Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware/Virus suspected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware/Virus suspected

Unread postby maranatha-lord » June 28th, 2015, 12:21 pm

Hi,

My laptop has become very slow almost to the point where I cannot use it. I had to log in safe mode to run the DDS log and post this.

Here is the log:

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16644 BrowserJavaVersion: 11.25.2
Run by User 1 at 17:13:27 on 2015-06-28
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.2037.708 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus 2015 *Disabled/Outdated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2015 *Disabled/Outdated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: avast! Antivirus *Enabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2015\avgscanx.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: {256db8bc-7da7-4248-97cd-44e07216b7f1} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CBD30D2F-3C5D-48C5-8E0D-99352B30B487} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2015-5-7 191968]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2015-5-7 166880]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2015-3-20 35808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2015-5-4 213984]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-6-28 119512]
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-12-24 49904]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-12-24 209048]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2015-5-7 290272]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-12-24 787760]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-12-24 427992]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2015-3-11 132576]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2015-4-27 226784]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2015-5-14 29664]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2015-4-15 206816]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-12-24 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-12-24 74976]
S2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-12-24 343336]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2015-5-18 3438544]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2015-5-18 311792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-5 47640]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2015-6-28 1871160]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-6-28 1080120]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-1-2 315488]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2015-4-22 220752]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2015-4-22 3207800]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-6-28 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-6-28 51928]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 375120]
.
=============== Created Last 30 ================
.
2015-06-28 16:09:54 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-28 16:09:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-28 16:09:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-28 16:09:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-28 16:09:14 -------- d-----w- c:\programdata\Malwarebytes
2015-06-28 16:09:14 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-06-08 12:22:04 -------- d-----w- c:\programdata\Avg_Update_0215pit
2015-06-08 12:06:37 -------- d-----w- c:\users\user 1\appdata\roaming\AVG2015
2015-06-08 12:04:27 -------- d-----w- c:\users\user 1\appdata\roaming\TuneUp Software
2015-06-08 12:03:09 -------- d--h--w- C:\$AVG
2015-06-08 12:03:09 -------- d-----w- c:\programdata\AVG2015
2015-06-08 12:01:47 -------- d-----w- c:\program files\AVG
2015-06-08 11:57:27 -------- d--h--w- c:\programdata\Common Files
2015-06-08 11:57:27 -------- d-----w- c:\users\user 1\appdata\local\MFAData
2015-06-08 11:57:27 -------- d-----w- c:\users\user 1\appdata\local\Avg2015
2015-06-08 11:57:27 -------- d-----w- c:\programdata\MFAData
2015-06-07 19:31:44 279040 ----a-w- c:\windows\system32\schannel.dll
2015-06-07 19:30:07 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-06-07 19:30:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-06-07 19:30:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-06-07 19:30:07 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-06-07 19:30:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-06-07 19:30:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-06-07 19:30:06 801792 ----a-w- c:\windows\system32\FntCache.dll
2015-06-07 19:30:06 2065408 ----a-w- c:\windows\system32\win32k.sys
2015-06-07 19:30:06 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-06-07 19:30:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-06-07 19:28:20 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-07 19:27:38 939008 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2015-06-07 19:27:37 985088 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2015-06-07 19:27:37 967168 ----a-w- c:\program files\windows journal\JNWDRV.dll
2015-06-07 19:27:37 1850880 ----a-w- c:\program files\windows journal\Journal.exe
2015-06-07 19:27:37 1219584 ----a-w- c:\program files\windows journal\NBDoc.DLL
2015-06-07 19:25:12 279552 ----a-w- c:\windows\system32\services.exe
2015-06-07 17:30:47 9265072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bf85e026-cee7-4b97-bb4b-1a692fa7c18b}\mpengine.dll
.
==================== Find3M ====================
.
2015-05-14 12:49:12 29664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2015-05-07 12:52:08 290272 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-05-07 12:52:06 191968 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2015-05-04 13:15:06 213984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-04-27 12:19:26 226784 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-04-22 12:12:22 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-22 12:12:22 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-22 12:12:22 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-22 12:12:22 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-22 12:12:10 43112 ----a-w- c:\windows\avastSS.scr
2015-04-22 12:11:58 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-15 12:05:06 206816 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-04-14 01:35:06 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 01:35:06 536776 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-04-10 15:25:46 367616 ----a-w- c:\windows\system32\html.iec
2015-04-10 15:25:45 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-04-10 15:20:33 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-04-10 15:20:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-04-10 15:19:31 421888 ----a-w- c:\windows\system32\vbscript.dll
2015-04-10 15:19:16 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-04-10 15:18:44 11776 ----a-w- c:\windows\system32\mshta.exe
2015-04-10 15:18:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:18:18.93 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 05/08/2010 17:42:13
System Uptime: 28/06/2015 17:02:42 (0 hours ago)
.
Motherboard: Dell Inc. | | 0NX906
Processor: Intel(R) Core(TM)2 Duo CPU T5270 @ 1.40GHz | Microprocessor | 1396/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 78 GiB total, 38.035 GiB free.
D: is FIXED (NTFS) - 155 GiB total, 138.236 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Reader 9.5.5
Avast Free Antivirus
AVG 2015
Dell Resource CD
Epson Easy Photo Print 2
Epson Event Manager
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
EPSON SX210 Series Printer Uninstall
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Java 8 Update 25
Java Auto Updater
Malwarebytes Anti-Malware version 2.1.6.1022
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice 4.1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
Security Update for Microsoft .NET Framework 4.5.1 (KB3048077)
Shared C Run-time for x86
Skype Click to Call
Skype™ 7.1
Sonic Activation Module
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual Studio 2012 x86 Redistributables
.
==== End Of File ===========================
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm
Advertisement
Register to Remove

Re: Malware/Virus suspected

Unread postby pgmigg » June 28th, 2015, 10:27 pm

Hello maranatha-lord,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware/Virus suspected

Unread postby pgmigg » June 28th, 2015, 11:52 pm

Hello maranatha-lord,

WARNING!
Multiple Anti Virus programs detected
  1. It looks like you are operating your computer with multiple Anti Virus programs installed at once:
    AV: avast! Antivirus
    AV: AVG AntiVirus 2015
  2. Running - more than one - antivirus program is not recommended because:
    1. They can conflict with each other.
    2. Report the other antivirus software as malicious.
    3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
    4. Can cause your computer to run slowly, become unstable and crash.
  3. I strongly suggest you uninstall one of them. Which one is your decision, but if you asked me, I would recommend you to uninstall AVG AntiVirus 2015.
  4. Please let me know which AV you decided to keep in the next reply

Then:
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please include in your next reply:
  1. Your decision about AV which you would like to keep
  2. Answers to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware/Virus suspected

Unread postby maranatha-lord » June 29th, 2015, 3:36 am

A) uninstalled AVG

B) No, this computer is not used for business purposes nor is it connected to a business/education network.
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby pgmigg » June 29th, 2015, 4:27 pm

Hello maranatha-lord,

uninstalled AVG
Good choice! :D
No, this computer is not used for business purposes nor is it connected to a business/education network.
Thank you!

Actually, at first glance, I don't see any serious malware on your computer - however let check it firstly. Then I plan check some technical parameters of your machine...

Step 1.
Create a System Restore Point
Because we are going to be making changes to your computer, it is advisable to create a new System Restore Point.
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point, we can proceed.
If you have NOT successfully created a System Restore Point, do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Java 8 Update 25
    Java Auto Updater
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot (restart) your computer.

Step 3.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button. The AdwCleaner may reboot your computer - please allow it...
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 4.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 5.
TDSSKiller - Rootkit Removal Tool Image
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator...".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. Click Change parameters
  4. Under Additional Options CHECK Verify file digital signatures
  5. IMPORTANT: Ensure Detect TDLFS file system remains UNCHECKED.
  6. Click OK if changes were made.
  7. Click Start scan and allow it to scan for Malicious objects.
    • If Malicious objects are detected, the default action will be Cure, ensure SKIP is selected... then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    DO NOT change the default actions, other than CURE to SKIP.
  8. You may be asked to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  9. A log will be created on your root drive (usually C:) drive. The log will have a name like Name.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  10. If no reboot is required, click on Report. A log file should appear.
  11. Please post the contents of the log file in your next reply

Step 6.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Sn].txt log file
  3. Contents of the JRT.txt log file
  4. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  5. Contents of a OTL.txt log file
  6. Contents of a Extras.txt log file
  7. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware/Virus suspected

Unread postby maranatha-lord » June 29th, 2015, 6:41 pm

Firstly ... after the adwcleaner was run things seem to be a lot better now :-)

Here are the logs:

# AdwCleaner v4.207 - Logfile created 29/06/2015 at 22:59:36
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.1 [Local]
# Operating system : Windows Vista (TM) Business Service Pack 2 (x86)
# Username : User 1 - GREVILLE-DELL-P
# Running from : D:\Data\Greville\Downloads\adwcleaner_4.207.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files\MyPC Backup
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\User 1\AppData\Local\Conduit
Folder Found : C:\Users\User 1\AppData\LocalLow\Conduit
Folder Found : C:\Users\User 1\AppData\Roaming\Systweak

***** [ Scheduled tasks ] *****

Task Found : LaunchApp
Task Found : RegClean Pro

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Avg Secure Update
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
Key Found : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
Key Found : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
Key Found : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
Key Found : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
Key Found : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
Key Found : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
Key Found : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
Key Found : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
Key Found : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
Key Found : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
Key Found : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
Key Found : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
Key Found : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
Key Found : HKLM\SOFTWARE\Classes\SmileyCentral_1vInstaller.Start
Key Found : HKLM\SOFTWARE\Classes\SmileyCentral_1vInstaller.Start.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16659


-\\ Google Chrome v43.0.2357.124

[C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106574
[C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=053E8413-DCDC-4790-BF48-83D4433A6267&apn_sauid=98E3F03E-D2E6-4931-9801-8CF05584F2E9

*************************

AdwCleaner[R0].txt - [5763 bytes] - [29/06/2015 22:59:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5822 bytes] ##########
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby maranatha-lord » June 29th, 2015, 6:42 pm

