 16:50 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 16:50 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 16:50 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 16:50 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 16:50 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 16:50 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 16:50 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 16:50 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 16:50 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 16:50 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 16:50 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 16:50 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 16:50 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 16:50 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 16:50 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 16:50 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 16:50 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 16:50 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 16:50 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 16:50 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 16:50 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 16:50 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 16:50 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 16:50 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 16:49 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 16:49 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 16:49 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 16:49 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 16:49 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 16:49 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 16:49 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 16:49 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 16:49 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 16:49 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 16:49 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 16:49 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 16:49 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 16:49 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 16:49 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 16:49 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 16:49 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 16:49 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 16:49 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 16:49 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 16:49 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 16:49 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 16:49 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 16:49 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 16:49 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 16:49 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 16:49 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 16:49 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 16:49 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 16:49 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 16:49 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 16:49 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 16:49 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 16:49 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 16:49 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 16:49 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 16:49 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 16:49 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 16:49 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 16:49 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 16:48 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 16:48 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 16:48 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 16:48 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 16:47 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 16:47 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 16:47 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 16:47 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 16:47 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 16:47 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 16:47 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 16:47 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 16:47 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 16:47 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 16:47 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 16:47 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 16:47 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 16:47 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 16:47 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 16:47 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 16:47 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 16:47 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 16:47 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 16:47 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 16:47 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 16:47 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 16:47 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 16:47 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 16:47 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 16:47 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 16:47 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 16:47 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 16:47 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 16:47 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 16:47 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 16:47 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 16:47 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 16:47 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 16:47 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 16:47 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 16:47 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 16:47 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 16:47 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 16:47 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 16:47 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 16:47 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 16:47 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 16:47 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 16:47 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 16:47 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 16:47 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 16:47 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 16:47 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 16:47 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 16:47 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 16:47 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 16:47 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 16:47 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 16:47 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 16:47 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 16:47 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 16:47 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 16:47 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 16:47 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 16:47 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 16:47 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 16:47 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 16:47 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 16:47 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 16:47 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 16:47 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 16:47 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 16:47 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 16:47 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 16:47 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 16:47 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 16:47 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 16:47 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 16:47 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 16:47 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 16:47 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 16:47 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 16:47 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 16:47 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 16:47 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 16:47 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 16:47 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 16:47 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 16:47 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 16:47 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 16:47 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 16:47 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 16:47 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 16:47 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 16:47 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 16:47 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 16:47 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 16:46 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 16:46 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-07 15:20 - 2015-03-07 15:20 - 00000197 _____ () C:\Windows\system32\2015-03-07-19-20-22.020-AvastVBoxSVC.exe-2872.log
2015-03-07 15:11 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-07 15:11 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-07 14:37 - 2015-03-07 14:37 - 00000197 _____ () C:\Windows\system32\2015-03-07-18-37-28.098-AvastVBoxSVC.exe-2848.log
2015-03-07 14:29 - 2015-03-07 14:29 - 00000000 ____D () C:\Users\Dawn\AppData\Roaming\Oracle
2015-03-07 14:16 - 2015-03-07 14:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-07 14:16 - 2015-03-07 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-07 14:16 - 2015-03-07 14:16 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-06 16:16 - 2015-03-06 16:16 - 00000247 _____ () C:\Windows\system32\2015-03-06-20-16-39.063-aswFe.exe-6112.log
2015-03-06 16:11 - 2015-03-06 16:16 - 00000247 _____ () C:\Windows\system32\2015-03-06-20-11-08.014-aswFe.exe-4256.log
2015-03-06 16:11 - 2015-03-06 16:11 - 00000197 _____ () C:\Windows\system32\2015-03-06-20-11-03.047-AvastVBoxSVC.exe-5720.log
2015-03-03 18:42 - 2015-03-03 18:42 - 00000000 ____D () C:\ProgramData\Sun
2015-03-03 18:40 - 2015-03-03 18:40 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-25 17:35 - 2015-02-25 17:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-25 17:03 - 2015-02-26 01:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-22 15:38 - 2015-02-22 15:38 - 00000197 _____ () C:\Windows\system32\2015-02-22-19-38-07.085-AvastVBoxSVC.exe-2052.log
2015-02-22 13:58 - 2015-03-22 16:13 - 00000000 ____D () C:\Users\Dawn\Documents\My eBooks
2015-02-22 05:48 - 2015-02-22 05:48 - 00000247 _____ () C:\Windows\system32\2015-02-22-09-48-16.032-aswFe.exe-968.log
2015-02-22 05:40 - 2015-02-22 05:48 - 00000247 _____ () C:\Windows\system32\2015-02-22-09-40-23.004-aswFe.exe-4744.log
2015-02-22 05:40 - 2015-02-22 05:40 - 00000197 _____ () C:\Windows\system32\2015-02-22-09-40-18.004-AvastVBoxSVC.exe-5900.log
2015-02-22 05:27 - 2015-02-22 05:28 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-22 05:27 - 2015-02-22 05:28 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-22 05:15 - 2015-02-22 05:15 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-22 05:15 - 2015-02-22 05:15 - 00000000 ____D () C:\Users\Dawn\AppData\Roaming\AVAST Software
2015-02-22 05:15 - 2015-02-22 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-22 05:14 - 2015-03-18 06:48 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-22 05:13 - 2015-03-18 06:48 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-02-22 05:13 - 2015-03-18 06:48 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-22 05:13 - 2015-03-18 06:48 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-02-22 05:13 - 2015-03-18 06:48 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-22 05:13 - 2015-03-18 06:48 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-02-22 05:13 - 2015-03-18 06:48 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-22 05:13 - 2015-03-18 06:48 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-22 05:13 - 2015-03-18 06:47 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-02-22 05:10 - 2015-02-22 05:10 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-22 05:08 - 2015-02-22 05:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-22 05:01 - 2015-03-20 15:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-22 05:01 - 2015-02-22 05:01 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-22 05:01 - 2015-02-22 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-22 05:00 - 2015-02-22 05:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-22 05:00 - 2015-02-22 05:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-22 05:00 - 2014-11-21 07:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-22 05:00 - 2014-11-21 07:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-22 05:00 - 2014-11-21 07:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-22 04:52 - 2015-02-22 04:52 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-22 04:52 - 2015-02-22 04:52 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-22 04:52 - 2015-02-22 04:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-22 04:52 - 2015-02-22 04:52 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-22 03:36 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-02-22 03:36 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 08:34 - 2015-01-03 19:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-24 08:28 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-24 08:28 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-24 08:27 - 2014-04-05 08:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-24 08:26 - 2014-04-05 08:11 - 01190329 ____N () C:\Windows\WindowsUpdate.log
2015-03-24 08:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-24 07:55 - 2014-04-05 08:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 16:16 - 2014-04-06 20:14 - 00115712 ___SH () C:\Users\Dawn\Documents\Thumbs.db
2015-03-22 14:06 - 2014-04-05 08:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 13:57 - 2014-04-05 09:04 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-20 16:57 - 2014-04-05 08:25 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 13:59 - 2014-04-05 20:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-20 13:10 - 2014-04-11 07:43 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-03-20 13:08 - 2014-04-12 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderfix-Parhelia Tools
2015-03-20 03:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-19 21:47 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 21:41 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-19 21:37 - 2009-07-14 00:45 - 00411744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-19 21:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-19 21:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-15 15:44 - 2009-09-11 19:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-15 15:44 - 2009-07-13 22:34 - 00000503 _____ () C:\Windows\win.ini
2015-03-14 17:19 - 2014-04-05 08:46 - 00000000 ____D () C:\Users\Dawn\AppData\Local\Adobe
2015-03-14 17:18 - 2015-01-03 19:38 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-14 17:18 - 2015-01-03 19:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-14 17:18 - 2015-01-03 19:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-07 15:10 - 2014-04-06 00:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-07 14:58 - 2014-04-06 00:32 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-07 14:14 - 2014-04-05 18:18 - 00000426 _____ () C:\Windows\BRWMARK.INI
2015-03-03 19:10 - 2014-04-05 08:46 - 00000000 ____D () C:\Users\Dawn\AppData\Roaming\Adobe
2015-02-25 17:09 - 2014-04-16 21:15 - 00000000 ____D () C:\Users\Dawn\AppData\Roaming\Apple Computer
2015-02-24 04:17 - 2014-04-05 08:25 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 15:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\TAPI
2015-02-22 04:58 - 2009-08-03 14:58 - 00000000 ____D () C:\Windows\Panther