# AdwCleaner v4.207 - Logfile created 29/06/2015 at 23:10:08
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.1 [Local]
# Operating system : Windows Vista (TM) Business Service Pack 2 (x86)
# Username : User 1 - GREVILLE-DELL-P
# Running from : D:\Data\Greville\Downloads\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Users\User 1\AppData\Local\Conduit
Folder Deleted : C:\Users\User 1\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\User 1\AppData\Roaming\Systweak

***** [ Scheduled tasks ] *****

Task Deleted : LaunchApp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
Key Deleted : HKLM\SOFTWARE\Classes\SmileyCentral_1vInstaller.Start
Key Deleted : HKLM\SOFTWARE\Classes\SmileyCentral_1vInstaller.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16659


-\\ Google Chrome v43.0.2357.124

[C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106574
[C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=053E8413-DCDC-4790-BF48-83D4433A6267&apn_sauid=98E3F03E-D2E6-4931-9801-8CF05584F2E9

*************************

AdwCleaner[R0].txt - [5901 bytes] - [29/06/2015 22:59:36]
AdwCleaner[S0].txt - [5905 bytes] - [29/06/2015 23:10:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5964 bytes] ##########
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby maranatha-lord » June 29th, 2015, 6:43 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.1 (06.28.2015:2)
OS: Windows Vista (TM) Business x86
Ran by User 1 on 29/06/2015 at 23:19:10.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{256DB8BC-7DA7-4248-97CD-44E07216B7F1}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8BB173FE-3535-44A0-913B-BC56A72C8CC9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\User 1\AppData\Roaming\tuneup software



~~~ Chrome


[C:\Users\User 1\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\User 1\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\User 1\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\User 1\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/06/2015 at 23:23:03.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby maranatha-lord » June 29th, 2015, 6:48 pm

23:25:54.0350 0x0b0c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:25:58.0381 0x0b0c ============================================================
23:25:58.0381 0x0b0c Current date / time: 2015/06/29 23:25:58.0381
23:25:58.0381 0x0b0c SystemInfo:
23:25:58.0381 0x0b0c
23:25:58.0381 0x0b0c OS Version: 6.0.6002 ServicePack: 2.0
23:25:58.0381 0x0b0c Product type: Workstation
23:25:58.0381 0x0b0c ComputerName: GREVILLE-DELL-P
23:25:58.0381 0x0b0c UserName: User 1
23:25:58.0381 0x0b0c Windows directory: C:\Windows
23:25:58.0381 0x0b0c System windows directory: C:\Windows
23:25:58.0381 0x0b0c Processor architecture: Intel x86
23:25:58.0381 0x0b0c Number of processors: 1
23:25:58.0381 0x0b0c Page size: 0x1000
23:25:58.0381 0x0b0c Boot type: Normal boot
23:25:58.0381 0x0b0c ============================================================
23:26:00.0343 0x0b0c KLMD registered as C:\Windows\system32\drivers\58627292.sys
23:26:00.0475 0x0b0c System UUID: {18620DA4-462A-3A31-6754-46AB7D2F291E}
23:26:01.0372 0x0b0c Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:26:01.0372 0x0b0c ============================================================
23:26:01.0372 0x0b0c \Device\Harddisk0\DR0:
23:26:01.0372 0x0b0c MBR partitions:
23:26:01.0372 0x0b0c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x9C40000
23:26:01.0372 0x0b0c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C40800, BlocksNum 0x13584800
23:26:01.0372 0x0b0c ============================================================
23:26:01.0387 0x0b0c C: <-> \Device\Harddisk0\DR0\Partition1
23:26:01.0450 0x0b0c D: <-> \Device\Harddisk0\DR0\Partition2
23:26:01.0450 0x0b0c ============================================================
23:26:01.0450 0x0b0c Initialize success
23:26:01.0450 0x0b0c ============================================================
23:26:20.0631 0x0820 ============================================================
23:26:20.0636 0x0820 Scan started
23:26:20.0636 0x0820 Mode: Manual;
23:26:20.0636 0x0820 ============================================================
23:26:20.0636 0x0820 KSN ping started
23:26:34.0172 0x0820 KSN ping finished: true
23:26:34.0842 0x0820 ================ Scan system memory ========================
23:26:34.0842 0x0820 System memory - ok
23:26:34.0852 0x0820 ================ Scan services =============================
23:26:35.0020 0x0820 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:26:35.0036 0x0820 ACPI - ok
23:26:35.0102 0x0820 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:26:35.0133 0x0820 adp94xx - ok
23:26:35.0164 0x0820 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:26:35.0180 0x0820 adpahci - ok
23:26:35.0211 0x0820 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:26:35.0211 0x0820 adpu160m - ok
23:26:35.0258 0x0820 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:26:35.0258 0x0820 adpu320 - ok
23:26:35.0305 0x0820 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:26:35.0305 0x0820 AeLookupSvc - ok
23:26:35.0367 0x0820 [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD C:\Windows\system32\drivers\afd.sys
23:26:35.0383 0x0820 AFD - ok
23:26:35.0445 0x0820 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:26:35.0445 0x0820 agp440 - ok
23:26:35.0461 0x0820 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:26:35.0476 0x0820 aic78xx - ok
23:26:35.0508 0x0820 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
23:26:35.0508 0x0820 ALG - ok
23:26:35.0523 0x0820 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
23:26:35.0539 0x0820 aliide - ok
23:26:35.0570 0x0820 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:26:35.0570 0x0820 amdagp - ok
23:26:35.0601 0x0820 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
23:26:35.0601 0x0820 amdide - ok
23:26:35.0632 0x0820 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:26:35.0632 0x0820 AmdK7 - ok
23:26:35.0664 0x0820 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:26:35.0664 0x0820 AmdK8 - ok
23:26:35.0726 0x0820 [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo C:\Windows\System32\appinfo.dll
23:26:35.0726 0x0820 Appinfo - ok
23:26:35.0788 0x0820 [ 0FE769CAE5855B53C90E23F85E7E89FF, 7163E364D33EDABCFC1E1B586D28FA906F34A764BF4B3031DF020043EAE0D3BF ] AppMgmt C:\Windows\System32\appmgmts.dll
23:26:35.0804 0x0820 AppMgmt - ok
23:26:35.0851 0x0820 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
23:26:35.0851 0x0820 arc - ok
23:26:35.0898 0x0820 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:26:35.0913 0x0820 arcsas - ok
23:26:36.0308 0x0820 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:26:36.0324 0x0820 aspnet_state - ok
23:26:36.0371 0x0820 [ EFDEF61C488A193986D4672658E91532, B2E97542F7C608937005A2ABFA10F7FD8F3E8F1AB3FBE621772E41048BBDDDBE ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
23:26:36.0371 0x0820 aswHwid - ok
23:26:36.0418 0x0820 [ 91AAF4792987B43C0653D74516F092C8, DFFB5D0BA6537E2B6A45292B8A2B566F848D54A2FB54017711236E2D3BCBEBBE ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
23:26:36.0433 0x0820 aswMonFlt - ok
23:26:36.0480 0x0820 [ 8FE9BB175E9C789FED4CB6CEFEC4EE18, 2DB5AEFD32E4E204E30581F1F4B16B80DB44BDD88F3BAC263279B0EB80612447 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
23:26:36.0480 0x0820 aswRdr - ok
23:26:36.0527 0x0820 [ 2DB91CE80C367ACDD1331DE9B1E3EAEF, 7AF35FBA1DB6A44928A6DF554E9428C3E21191B376756718832FCD66F9F9D07C ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
23:26:36.0527 0x0820 aswRvrt - ok
23:26:36.0620 0x0820 [ 83DF5B3DE1C6527972946CDB328446F7, F4CA80903EE6FCB7E5A7B0E989692B6B5177CE03D3BFFE6A93D53C8B364EE833 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
23:26:36.0652 0x0820 aswSnx - ok
23:26:36.0761 0x0820 [ 16D269F0EF94DB61FAB6934DEED19C91, EAFCE70C0816EAEA6BB8F41A935AE5EDE389C6832FBD45413893DFC5458E5D3D ] aswSP C:\Windows\system32\drivers\aswSP.sys
23:26:36.0776 0x0820 aswSP - ok
23:26:36.0823 0x0820 [ 9064B31FA781B925136DD68C17C0B1B4, 2CC4755E19151342ED4900201925AC1DFF90EF78AA97994C70D8E789F097B623 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
23:26:36.0823 0x0820 aswTdi - ok
23:26:36.0859 0x0820 [ D45875D018F9FB9BF19B976AD8791DE9, 9AA70417A9AAFF5515C6B1FFADD563FBDC0BC62AA0B9FDA8A771E67203C12270 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
23:26:36.0859 0x0820 aswVmm - ok
23:26:36.0936 0x0820 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:26:36.0936 0x0820 AsyncMac - ok
23:26:36.0957 0x0820 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
23:26:36.0957 0x0820 atapi - ok
23:26:37.0044 0x0820 [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:26:37.0059 0x0820 AudioEndpointBuilder - ok
23:26:37.0084 0x0820 [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:26:37.0094 0x0820 Audiosrv - ok
23:26:37.0285 0x0820 [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:26:37.0316 0x0820 avast! Antivirus - ok
23:26:37.0768 0x0820 [ E5CA07C1A5A4C7095FC8937D84B37243, A881B253767305ED181DB0A270C3D6CFC5FA2293F1BB050793289DD86B1C20BB ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
23:26:37.0932 0x0820 AvastVBoxSvc - ok
23:26:38.0008 0x0820 [ 08015D34F6FDD0B355805BAD978497C3, AAD5F919215B8630DCCADF2AC8DC82BAA543C52B1682B476093E014532B20EBD ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
23:26:38.0028 0x0820 bcm4sbxp - ok
23:26:38.0079 0x0820 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
23:26:38.0084 0x0820 Beep - ok
23:26:38.0156 0x0820 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
23:26:38.0172 0x0820 BFE - ok
23:26:38.0222 0x0820 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
23:26:38.0282 0x0820 BITS - ok
23:26:38.0329 0x0820 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:26:38.0344 0x0820 blbdrive - ok
23:26:38.0422 0x0820 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:26:38.0422 0x0820 bowser - ok
23:26:38.0485 0x0820 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:26:38.0485 0x0820 BrFiltLo - ok
23:26:38.0531 0x0820 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:26:38.0531 0x0820 BrFiltUp - ok
23:26:38.0563 0x0820 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
23:26:38.0563 0x0820 Browser - ok
23:26:38.0609 0x0820 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:26:38.0609 0x0820 Brserid - ok
23:26:38.0641 0x0820 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:26:38.0641 0x0820 BrSerWdm - ok
23:26:38.0672 0x0820 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:26:38.0672 0x0820 BrUsbMdm - ok
23:26:38.0703 0x0820 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:26:38.0703 0x0820 BrUsbSer - ok
23:26:38.0734 0x0820 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:26:38.0734 0x0820 BTHMODEM - ok
23:26:38.0765 0x0820 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:26:38.0765 0x0820 cdfs - ok
23:26:38.0797 0x0820 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:26:38.0797 0x0820 cdrom - ok
23:26:38.0843 0x0820 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
23:26:38.0843 0x0820 CertPropSvc - ok
23:26:38.0875 0x0820 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
23:26:38.0875 0x0820 circlass - ok
23:26:38.0953 0x0820 [ 5D9311526801643000D7032A83B18B12, C5A98868A41446617B3A27C6C4AAFA4E7C093E253E8C1DD5DBFE6FAE21991209 ] CLFS C:\Windows\system32\CLFS.sys
23:26:38.0953 0x0820 CLFS - ok
23:26:39.0031 0x0820 [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:26:39.0046 0x0820 clr_optimization_v2.0.50727_32 - ok
23:26:39.0093 0x0820 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:26:39.0155 0x0820 clr_optimization_v4.0.30319_32 - ok
23:26:39.0220 0x0820 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:26:39.0220 0x0820 CmBatt - ok
23:26:39.0260 0x0820 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:26:39.0260 0x0820 cmdide - ok
23:26:39.0312 0x0820 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:26:39.0312 0x0820 Compbatt - ok
23:26:39.0327 0x0820 COMSysApp - ok
23:26:39.0343 0x0820 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:26:39.0343 0x0820 crcdisk - ok
23:26:39.0374 0x0820 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:26:39.0374 0x0820 Crusoe - ok
23:26:39.0452 0x0820 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:26:39.0452 0x0820 CryptSvc - ok
23:26:39.0514 0x0820 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C, 95E3AA76DAF3F9EDE1AAE9B85C779F2716097266F492E0A8D361C6ED9A9AC8CC ] CSC C:\Windows\system32\drivers\csc.sys
23:26:39.0530 0x0820 CSC - ok
23:26:39.0577 0x0820 [ 0A2095F92F6AE4FE6484D911B0C21E95, 52E2E08107FEBD6B46E1C71B39ECA8AB1A0ECF18CA248D9172F831B6FAB99139 ] CscService C:\Windows\System32\cscsvc.dll
23:26:39.0608 0x0820 CscService - ok
23:26:39.0670 0x0820 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:26:39.0686 0x0820 DcomLaunch - ok
23:26:39.0748 0x0820 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:26:39.0748 0x0820 DfsC - ok
23:26:39.0889 0x0820 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
23:26:39.0972 0x0820 DFSR - ok
23:26:40.0044 0x0820 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:26:40.0044 0x0820 Dhcp - ok
23:26:40.0064 0x0820 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
23:26:40.0064 0x0820 disk - ok
23:26:40.0136 0x0820 [ A53723176D0002FEB486EFF8E17812F2, DE528F84C750082D43113FA2BEEE4A873CB68BEE742B45034C434E6910716606 ] DLABMFSM C:\Windows\system32\DLA\DLABMFSM.SYS
23:26:40.0136 0x0820 DLABMFSM - ok
23:26:40.0172 0x0820 [ D4587063ACEA776699251E177D719586, 902D46EF1AF2BFB389CE6853C640CDBF084AD3B78C34BCE93B695A03357F9537 ] DLABOIOM C:\Windows\system32\DLA\DLABOIOM.SYS
23:26:40.0172 0x0820 DLABOIOM - ok
23:26:40.0223 0x0820 [ 5230CDB7E715F3A3B4A882E254CDD35D, 0D6A88DE30A75FAD5FF535468DF56A33E4695C619BFDD7E142AC4516A7878E52 ] DLACDBHM C:\Windows\system32\Drivers\DLACDBHM.SYS
23:26:40.0223 0x0820 DLACDBHM - ok
23:26:40.0255 0x0820 [ C950C2E7B9ED1A4FC4A2AC7EC044F1D6, B41A3F5FE203B188E99628AC93C2BC4E7B4188BA99D5177E10EE75503453A4B5 ] DLADResM C:\Windows\system32\DLA\DLADResM.SYS
23:26:40.0255 0x0820 DLADResM - ok
23:26:40.0270 0x0820 [ 24400137E387A24410C52A591F3CFB4D, 2E9CD1D9E217238E9A38C49B64A91DE2DEEA10867BCBDFA561C3834DB3FB1F51 ] DLAIFS_M C:\Windows\system32\DLA\DLAIFS_M.SYS
23:26:40.0275 0x0820 DLAIFS_M - ok
23:26:40.0305 0x0820 [ 29A303FECEB28641ECEBDAE89EB71C63, 42ABC45AC54F2F6F52D16BC8C84C86CDB0D68D371C4EDF3DA59E4426575F9374 ] DLAOPIOM C:\Windows\system32\DLA\DLAOPIOM.SYS
23:26:40.0305 0x0820 DLAOPIOM - ok
23:26:40.0336 0x0820 [ C93E33A22A1AE0C5508F3FB1F6D0A50C, D37B5A80A7A5DF28790178C1F173CAF223BB4CE5BEC6D02E221D4E611978C98D ] DLAPoolM C:\Windows\system32\DLA\DLAPoolM.SYS
23:26:40.0336 0x0820 DLAPoolM - ok
23:26:40.0352 0x0820 [ 77FE51F0F8D86804CB81F6EF6BFB86DD, 030F70D5703A95964087C3E9EB1E9BAC1ECE8224FFF3E131A5C1D20215C9BB43 ] DLARTL_M C:\Windows\system32\Drivers\DLARTL_M.SYS
23:26:40.0352 0x0820 DLARTL_M - ok
23:26:40.0373 0x0820 [ B953498C35A31E5AC98F49ADBCF3E627, C7F009DA79F64EF8CF1CBF0B3856020C052145C45BF88822E6BF254EE41C5905 ] DLAUDFAM C:\Windows\system32\DLA\DLAUDFAM.SYS
23:26:40.0373 0x0820 DLAUDFAM - ok
23:26:40.0393 0x0820 [ 4897704C093C1F59CE58FC65E1E1EF1E, 421DA304A935623DEB3EF331AD907E8629D5DEBF038E2FDE3D4ED4D5E6BEFD50 ] DLAUDF_M C:\Windows\system32\DLA\DLAUDF_M.SYS
23:26:40.0424 0x0820 DLAUDF_M - ok
23:26:40.0460 0x0820 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:26:40.0465 0x0820 Dnscache - ok
23:26:40.0516 0x0820 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
23:26:40.0532 0x0820 dot3svc - ok
23:26:40.0593 0x0820 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
23:26:40.0603 0x0820 DPS - ok
23:26:40.0660 0x0820 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:26:40.0660 0x0820 drmkaud - ok
23:26:40.0675 0x0820 [ C00440385CF9F3D142917C63F989E244, 5DD3684D3C6DE4E9C82778C4097E9017E1DB0617DDD1D04831263B1E390B2D08 ] DRVMCDB C:\Windows\system32\Drivers\DRVMCDB.SYS
23:26:40.0680 0x0820 DRVMCDB - ok
23:26:40.0721 0x0820 [ FFC371525AA55D1BAE18715EBCB8797C, 4894F67772CEB0143B5DAFE10B42D90727E36A58B02F6221E83CE4CFD26E32B6 ] DRVNDDM C:\Windows\system32\Drivers\DRVNDDM.SYS
23:26:40.0721 0x0820 DRVNDDM - ok
23:26:40.0778 0x0820 [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:26:40.0813 0x0820 DXGKrnl - ok
23:26:40.0874 0x0820 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:26:40.0915 0x0820 E1G60 - ok
23:26:40.0946 0x0820 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
23:26:40.0946 0x0820 EapHost - ok
23:26:40.0967 0x0820 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
23:26:40.0972 0x0820 Ecache - ok
23:26:41.0044 0x0820 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:26:41.0059 0x0820 elxstor - ok
23:26:41.0125 0x0820 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:26:41.0145 0x0820 EMDMgmt - ok
23:26:41.0175 0x0820 [ A81AB23EDDB4693612014D87367D014C, 6AF1B0D3C3A61710A31B11C531E090C363C34A3D7C6365FDFA2B425F03E9EBAB ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:26:41.0175 0x0820 ErrDev - ok
23:26:41.0262 0x0820 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
23:26:41.0262 0x0820 EventSystem - ok
23:26:41.0334 0x0820 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
23:26:41.0365 0x0820 exfat - ok
23:26:41.0428 0x0820 [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:26:41.0428 0x0820 fastfat - ok
23:26:41.0475 0x0820 [ DFBA0F60FA301E5B1BFB1403A93EE23E, 727A01AA77BFD6B6FEB394A4C4CCBDB785987A1904F8EED3739A5F6D03C15965 ] Fax C:\Windows\system32\fxssvc.exe
23:26:41.0490 0x0820 Fax - ok
23:26:41.0537 0x0820 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:26:41.0537 0x0820 fdc - ok
23:26:41.0599 0x0820 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
23:26:41.0615 0x0820 fdPHost - ok
23:26:41.0631 0x0820 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
23:26:41.0646 0x0820 FDResPub - ok
23:26:41.0662 0x0820 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:26:41.0677 0x0820 FileInfo - ok
23:26:41.0693 0x0820 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:26:41.0693 0x0820 Filetrace - ok
23:26:41.0724 0x0820 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:26:41.0724 0x0820 flpydisk - ok
23:26:41.0771 0x0820 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:26:41.0771 0x0820 FltMgr - ok
23:26:41.0896 0x0820 [ 7417E869AE5AAC3026329E7749698110, 14545202D90C23EE6A2ADC5627791A3B43B5EEA6F78F44021C9AE2B5B8A351DD ] FontCache C:\Windows\system32\FntCache.dll
23:26:41.0927 0x0820 FontCache - ok
23:26:42.0005 0x0820 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:26:42.0005 0x0820 FontCache3.0.0.0 - ok
23:26:42.0052 0x0820 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:26:42.0052 0x0820 Fs_Rec - ok
23:26:42.0099 0x0820 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:26:42.0099 0x0820 gagp30kx - ok
23:26:42.0208 0x0820 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
23:26:42.0255 0x0820 gpsvc - ok
23:26:42.0340 0x0820 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:26:42.0345 0x0820 gupdate - ok
23:26:42.0360 0x0820 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:26:42.0365 0x0820 gupdatem - ok
23:26:42.0431 0x0820 [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:26:42.0447 0x0820 HdAudAddService - ok
23:26:42.0494 0x0820 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:26:42.0525 0x0820 HDAudBus - ok
23:26:42.0556 0x0820 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:26:42.0556 0x0820 HidBth - ok
23:26:42.0587 0x0820 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
23:26:42.0587 0x0820 HidIr - ok
23:26:42.0619 0x0820 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
23:26:42.0619 0x0820 hidserv - ok
23:26:42.0650 0x0820 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:26:42.0650 0x0820 HidUsb - ok
23:26:42.0697 0x0820 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
23:26:42.0697 0x0820 hkmsvc - ok
23:26:42.0743 0x0820 [ 7EBEC5EB56B90ED65A8BBD91464E5CFB, 1CBDF532EFFFD564F79A45B2204BF02D9E6AC390796928DBE6DE9AF73E20C4B3 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:26:42.0743 0x0820 HpCISSs - ok
23:26:42.0790 0x0820 [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:26:42.0790 0x0820 HSFHWAZL - ok
23:26:42.0884 0x0820 [ EC36F1D542ED4252390D446BF6D4DFD0, DB55D73726E96D3653C37EEBE628D48466D766A9EC1219ED735D5D8FF2822BE2 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:26:42.0931 0x0820 HSF_DPV - ok
23:26:43.0009 0x0820 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:26:43.0024 0x0820 HTTP - ok
23:26:43.0060 0x0820 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:26:43.0060 0x0820 i2omp - ok
23:26:43.0127 0x0820 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:26:43.0127 0x0820 i8042prt - ok
23:26:43.0153 0x0820 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:26:43.0168 0x0820 iaStorV - ok
23:26:43.0260 0x0820 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:26:43.0275 0x0820 IDriverT - ok
23:26:43.0363 0x0820 [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:26:43.0403 0x0820 idsvc - ok
23:26:43.0748 0x0820 [ 9467514EA189475A6E7FDC5D7BDE9D3F, E6F5B99BF6B614832770F9310B06334A8174C7660DDEC7589433640527A14683 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:26:44.0032 0x0820 igfx - ok
23:26:44.0138 0x0820 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:26:44.0138 0x0820 iirsp - ok
23:26:44.0230 0x0820 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
23:26:44.0246 0x0820 IKEEXT - ok
23:26:44.0292 0x0820 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
23:26:44.0307 0x0820 intelide - ok
23:26:44.0323 0x0820 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:26:44.0323 0x0820 intelppm - ok
23:26:44.0359 0x0820 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:26:44.0374 0x0820 IPBusEnum - ok
23:26:44.0425 0x0820 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:26:44.0425 0x0820 IpFilterDriver - ok
23:26:44.0472 0x0820 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:26:44.0472 0x0820 iphlpsvc - ok
23:26:44.0488 0x0820 IpInIp - ok
23:26:44.0519 0x0820 [ 4B9C0F4D4A3ACC535F9771039ECD6365, C150DB53288BFC30B9CE8C061A5FF3AFCB4D6FFCB76CB4E6966191BB7B2E99EE ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:26:44.0535 0x0820 IPMIDRV - ok
23:26:44.0581 0x0820 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:26:44.0581 0x0820 IPNAT - ok
23:26:44.0613 0x0820 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:26:44.0613 0x0820 IRENUM - ok
23:26:44.0644 0x0820 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:26:44.0644 0x0820 isapnp - ok
23:26:44.0691 0x0820 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:26:44.0706 0x0820 iScsiPrt - ok
23:26:44.0722 0x0820 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:26:44.0722 0x0820 iteatapi - ok
23:26:44.0753 0x0820 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:26:44.0753 0x0820 iteraid - ok
23:26:44.0784 0x0820 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:26:44.0784 0x0820 kbdclass - ok
23:26:44.0815 0x0820 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:26:44.0831 0x0820 kbdhid - ok
23:26:44.0878 0x0820 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
23:26:44.0878 0x0820 KeyIso - ok
23:26:44.0956 0x0820 [ 5035EDF1F2E72F78BB1EC5BD9B97463F, 8AFAD580A96F002FFB22761B65D4B414917895C45B11B53089BB3E0331995EF7 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:26:44.0971 0x0820 KSecDD - ok
23:26:45.0049 0x0820 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:26:45.0065 0x0820 KtmRm - ok
23:26:45.0127 0x0820 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
23:26:45.0143 0x0820 LanmanServer - ok
23:26:45.0190 0x0820 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:26:45.0205 0x0820 LanmanWorkstation - ok
23:26:45.0252 0x0820 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:26:45.0252 0x0820 lltdio - ok
23:26:45.0299 0x0820 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:26:45.0299 0x0820 lltdsvc - ok
23:26:45.0330 0x0820 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:26:45.0330 0x0820 lmhosts - ok
23:26:45.0481 0x0820 [ 2DBE437F190686B191A44E9688EA1AD5, 7E9545F21C334C035465EC81DCFE18D56B227692A24E5D2D6858CD98291EAF1A ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
23:26:45.0518 0x0820 LMIGuardianSvc - ok
23:26:45.0533 0x0820 LMIInfo - ok
23:26:45.0580 0x0820 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
23:26:45.0580 0x0820 lmimirr - ok
23:26:45.0596 0x0820 LMIRfsClientNP - ok
23:26:45.0627 0x0820 [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
23:26:45.0627 0x0820 LMIRfsDriver - ok
23:26:45.0658 0x0820 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:26:45.0674 0x0820 LSI_FC - ok
23:26:45.0720 0x0820 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:26:45.0736 0x0820 LSI_SAS - ok
23:26:45.0752 0x0820 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:26:45.0767 0x0820 LSI_SCSI - ok
23:26:45.0783 0x0820 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
23:26:45.0783 0x0820 luafv - ok
23:26:45.0845 0x0820 [ 39603EEF8E6A55FC951600AF796FCB26, AD72A3D85B866AA30BF62F710B51A0445D91875F662DD49AEB75B8DB0F0E0DC0 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:26:45.0845 0x0820 MBAMProtector - ok
23:26:45.0954 0x0820 [ 09AF7E9CCD7888493EE7AA20F9F5B46A, 14D8F7584513F43384BB80DE170F09F7C0D9A6DFD7250BC33A07BBC2290A5474 ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
23:26:46.0048 0x0820 MBAMScheduler - ok
23:26:46.0187 0x0820 [ 0CA0A394693FB627E107F279E30B830B, 7094A22865F694EAE00E15D0E1C1A0799028667F7AF91264C125104063DC4822 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
23:26:46.0275 0x0820 MBAMService - ok
23:26:46.0320 0x0820 [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:26:46.0325 0x0820 MBAMSwissArmy - ok
23:26:46.0350 0x0820 [ 5CC135D7BC671237F2FD6996172D1BCD, 162A9EA9DFD5B5C7CEB1723EA2252615817A93F4703B2C58850D3B9E68D8EEA5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
23:26:46.0355 0x0820 MBAMWebAccessControl - ok
23:26:46.0406 0x0820 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
23:26:46.0422 0x0820 megasas - ok
23:26:46.0443 0x0820 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:26:46.0478 0x0820 MegaSR - ok
23:26:46.0524 0x0820 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
23:26:46.0539 0x0820 MMCSS - ok
23:26:46.0555 0x0820 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
23:26:46.0560 0x0820 Modem - ok
23:26:46.0585 0x0820 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:26:46.0616 0x0820 monitor - ok
23:26:46.0632 0x0820 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:26:46.0632 0x0820 mouclass - ok
23:26:46.0663 0x0820 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:26:46.0663 0x0820 mouhid - ok
23:26:46.0683 0x0820 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:26:46.0688 0x0820 MountMgr - ok
23:26:46.0760 0x0820 [ 5DA347912FD3AF24D7BFB3DE519D4BD0, 4115406BAD580D9B4BF9589711D76B61CF516959E467BFA4456CE78017F89FCB ] mpio C:\Windows\system32\drivers\mpio.sys
23:26:46.0765 0x0820 mpio - ok
23:26:46.0785 0x0820 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:26:46.0790 0x0820 mpsdrv - ok
23:26:46.0842 0x0820 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:26:46.0873 0x0820 MpsSvc - ok
23:26:46.0924 0x0820 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:26:46.0924 0x0820 Mraid35x - ok
23:26:46.0955 0x0820 [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:26:46.0960 0x0820 MRxDAV - ok
23:26:47.0016 0x0820 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:26:47.0032 0x0820 mrxsmb - ok
23:26:47.0068 0x0820 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:26:47.0073 0x0820 mrxsmb10 - ok
23:26:47.0093 0x0820 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:26:47.0103 0x0820 mrxsmb20 - ok
23:26:47.0138 0x0820 [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci C:\Windows\system32\drivers\msahci.sys
23:26:47.0138 0x0820 msahci - ok
23:26:47.0178 0x0820 [ 2C563AEF15B8D0014C36C5F27742AC7B, 378BA92A1C7E3B0DEBD7B4C28EDF9E5461313D66985B40EFB075DD6169936494 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:26:47.0183 0x0820 msdsm - ok
23:26:47.0240 0x0820 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
23:26:47.0240 0x0820 MSDTC - ok
23:26:47.0307 0x0820 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:26:47.0307 0x0820 Msfs - ok
23:26:47.0322 0x0820 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:26:47.0322 0x0820 msisadrv - ok
23:26:47.0359 0x0820 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:26:47.0374 0x0820 MSiSCSI - ok
23:26:47.0399 0x0820 msiserver - ok
23:26:47.0446 0x0820 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:26:47.0446 0x0820 MSKSSRV - ok
23:26:47.0467 0x0820 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:26:47.0467 0x0820 MSPCLOCK - ok
23:26:47.0508 0x0820 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:26:47.0508 0x0820 MSPQM - ok
23:26:47.0539 0x0820 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:26:47.0555 0x0820 MsRPC - ok
23:26:47.0586 0x0820 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:26:47.0586 0x0820 mssmbios - ok
23:26:47.0617 0x0820 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:26:47.0617 0x0820 MSTEE - ok
23:26:47.0633 0x0820 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
23:26:47.0648 0x0820 Mup - ok
23:26:47.0695 0x0820 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
23:26:47.0711 0x0820 napagent - ok
23:26:47.0757 0x0820 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:26:47.0773 0x0820 NativeWifiP - ok
23:26:47.0820 0x0820 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:26:47.0851 0x0820 NDIS - ok
23:26:47.0867 0x0820 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:26:47.0867 0x0820 NdisTapi - ok
23:26:47.0913 0x0820 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:26:47.0913 0x0820 Ndisuio - ok
23:26:47.0945 0x0820 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:26:47.0945 0x0820 NdisWan - ok
23:26:47.0976 0x0820 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:26:47.0976 0x0820 NDProxy - ok
23:26:47.0991 0x0820 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:26:48.0007 0x0820 NetBIOS - ok
23:26:48.0038 0x0820 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:26:48.0038 0x0820 netbt - ok
23:26:48.0054 0x0820 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
23:26:48.0069 0x0820 Netlogon - ok
23:26:48.0116 0x0820 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
23:26:48.0132 0x0820 Netman - ok
23:26:48.0194 0x0820 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:26:48.0210 0x0820 NetMsmqActivator - ok
23:26:48.0225 0x0820 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:26:48.0241 0x0820 NetPipeActivator - ok
23:26:48.0272 0x0820 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
23:26:48.0288 0x0820 netprofm - ok
23:26:48.0319 0x0820 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:26:48.0319 0x0820 NetTcpActivator - ok
23:26:48.0350 0x0820 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:26:48.0350 0x0820 NetTcpPortSharing - ok
23:26:48.0534 0x0820 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7, EE044FB7A49336FEDA1BDBBD2AD7A4A163C780A6A464B7712688E0BA0B4E6C40 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
23:26:48.0656 0x0820 NETw3v32 - ok
23:26:48.0921 0x0820 [ 6522DD40A5F67CED020BD81B856613FB, 2242703412FA89B2D6E9A7025D0C14DFC0BFC66890D295BDA839274C313B4BAF ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
23:26:49.0015 0x0820 NETw4v32 - ok
23:26:49.0077 0x0820 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:26:49.0077 0x0820 nfrd960 - ok
23:26:49.0124 0x0820 [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:26:49.0140 0x0820 NlaSvc - ok
23:26:49.0155 0x0820 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:26:49.0171 0x0820 Npfs - ok
23:26:49.0218 0x0820 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
23:26:49.0218 0x0820 nsi - ok
23:26:49.0270 0x0820 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:26:49.0270 0x0820 nsiproxy - ok
23:26:49.0417 0x0820 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:26:49.0472 0x0820 Ntfs - ok
23:26:49.0497 0x0820 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:26:49.0497 0x0820 ntrigdigi - ok
23:26:49.0567 0x0820 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
23:26:49.0567 0x0820 Null - ok
23:26:49.0629 0x0820 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:26:49.0629 0x0820 nvraid - ok
23:26:49.0649 0x0820 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:26:49.0649 0x0820 nvstor - ok
23:26:49.0674 0x0820 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:26:49.0684 0x0820 nv_agp - ok
23:26:49.0721 0x0820 NwlnkFlt - ok
23:26:49.0736 0x0820 NwlnkFwd - ok
23:26:49.0751 0x0820 [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:26:49.0751 0x0820 ohci1394 - ok
23:26:49.0859 0x0820 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:26:49.0884 0x0820 p2pimsvc - ok
23:26:49.0934 0x0820 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
23:26:49.0964 0x0820 p2psvc - ok
23:26:50.0041 0x0820 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
23:26:50.0041 0x0820 Parport - ok
23:26:50.0062 0x0820 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:26:50.0062 0x0820 partmgr - ok
23:26:50.0077 0x0820 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:26:50.0092 0x0820 Parvdm - ok
23:26:50.0139 0x0820 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
23:26:50.0139 0x0820 PcaSvc - ok
23:26:50.0164 0x0820 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
23:26:50.0174 0x0820 pci - ok
23:26:50.0226 0x0820 [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide C:\Windows\system32\drivers\pciide.sys
23:26:50.0226 0x0820 pciide - ok
23:26:50.0246 0x0820 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:26:50.0256 0x0820 pcmcia - ok
23:26:50.0339 0x0820 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:26:50.0369 0x0820 PEAUTH - ok
23:26:50.0565 0x0820 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
23:26:50.0632 0x0820 pla - ok
23:26:50.0689 0x0820 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:26:50.0705 0x0820 PlugPlay - ok
23:26:50.0767 0x0820 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:26:50.0798 0x0820 PNRPAutoReg - ok
23:26:50.0845 0x0820 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:26:50.0861 0x0820 PNRPsvc - ok
23:26:50.0939 0x0820 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:26:50.0970 0x0820 PolicyAgent - ok
23:26:51.0048 0x0820 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:26:51.0063 0x0820 PptpMiniport - ok
23:26:51.0095 0x0820 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
23:26:51.0110 0x0820 Processor - ok
23:26:51.0157 0x0820 [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc C:\Windows\system32\profsvc.dll
23:26:51.0157 0x0820 ProfSvc - ok
23:26:51.0188 0x0820 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
23:26:51.0188 0x0820 ProtectedStorage - ok
23:26:51.0219 0x0820 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:26:51.0219 0x0820 PSched - ok
23:26:51.0282 0x0820 [ FEFFCFDC528764A04C8ED63D5FA6E711, BECC9174DA5860FCF011957CB6A12DE5074A770DC14076C0C94E63AD42ECF19E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:26:51.0297 0x0820 PxHelp20 - ok
23:26:51.0391 0x0820 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:26:51.0438 0x0820 ql2300 - ok
23:26:51.0469 0x0820 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:26:51.0485 0x0820 ql40xx - ok
23:26:51.0531 0x0820 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
23:26:51.0547 0x0820 QWAVE - ok
23:26:51.0593 0x0820 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:26:51.0603 0x0820 QWAVEdrv - ok
23:26:51.0633 0x0820 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:26:51.0633 0x0820 RasAcd - ok
23:26:51.0658 0x0820 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
23:26:51.0668 0x0820 RasAuto - ok
23:26:51.0714 0x0820 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:26:51.0714 0x0820 Rasl2tp - ok
23:26:51.0745 0x0820 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
23:26:51.0761 0x0820 RasMan - ok
23:26:51.0792 0x0820 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:26:51.0792 0x0820 RasPppoe - ok
23:26:51.0823 0x0820 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:26:51.0823 0x0820 RasSstp - ok
23:26:51.0854 0x0820 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:26:51.0870 0x0820 rdbss - ok
23:26:51.0885 0x0820 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:26:51.0901 0x0820 RDPCDD - ok
23:26:51.0932 0x0820 [ 943B18305EAE3935598A9B4A3D560B4C, E083FA4B9CA1A24031FF23A54942372D7FB3F02F62EE3580F01BEC3229DB2101 ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
23:26:51.0948 0x0820 rdpdr - ok
23:26:51.0963 0x0820 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:26:51.0963 0x0820 RDPENCDD - ok
23:26:52.0041 0x0820 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:26:52.0057 0x0820 RDPWD - ok
23:26:52.0104 0x0820 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
23:26:52.0119 0x0820 RemoteAccess - ok
23:26:52.0151 0x0820 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:26:52.0166 0x0820 RemoteRegistry - ok
23:26:52.0213 0x0820 [ D85E3FA9F5B1F29BB4ED185C450D1470, 5DCB3DF594E907B058CCF3EDA07EB019D9E1835177B6CDAEA2EDE9003699809E ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
23:26:52.0213 0x0820 rimmptsk - ok
23:26:52.0244 0x0820 [ DB8EB01C58C9FADA00C70B1775278AE0, 35F0F3F15211D0F0B3EC85832C7E307ED7FDA6A2C9B463740EA0D7A49BC64926 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
23:26:52.0260 0x0820 rimsptsk - ok
23:26:52.0275 0x0820 [ 6C1F93C0760C9F79A1869D07233DF39D, 70DD037E76F6E89CE9630175772707BB8588324058079B5F18C505B31306BACE ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
23:26:52.0275 0x0820 rismxdp - ok
23:26:52.0557 0x0820 [ EBCDE8B48FADC6479D96A56D0A432160, 2F73D8656A929321D8B651FCFF55DFF5F90489CE9BEB7BB7DC3C7444D9A3C0FD ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
23:26:52.0592 0x0820 RoxMediaDB9 - ok
23:26:52.0647 0x0820 [ AB2B1DE1C8F31EFCE2384B14B3DC4260, 5E67354010A19726810C172775C39C9A9AD3AAE1EB09CF2C552473D75ABD01BD ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
23:26:52.0652 0x0820 RoxWatch9 - ok
23:26:52.0682 0x0820 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
23:26:52.0698 0x0820 RpcLocator - ok
23:26:52.0744 0x0820 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
23:26:52.0776 0x0820 RpcSs - ok
23:26:52.0811 0x0820 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:26:52.0827 0x0820 rspndr - ok
23:26:52.0842 0x0820 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
23:26:52.0842 0x0820 SamSs - ok
23:26:52.0868 0x0820 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:26:52.0873 0x0820 sbp2port - ok
23:26:52.0935 0x0820 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:26:52.0950 0x0820 SCardSvr - ok
23:26:53.0006 0x0820 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
23:26:53.0063 0x0820 Schedule - ok
23:26:53.0093 0x0820 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
23:26:53.0098 0x0820 SCPolicySvc - ok
23:26:53.0143 0x0820 [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:26:53.0148 0x0820 sdbus - ok
23:26:53.0178 0x0820 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:26:53.0215 0x0820 SDRSVC - ok
23:26:53.0246 0x0820 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:26:53.0246 0x0820 secdrv - ok
23:26:53.0261 0x0820 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
23:26:53.0271 0x0820 seclogon - ok
23:26:53.0307 0x0820 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
23:26:53.0323 0x0820 SENS - ok
23:26:53.0343 0x0820 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
23:26:53.0343 0x0820 Serenum - ok
23:26:53.0409 0x0820 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
23:26:53.0409 0x0820 Serial - ok
23:26:53.0441 0x0820 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:26:53.0441 0x0820 sermouse - ok
23:26:53.0522 0x0820 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
23:26:53.0522 0x0820 SessionEnv - ok
23:26:53.0543 0x0820 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:26:53.0543 0x0820 sffdisk - ok
23:26:53.0563 0x0820 [ E5EAFE85815BD89095FEF3144A09AB68, 625A3D73380AA3C1BAACA1ED7382B30DA4E435418DF5AEF911C473ADB220789B ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:26:53.0568 0x0820 sffp_mmc - ok
23:26:53.0599 0x0820 [ 9F66A46C55D6F1CCABC79BB7AFCCC545, 029115C69315D2298F7FC944A53EF7F120FF74919208EB5ABC190022176D9B16 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:26:53.0614 0x0820 sffp_sd - ok
23:26:53.0645 0x0820 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:26:53.0645 0x0820 sfloppy - ok
23:26:53.0707 0x0820 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:26:53.0722 0x0820 SharedAccess - ok
23:26:53.0785 0x0820 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:26:53.0800 0x0820 ShellHWDetection - ok
23:26:53.0847 0x0820 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:26:53.0847 0x0820 sisagp - ok
23:26:53.0878 0x0820 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:26:53.0894 0x0820 SiSRaid2 - ok
23:26:53.0925 0x0820 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:26:53.0925 0x0820 SiSRaid4 - ok
23:26:54.0050 0x0820 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:26:54.0065 0x0820 SkypeUpdate - ok
23:26:54.0362 0x0820 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
23:26:54.0549 0x0820 slsvc - ok
23:26:54.0596 0x0820 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:26:54.0596 0x0820 SLUINotify - ok
23:26:54.0679 0x0820 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:26:54.0679 0x0820 Smb - ok
23:26:54.0744 0x0820 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:26:54.0749 0x0820 SNMPTRAP - ok
23:26:54.0799 0x0820 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
23:26:54.0815 0x0820 spldr - ok
23:26:54.0877 0x0820 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
23:26:54.0893 0x0820 Spooler - ok
23:26:54.0971 0x0820 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
23:26:54.0987 0x0820 srv - ok
23:26:55.0033 0x0820 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:26:55.0049 0x0820 srv2 - ok
23:26:55.0065 0x0820 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:26:55.0080 0x0820 srvnet - ok
23:26:55.0127 0x0820 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:26:55.0127 0x0820 SSDPSRV - ok
23:26:55.0174 0x0820 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:26:55.0189 0x0820 SstpSvc - ok
23:26:55.0283 0x0820 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
23:26:55.0361 0x0820 stisvc - ok
23:26:55.0423 0x0820 [ 51778FD315C9882F1CBD932743E62A72, 5127292970ABC2966723CC5535DD547C77AAC132AAA849BCBD90D0F00EDD08C0 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:26:55.0423 0x0820 stllssvr - ok
23:26:55.0455 0x0820 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:26:55.0455 0x0820 swenum - ok
23:26:55.0480 0x0820 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
23:26:55.0495 0x0820 swprv - ok
23:26:55.0555 0x0820 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:26:55.0555 0x0820 Symc8xx - ok
23:26:55.0591 0x0820 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:26:55.0606 0x0820 Sym_hi - ok
23:26:55.0638 0x0820 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:26:55.0638 0x0820 Sym_u3 - ok
23:26:55.0693 0x0820 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
23:26:55.0734 0x0820 SysMain - ok
23:26:55.0759 0x0820 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:26:55.0774 0x0820 TabletInputService - ok
23:26:55.0826 0x0820 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:26:55.0841 0x0820 TapiSrv - ok
23:26:55.0862 0x0820 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
23:26:55.0872 0x0820 TBS - ok
23:26:55.0989 0x0820 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:26:56.0029 0x0820 Tcpip - ok
23:26:56.0114 0x0820 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:26:56.0149 0x0820 Tcpip6 - ok
23:26:56.0204 0x0820 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:26:56.0209 0x0820 tcpipreg - ok
23:26:56.0239 0x0820 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:26:56.0244 0x0820 TDPIPE - ok
23:26:56.0274 0x0820 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:26:56.0295 0x0820 TDTCP - ok
23:26:56.0326 0x0820 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:26:56.0326 0x0820 tdx - ok
23:26:56.0347 0x0820 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:26:56.0352 0x0820 TermDD - ok
23:26:56.0444 0x0820 [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService C:\Windows\System32\termsrv.dll
23:26:56.0459 0x0820 TermService - ok
23:26:56.0499 0x0820 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
23:26:56.0514 0x0820 Themes - ok
23:26:56.0549 0x0820 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
23:26:56.0554 0x0820 THREADORDER - ok
23:26:56.0631 0x0820 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
23:26:56.0646 0x0820 TrkWks - ok
23:26:56.0708 0x0820 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:26:56.0708 0x0820 TrustedInstaller - ok
23:26:56.0760 0x0820 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:26:56.0760 0x0820 tssecsrv - ok
23:26:56.0801 0x0820 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:26:56.0816 0x0820 tunmp - ok
23:26:56.0847 0x0820 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:26:56.0847 0x0820 tunnel - ok
23:26:56.0879 0x0820 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:26:56.0879 0x0820 uagp35 - ok
23:26:56.0925 0x0820 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:26:56.0941 0x0820 udfs - ok
23:26:56.0988 0x0820 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:26:57.0003 0x0820 UI0Detect - ok
23:26:57.0035 0x0820 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:26:57.0035 0x0820 uliagpkx - ok
23:26:57.0081 0x0820 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:26:57.0097 0x0820 uliahci - ok
23:26:57.0128 0x0820 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:26:57.0144 0x0820 UlSata - ok
23:26:57.0159 0x0820 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:26:57.0175 0x0820 ulsata2 - ok
23:26:57.0206 0x0820 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:26:57.0206 0x0820 umbus - ok
23:26:57.0237 0x0820 [ 8A66360F38F81E960E2367B428CBD5D9, 349A39BD63E1FF3C3D0249A3BE834D62F3EFC5EA4416269421AF03F10356D3E5 ] UmRdpService C:\Windows\System32\umrdp.dll
23:26:57.0253 0x0820 UmRdpService - ok
23:26:57.0300 0x0820 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
23:26:57.0315 0x0820 upnphost - ok
23:26:57.0362 0x0820 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:26:57.0378 0x0820 usbccgp - ok
23:26:57.0425 0x0820 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:26:57.0440 0x0820 usbcir - ok
23:26:57.0471 0x0820 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:26:57.0487 0x0820 usbehci - ok
23:26:57.0518 0x0820 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:26:57.0518 0x0820 usbhub - ok
23:26:57.0549 0x0820 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:26:57.0549 0x0820 usbohci - ok
23:26:57.0596 0x0820 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:26:57.0612 0x0820 usbprint - ok
23:26:57.0659 0x0820 [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:26:57.0659 0x0820 usbscan - ok
23:26:57.0705 0x0820 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:26:57.0705 0x0820 USBSTOR - ok
23:26:57.0737 0x0820 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:26:57.0752 0x0820 usbuhci - ok
23:26:57.0773 0x0820 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
23:26:57.0783 0x0820 UxSms - ok
23:26:58.0039 0x0820 [ ACC8107C8CA822972D3E70550DCBF07B, 1FFC80E5FA9B971DF6499ACCC57DB6C07D24991101FE663AFB58A6C07FEFB305 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
23:26:58.0039 0x0820 VBoxAswDrv - ok
23:26:58.0086 0x0820 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
23:26:58.0117 0x0820 vds - ok
23:26:58.0148 0x0820 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:26:58.0148 0x0820 vga - ok
23:26:58.0179 0x0820 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:26:58.0195 0x0820 VgaSave - ok
23:26:58.0226 0x0820 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:26:58.0226 0x0820 viaagp - ok
23:26:58.0257 0x0820 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:26:58.0273 0x0820 ViaC7 - ok
23:26:58.0288 0x0820 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
23:26:58.0288 0x0820 viaide - ok
23:26:58.0320 0x0820 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:26:58.0335 0x0820 volmgr - ok
23:26:58.0366 0x0820 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:26:58.0382 0x0820 volmgrx - ok
23:26:58.0413 0x0820 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:26:58.0429 0x0820 volsnap - ok
23:26:58.0460 0x0820 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:26:58.0476 0x0820 vsmraid - ok
23:26:58.0662 0x0820 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
23:26:58.0718 0x0820 VSS - ok
23:26:58.0818 0x0820 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
23:26:58.0838 0x0820 W32Time - ok
23:26:58.0873 0x0820 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:26:58.0873 0x0820 WacomPen - ok
23:26:58.0924 0x0820 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:26:58.0924 0x0820 Wanarp - ok
23:26:58.0955 0x0820 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:26:58.0955 0x0820 Wanarpv6 - ok
23:26:59.0038 0x0820 [ 20B23332885DFB93FE0185362EE811E9, 67B8026E8285FEB6E3939DEEE4E0F2FD0FA0917E0ED0F1FAE56B7841AF74C8F8 ] wbengine C:\Windows\system32\wbengine.exe
23:26:59.0063 0x0820 wbengine - ok
23:26:59.0113 0x0820 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:26:59.0138 0x0820 wcncsvc - ok
23:26:59.0168 0x0820 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:26:59.0178 0x0820 WcsPlugInService - ok
23:26:59.0239 0x0820 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
23:26:59.0239 0x0820 Wd - ok
23:26:59.0311 0x0820 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:26:59.0342 0x0820 Wdf01000 - ok
23:26:59.0372 0x0820 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:26:59.0393 0x0820 WdiServiceHost - ok
23:26:59.0424 0x0820 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:26:59.0424 0x0820 WdiSystemHost - ok
23:26:59.0480 0x0820 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
23:26:59.0495 0x0820 WebClient - ok
23:26:59.0565 0x0820 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:26:59.0575 0x0820 Wecsvc - ok
23:26:59.0627 0x0820 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:26:59.0627 0x0820 wercplsupport - ok
23:26:59.0648 0x0820 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
23:26:59.0658 0x0820 WerSvc - ok
23:26:59.0740 0x0820 [ 5C7BDCF5864DB00323FE2D90FA26A8A2, E948B6BF8985CFF56FBE99AF7AF78CC3123AE5DAC9A5420ADE3C8B52CA702686 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:26:59.0755 0x0820 winachsf - ok
23:26:59.0840 0x0820 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:26:59.0855 0x0820 WinDefend - ok
23:26:59.0895 0x0820 WinHttpAutoProxySvc - ok
23:26:59.0973 0x0820 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:27:00.0020 0x0820 Winmgmt - ok
23:27:00.0160 0x0820 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
23:27:00.0223 0x0820 WinRM - ok
23:27:00.0316 0x0820 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:27:00.0410 0x0820 Wlansvc - ok
23:27:00.0441 0x0820 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:27:00.0441 0x0820 WmiAcpi - ok
23:27:00.0488 0x0820 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:27:00.0504 0x0820 wmiApSrv - ok
23:27:00.0597 0x0820 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:27:00.0644 0x0820 WMPNetworkSvc - ok
23:27:00.0691 0x0820 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:27:00.0706 0x0820 WPDBusEnum - ok
23:27:00.0753 0x0820 [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:27:00.0753 0x0820 WpdUsb - ok
23:27:00.0897 0x0820 [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:27:00.0927 0x0820 WPFFontCache_v0400 - ok
23:27:00.0982 0x0820 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:27:00.0982 0x0820 ws2ifsl - ok
23:27:01.0039 0x0820 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
23:27:01.0055 0x0820 wscsvc - ok
23:27:01.0070 0x0820 WSearch - ok
23:27:01.0211 0x0820 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
23:27:01.0289 0x0820 wuauserv - ok
23:27:01.0382 0x0820 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:27:01.0382 0x0820 WudfPf - ok
23:27:01.0460 0x0820 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:27:01.0460 0x0820 WUDFRd - ok
23:27:01.0492 0x0820 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:27:01.0507 0x0820 wudfsvc - ok
23:27:01.0538 0x0820 ================ Scan global ===============================
23:27:01.0585 0x0820 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
23:27:01.0632 0x0820 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
23:27:01.0688 0x0820 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
23:27:01.0763 0x0820 [ 4F0A7910FC7D8A66433FA9961EEF8BB5, 2086EDEE8CF9CC9BDBDC03018F7C28BB56172F941CB4D6F3D857BCF82B32FB6B ] C:\Windows\system32\services.exe
23:27:01.0783 0x0820 [ Global ] - ok
23:27:01.0788 0x0820 ================ Scan MBR ==================================
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby maranatha-lord » June 29th, 2015, 6:48 pm

23:27:01.0819 0x0820 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:27:02.0070 0x0820 \Device\Harddisk0\DR0 - ok
23:27:02.0080 0x0820 ================ Scan VBR ==================================
23:27:02.0080 0x0820 [ 74C11877FFB4309DC9564559695BC084 ] \Device\Harddisk0\DR0\Partition1
23:27:02.0137 0x0820 \Device\Harddisk0\DR0\Partition1 - ok
23:27:02.0137 0x0820 [ D5169124E5B0B660AA9B150E432C62D6 ] \Device\Harddisk0\DR0\Partition2
23:27:02.0168 0x0820 \Device\Harddisk0\DR0\Partition2 - ok
23:27:02.0173 0x0820 ================ Scan generic autorun ======================
23:27:02.0271 0x0820 [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
23:27:02.0302 0x0820 Windows Defender - ok
23:27:02.0353 0x0820 [ 8854C4474E4E31FCA0C18BB9BD3A9D47, 26EAECA23FF49E1DD495F0F94F745F4C776382EE7BEF4926325E2AD21AC09313 ] C:\Windows\system32\igfxtray.exe
23:27:02.0363 0x0820 IgfxTray - ok
23:27:02.0409 0x0820 [ CE7544B51C3A15D87A78C33FDDA9EC54, 078C6B9296A42DC3776D8F0596E128521245D9CC0AB641B11140898DF2034F28 ] C:\Windows\system32\hkcmd.exe
23:27:02.0424 0x0820 HotKeysCmds - ok
23:27:02.0445 0x0820 [ 5D836F63676305D99C179F024E2210CB, F4996ABAEDD53A3E34E22C48812B7B541C20CBBE84C6D2B2781035799143982A ] C:\Windows\system32\igfxpers.exe
23:27:02.0445 0x0820 Persistence - ok
23:27:02.0526 0x0820 [ 90A3525C7399B7784D28F99EA1A51C4C, EFECE6A0A66ED3166197C3D90E1787D695BBA388E7BD344520597A115969C266 ] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
23:27:02.0557 0x0820 EEventManager - ok
23:27:02.0643 0x0820 [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:27:02.0648 0x0820 Adobe Reader Speed Launcher - ok
23:27:02.0755 0x0820 [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:27:02.0795 0x0820 Adobe ARM - ok
23:27:03.0139 0x0820 [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
23:27:03.0358 0x0820 AvastUI.exe - ok
23:27:03.0483 0x0820 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:27:03.0529 0x0820 Sidebar - ok
23:27:03.0545 0x0820 WindowsWelcomeCenter - ok
23:27:03.0654 0x0820 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:27:03.0701 0x0820 Sidebar - ok
23:27:03.0717 0x0820 WindowsWelcomeCenter - ok
23:27:03.0779 0x0820 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
23:27:03.0826 0x0820 Sidebar - ok
23:27:03.0857 0x0820 swg - ok
23:27:03.0888 0x0820 [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
23:27:03.0888 0x0820 WMPNSCFG - ok
23:27:03.0951 0x0820 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:27:03.0997 0x0820 Sidebar - ok
23:27:04.0013 0x0820 WindowsWelcomeCenter - ok
23:27:04.0018 0x0820 Waiting for KSN requests completion. In queue: 36
23:27:05.0042 0x0820 Waiting for KSN requests completion. In queue: 36
23:27:06.0044 0x0820 Waiting for KSN requests completion. In queue: 36
23:27:07.0229 0x0820 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x42000 ( disabled : updated )
23:27:07.0229 0x0820 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x40010 ( disabled )
23:27:07.0245 0x0820 Win FW state via NFP2: enabled
23:27:09.0738 0x0820 ============================================================
23:27:09.0738 0x0820 Scan finished
23:27:09.0738 0x0820 ============================================================
23:27:09.0738 0x0cec Detected object count: 0
23:27:09.0738 0x0cec Actual detected object count: 0
23:27:34.0911 0x0e14 ============================================================
23:27:34.0911 0x0e14 Scan started
23:27:34.0911 0x0e14 Mode: Manual; SigCheck;
23:27:34.0911 0x0e14 ============================================================
23:27:34.0911 0x0e14 KSN ping started
23:27:48.0454 0x0e14 KSN ping finished: true
23:27:49.0098 0x0e14 ================ Scan system memory ========================
23:27:49.0098 0x0e14 System memory - ok
23:27:49.0103 0x0e14 ================ Scan services =============================
23:27:49.0256 0x0e14 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:27:49.0422 0x0e14 ACPI - ok
23:27:49.0472 0x0e14 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:27:49.0539 0x0e14 adp94xx - ok
23:27:49.0570 0x0e14 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:27:49.0617 0x0e14 adpahci - ok
23:27:49.0632 0x0e14 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:27:49.0664 0x0e14 adpu160m - ok
23:27:49.0695 0x0e14 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:27:49.0726 0x0e14 adpu320 - ok
23:27:49.0757 0x0e14 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:27:49.0835 0x0e14 AeLookupSvc - ok
23:27:49.0898 0x0e14 [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD C:\Windows\system32\drivers\afd.sys
23:27:49.0960 0x0e14 AFD - ok
23:27:49.0991 0x0e14 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:27:50.0022 0x0e14 agp440 - ok
23:27:50.0054 0x0e14 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:27:50.0069 0x0e14 aic78xx - ok
23:27:50.0100 0x0e14 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
23:27:50.0178 0x0e14 ALG - ok
23:27:50.0194 0x0e14 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
23:27:50.0210 0x0e14 aliide - ok
23:27:50.0256 0x0e14 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:27:50.0272 0x0e14 amdagp - ok
23:27:50.0303 0x0e14 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
23:27:50.0334 0x0e14 amdide - ok
23:27:50.0350 0x0e14 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:27:50.0412 0x0e14 AmdK7 - ok
23:27:50.0459 0x0e14 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:27:50.0515 0x0e14 AmdK8 - ok
23:27:50.0545 0x0e14 [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo C:\Windows\System32\appinfo.dll
23:27:50.0585 0x0e14 Appinfo - ok
23:27:50.0637 0x0e14 [ 0FE769CAE5855B53C90E23F85E7E89FF, 7163E364D33EDABCFC1E1B586D28FA906F34A764BF4B3031DF020043EAE0D3BF ] AppMgmt C:\Windows\System32\appmgmts.dll
23:27:50.0683 0x0e14 AppMgmt - ok
23:27:50.0730 0x0e14 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
23:27:50.0761 0x0e14 arc - ok
23:27:50.0793 0x0e14 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:27:50.0808 0x0e14 arcsas - ok
23:27:51.0245 0x0e14 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:27:51.0276 0x0e14 aspnet_state - ok
23:27:51.0322 0x0e14 [ EFDEF61C488A193986D4672658E91532, B2E97542F7C608937005A2ABFA10F7FD8F3E8F1AB3FBE621772E41048BBDDDBE ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
23:27:51.0354 0x0e14 aswHwid - ok
23:27:51.0399 0x0e14 [ 91AAF4792987B43C0653D74516F092C8, DFFB5D0BA6537E2B6A45292B8A2B566F848D54A2FB54017711236E2D3BCBEBBE ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
23:27:51.0430 0x0e14 aswMonFlt - ok
23:27:51.0446 0x0e14 [ 8FE9BB175E9C789FED4CB6CEFEC4EE18, 2DB5AEFD32E4E204E30581F1F4B16B80DB44BDD88F3BAC263279B0EB80612447 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
23:27:51.0467 0x0e14 aswRdr - ok
23:27:51.0523 0x0e14 [ 2DB91CE80C367ACDD1331DE9B1E3EAEF, 7AF35FBA1DB6A44928A6DF554E9428C3E21191B376756718832FCD66F9F9D07C ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
23:27:51.0554 0x0e14 aswRvrt - ok
23:27:51.0604 0x0e14 [ 83DF5B3DE1C6527972946CDB328446F7, F4CA80903EE6FCB7E5A7B0E989692B6B5177CE03D3BFFE6A93D53C8B364EE833 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
23:27:51.0664 0x0e14 aswSnx - ok
23:27:51.0741 0x0e14 [ 16D269F0EF94DB61FAB6934DEED19C91, EAFCE70C0816EAEA6BB8F41A935AE5EDE389C6832FBD45413893DFC5458E5D3D ] aswSP C:\Windows\system32\drivers\aswSP.sys
23:27:51.0771 0x0e14 aswSP - ok
23:27:51.0823 0x0e14 [ 9064B31FA781B925136DD68C17C0B1B4, 2CC4755E19151342ED4900201925AC1DFF90EF78AA97994C70D8E789F097B623 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
23:27:51.0869 0x0e14 aswTdi - ok
23:27:51.0946 0x0e14 [ D45875D018F9FB9BF19B976AD8791DE9, 9AA70417A9AAFF5515C6B1FFADD563FBDC0BC62AA0B9FDA8A771E67203C12270 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
23:27:51.0977 0x0e14 aswVmm - ok
23:27:52.0023 0x0e14 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:27:52.0101 0x0e14 AsyncMac - ok
23:27:52.0127 0x0e14 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
23:27:52.0152 0x0e14 atapi - ok
23:27:52.0222 0x0e14 [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:27:52.0278 0x0e14 AudioEndpointBuilder - ok
23:27:52.0303 0x0e14 [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:27:52.0358 0x0e14 Audiosrv - ok
23:27:52.0537 0x0e14 [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:27:52.0558 0x0e14 avast! Antivirus - ok
23:27:52.0801 0x0e14 [ E5CA07C1A5A4C7095FC8937D84B37243, A881B253767305ED181DB0A270C3D6CFC5FA2293F1BB050793289DD86B1C20BB ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
23:27:53.0004 0x0e14 AvastVBoxSvc - ok
23:27:53.0066 0x0e14 [ 08015D34F6FDD0B355805BAD978497C3, AAD5F919215B8630DCCADF2AC8DC82BAA543C52B1682B476093E014532B20EBD ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
23:27:53.0160 0x0e14 bcm4sbxp - ok
23:27:53.0207 0x0e14 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
23:27:53.0253 0x0e14 Beep - ok
23:27:53.0300 0x0e14 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
23:27:53.0363 0x0e14 BFE - ok
23:27:53.0441 0x0e14 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
23:27:53.0575 0x0e14 BITS - ok
23:27:53.0625 0x0e14 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:27:53.0685 0x0e14 blbdrive - ok
23:27:53.0737 0x0e14 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:27:53.0784 0x0e14 bowser - ok
23:27:53.0800 0x0e14 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:27:53.0862 0x0e14 BrFiltLo - ok
23:27:53.0893 0x0e14 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:27:53.0940 0x0e14 BrFiltUp - ok
23:27:53.0971 0x0e14 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
23:27:54.0049 0x0e14 Browser - ok
23:27:54.0080 0x0e14 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:27:54.0174 0x0e14 Brserid - ok
23:27:54.0205 0x0e14 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:27:54.0299 0x0e14 BrSerWdm - ok
23:27:54.0330 0x0e14 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:27:54.0424 0x0e14 BrUsbMdm - ok
23:27:54.0449 0x0e14 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:27:54.0556 0x0e14 BrUsbSer - ok
23:27:54.0576 0x0e14 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:27:54.0651 0x0e14 BTHMODEM - ok
23:27:54.0707 0x0e14 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:27:54.0754 0x0e14 cdfs - ok
23:27:54.0775 0x0e14 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:27:54.0825 0x0e14 cdrom - ok
23:27:54.0865 0x0e14 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
23:27:54.0936 0x0e14 CertPropSvc - ok
23:27:54.0952 0x0e14 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
23:27:54.0997 0x0e14 circlass - ok
23:27:55.0054 0x0e14 [ 5D9311526801643000D7032A83B18B12, C5A98868A41446617B3A27C6C4AAFA4E7C093E253E8C1DD5DBFE6FAE21991209 ] CLFS C:\Windows\system32\CLFS.sys
23:27:55.0079 0x0e14 CLFS - ok
23:27:55.0161 0x0e14 [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:27:55.0176 0x0e14 clr_optimization_v2.0.50727_32 - ok
23:27:55.0238 0x0e14 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:27:55.0269 0x0e14 clr_optimization_v4.0.30319_32 - ok
23:27:55.0284 0x0e14 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:27:55.0352 0x0e14 CmBatt - ok
23:27:55.0372 0x0e14 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:27:55.0392 0x0e14 cmdide - ok
23:27:55.0428 0x0e14 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:27:55.0460 0x0e14 Compbatt - ok
23:27:55.0465 0x0e14 COMSysApp - ok
23:27:55.0485 0x0e14 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:27:55.0505 0x0e14 crcdisk - ok
23:27:55.0556 0x0e14 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:27:55.0623 0x0e14 Crusoe - ok
23:27:55.0659 0x0e14 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:27:55.0715 0x0e14 CryptSvc - ok
23:27:55.0762 0x0e14 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C, 95E3AA76DAF3F9EDE1AAE9B85C779F2716097266F492E0A8D361C6ED9A9AC8CC ] CSC C:\Windows\system32\drivers\csc.sys
23:27:55.0840 0x0e14 CSC - ok
23:27:55.0918 0x0e14 [ 0A2095F92F6AE4FE6484D911B0C21E95, 52E2E08107FEBD6B46E1C71B39ECA8AB1A0ECF18CA248D9172F831B6FAB99139 ] CscService C:\Windows\System32\cscsvc.dll
23:27:55.0980 0x0e14 CscService - ok
23:27:56.0043 0x0e14 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:27:56.0152 0x0e14 DcomLaunch - ok
23:27:56.0199 0x0e14 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:27:56.0245 0x0e14 DfsC - ok
23:27:56.0386 0x0e14 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
23:27:56.0635 0x0e14 DFSR - ok
23:27:56.0677 0x0e14 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:27:56.0737 0x0e14 Dhcp - ok
23:27:56.0767 0x0e14 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
23:27:56.0792 0x0e14 disk - ok
23:27:56.0853 0x0e14 [ A53723176D0002FEB486EFF8E17812F2, DE528F84C750082D43113FA2BEEE4A873CB68BEE742B45034C434E6910716606 ] DLABMFSM C:\Windows\system32\DLA\DLABMFSM.SYS
23:27:56.0869 0x0e14 DLABMFSM - ok
23:27:56.0900 0x0e14 [ D4587063ACEA776699251E177D719586, 902D46EF1AF2BFB389CE6853C640CDBF084AD3B78C34BCE93B695A03357F9537 ] DLABOIOM C:\Windows\system32\DLA\DLABOIOM.SYS
23:27:56.0916 0x0e14 DLABOIOM - ok
23:27:56.0931 0x0e14 [ 5230CDB7E715F3A3B4A882E254CDD35D, 0D6A88DE30A75FAD5FF535468DF56A33E4695C619BFDD7E142AC4516A7878E52 ] DLACDBHM C:\Windows\system32\Drivers\DLACDBHM.SYS
23:27:56.0947 0x0e14 DLACDBHM - ok
23:27:56.0978 0x0e14 [ C950C2E7B9ED1A4FC4A2AC7EC044F1D6, B41A3F5FE203B188E99628AC93C2BC4E7B4188BA99D5177E10EE75503453A4B5 ] DLADResM C:\Windows\system32\DLA\DLADResM.SYS
23:27:56.0994 0x0e14 DLADResM - ok
23:27:57.0025 0x0e14 [ 24400137E387A24410C52A591F3CFB4D, 2E9CD1D9E217238E9A38C49B64A91DE2DEEA10867BCBDFA561C3834DB3FB1F51 ] DLAIFS_M C:\Windows\system32\DLA\DLAIFS_M.SYS
23:27:57.0041 0x0e14 DLAIFS_M - ok
23:27:57.0072 0x0e14 [ 29A303FECEB28641ECEBDAE89EB71C63, 42ABC45AC54F2F6F52D16BC8C84C86CDB0D68D371C4EDF3DA59E4426575F9374 ] DLAOPIOM C:\Windows\system32\DLA\DLAOPIOM.SYS
23:27:57.0087 0x0e14 DLAOPIOM - ok
23:27:57.0103 0x0e14 [ C93E33A22A1AE0C5508F3FB1F6D0A50C, D37B5A80A7A5DF28790178C1F173CAF223BB4CE5BEC6D02E221D4E611978C98D ] DLAPoolM C:\Windows\system32\DLA\DLAPoolM.SYS
23:27:57.0119 0x0e14 DLAPoolM - ok
23:27:57.0134 0x0e14 [ 77FE51F0F8D86804CB81F6EF6BFB86DD, 030F70D5703A95964087C3E9EB1E9BAC1ECE8224FFF3E131A5C1D20215C9BB43 ] DLARTL_M C:\Windows\system32\Drivers\DLARTL_M.SYS
23:27:57.0165 0x0e14 DLARTL_M - ok
23:27:57.0181 0x0e14 [ B953498C35A31E5AC98F49ADBCF3E627, C7F009DA79F64EF8CF1CBF0B3856020C052145C45BF88822E6BF254EE41C5905 ] DLAUDFAM C:\Windows\system32\DLA\DLAUDFAM.SYS
23:27:57.0197 0x0e14 DLAUDFAM - ok
23:27:57.0275 0x0e14 [ 4897704C093C1F59CE58FC65E1E1EF1E, 421DA304A935623DEB3EF331AD907E8629D5DEBF038E2FDE3D4ED4D5E6BEFD50 ] DLAUDF_M C:\