==================== Files in the root of some directories =======

2014-04-05 08:49 - 2014-04-06 01:19 - 0007607 _____ () C:\Users\Dawn\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {9f45a1cb-bcdb-11e3-a4aa-fb5b7bfd3abc}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 20

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {9f45a1cb-bcdb-11e3-a4aa-fb5b7bfd3abc}
nx OptIn

Resume from Hibernate
---------------------
identifier {9f45a1cb-bcdb-11e3-a4aa-fb5b7bfd3abc}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}



LastRegBack: 2015-03-15 00:37

==================== End Of Log ============================
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid-FRST Addition Log

Unread postby goalie79 » March 24th, 2015, 8:44 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Dawn at 2015-03-24 08:36:37
Running from C:\Users\Dawn\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat 6.0 Professional (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000001}) (Version: 006.000.000 - Adobe Systems)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-9325CW (HKLM-x32\...\{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}) (Version: 2.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Data Migration Software (HKLM-x32\...\{06F7C876-844A-49C0-A595-9844B2B8CDE9}Visible) (Version: 15.0.15056 - Intel)
Intel® Data Migration Software (x32 Version: 15.0.15056 - Intel) Hidden
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.2.3.400 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.177 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SyncToy 2.1 (x86) (HKLM-x32\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

07-03-2015 01:00:01 Scheduled Checkpoint
13-03-2015 15:32:40 Windows Update
14-03-2015 16:45:30 Removed Canon Cover Sheet Editor
15-03-2015 15:16:23 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
15-03-2015 15:26:38 Windows Update
18-03-2015 06:45:09 avast! antivirus system restore point
18-03-2015 17:27:05 Windows Update
20-03-2015 13:08:09 Removed Windows 7 USB/DVD Download Tool
20-03-2015 13:09:51 Removed InstallShield Restore Point
20-03-2015 13:12:25 Removed JMicron JMB36X Driver
22-03-2015 00:47:08 Windows Update
24-03-2015 07:49:46 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {194E0E2E-1FA6-4B1B-8FD6-108C212DFD48} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-14] (Adobe Systems Incorporated)
Task: {19F4F660-2D75-4AF5-80D5-716FE877995C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {479CDD4E-D441-400F-BB43-DAA6C3EC6401} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {56ED59A3-43DB-4BBB-8490-B0114B6F8B55} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5C5DEDA6-FFE3-4162-9AF6-334BE8C6D21F} - System32\Tasks\{0BC25713-C8C5-436C-B799-C62552FA455B} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe" -c -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Task: {CF151AFC-528F-4B66-B4C1-C431C1B2ABF0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {E94D768B-363C-4CF9-9D40-DD8E6B63343E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-18] (Avast Software s.r.o.)
Task: {F7638356-48AE-4B7D-956D-93A46380D8EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {FD1E3985-6D36-4484-80EC-9DA6B33DBE35} - System32\Tasks\{47FA2D70-0952-4F88-B144-D65BA6EF9086} => C:\Program Files (x86)\Canon\MF Toolbox Ver4.7\MFTBOX.EXE
Task: {FE30AC91-46B6-40AD-A861-AE6D3D0C526E} - System32\Tasks\{97709E22-2C4E-4F31-A1DC-8E919906F0F0} => C:\Program Files (x86)\Canon\MF Toolbox Ver4.7\MFTBOX.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-09-18 03:23 - 2014-09-18 03:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-02-26 14:39 - 2015-02-26 14:39 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 03:23 - 2014-09-18 03:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-02-26 14:39 - 2015-02-26 14:39 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-04-05 20:07 - 2011-04-01 11:26 - 01163264 ____R () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2014-04-05 20:07 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2015-03-18 06:47 - 2015-03-18 06:47 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-18 06:47 - 2015-03-18 06:47 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-24 04:49 - 2015-03-24 04:49 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\15032400\algo.dll
2014-04-05 20:07 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-03-11 15:52 - 2013-03-11 15:52 - 01526080 _____ () C:\Program Files (x86)\Common Files\Intel\Home\icudt38.dll
2015-03-18 06:47 - 2015-03-18 06:47 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-18 06:47 - 2015-03-18 06:47 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-18 06:47 - 2015-03-18 06:47 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-961907201-2733856658-2972413326-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-961907201-2733856658-2972413326-500 - Administrator - Disabled)
Dawn (S-1-5-21-961907201-2733856658-2972413326-1001 - Administrator - Enabled) => C:\Users\Dawn
Guest (S-1-5-21-961907201-2733856658-2972413326-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-961907201-2733856658-2972413326-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2015 07:47:57 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted.

Error: (03/23/2015 07:47:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: lsass.exe, version: 6.1.7601.18779, time stamp: 0x54f92b60
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000020a7a
Faulting process id: 0x290
Faulting application start time: 0xlsass.exe0
Faulting application path: lsass.exe1
Faulting module path: lsass.exe2
Report Id: lsass.exe3

Error: (03/23/2015 03:00:02 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).


System errors:
=============
Error: (03/24/2015 08:04:28 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/24/2015 08:04:27 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/24/2015 08:04:27 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/24/2015 08:04:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/24/2015 08:04:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/23/2015 07:54:14 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.

Error: (03/23/2015 07:54:12 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.

Error: (03/23/2015 07:54:01 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.

Error: (03/23/2015 07:49:39 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:48:33 AM on ‎3/‎23/‎2015 was unexpected.

Error: (03/23/2015 07:48:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (03/23/2015 07:47:57 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: C:\Windows\system32\lsass.exe255

Error: (03/23/2015 07:47:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: lsass.exe6.1.7601.1877954f92b60ntdll.dll6.1.7601.18247521eaf24c00000050000000000020a7a29001d064caf4d4d3d2C:\Windows\system32\lsass.exeC:\Windows\SYSTEM32\ntdll.dll708fbeef-d152-11e4-9c38-c89cdc7b1747

Error: (03/23/2015 03:00:02 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: D:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 33%
Total physical RAM: 4029.22 MB
Available physical RAM: 2661.96 MB
Total Pagefile: 8056.63 MB
Available Pagefile: 6669.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:72.28 GB) NTFS
Drive e: (Data) (Fixed) (Total:232.88 GB) (Free:131.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 6A244DF3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: E2AAE1B2)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites-symptoms persis

Unread postby goalie79 » March 24th, 2015, 5:07 pm

fyi - still seeing redirects prior to awaiting your reply.
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » March 24th, 2015, 11:43 pm

Hello goalie79,

I don't recommend you to use hxxp://www.loudoun.k12.va.us/mses as your home page for browsers - try to set them to simple Google.com

Step 1.
  1. Click Start
  2. Type notepad.exe in the search programs and files box and click Enter.
  3. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    HKU\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.loudoun.k12.va.us/mses
    Toolbar: HKU\S-1-5-21-961907201-2733856658-2972413326-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/nirvana/controls/pcmatic.cab 
    FF ProfilePath: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\4nkuiskk.default-1426366701779
    FF Homepage: hxxp://www.loudoun.k12.va.us/mses 
    CHR HomePage: Default -> hxxp://www.loudoun.k12.va.us/mses
    CHR Extension: (No Name) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
    CHR Extension: (Ebates Cash Back Button) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-01-04]
    CHR Extension: (No Name) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  4. Save it next to FRST64.exe on your Desktop as filename fixlist.txt

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system!
  5. NOTE: It's important that both files, FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  6. Right-click FRST64.exe and select "Run as administrator..." to run it.
  7. Press the Fix button just once. Then wait.
  8. When finished, it will create a Fixlog.txt log on your Desktop.
  9. Please post the content of the Fixlog.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the Fixlog.txt file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Redirecting to iLivid-Home Page is curious...

Unread postby goalie79 » March 25th, 2015, 12:04 am

- Interesting comment- that was never to be HXXP....wonder if that was part of what happened here and pages were redirected..??? I just verified the home page location (local school system in this area) to be: "http://www.loudoun.k12.va.us/mses"
- Should I change that in the repair notepad script wherever I see it?

Great catch!
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid-Fixlog.txt

Unread postby goalie79 » March 25th, 2015, 12:16 am

- redirects occurred about 4 times after reboot before I could successfully get this log posted.
- redirect occurred when I initially went to viewtopic.php?f=11&t=63597&start=15 and several times thereafter until I got to the posting, then occurred when:
a - clicked 2 on the page count for the posting
b - went to multiple (but new) redirects..

------
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Dawn at 2015-03-25 00:07:33 Run:1
Running from C:\Users\Dawn\Desktop
Loaded Profiles: Dawn (Available profiles: Dawn)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.loudoun.k12.va.us/mses
Toolbar: HKU\S-1-5-21-961907201-2733856658-2972413326-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/nirvana/controls/pcmatic.cab
FF ProfilePath: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\4nkuiskk.default-1426366701779
FF Homepage: http://www.loudoun.k12.va.us/mses
CHR HomePage: Default -> http://www.loudoun.k12.va.us/mses
CHR Extension: (No Name) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Ebates Cash Back Button) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-01-04]
CHR Extension: (No Name) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

HKU\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94}" => Key deleted successfully.
FF ProfilePath: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\4nkuiskk.default-1426366701779 => Should not be moved.
Firefox homepage deleted successfully.
Chrome HomePage deleted successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => Moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi => Moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 149.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 00:07:46 ====
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby goalie79 » March 25th, 2015, 7:22 am

When checking for a response i first received a redirect to here:
- https://binaryprofessional.com/PorterFi ... rl_id=4312
- then here:
http://www.undervaluedquarterly.com/stv ... kid=115528
- before I could get back to here to post this.
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » March 25th, 2015, 10:58 am

Hello goalie79,

Interesting comment- that was never to be HXXP....wonder if that was part of what happened here and pages were redirected..???
Of course, this is not a real web address - when there are doubts about the safety of link, the standard prefix 'http' is changed to 'hxxp' and it will not work properly if somebody click on it even by mistake...

Should I change that in the repair notepad script wherever I see it?
No.

By the way, while I analyze your resent logs, tell me please is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware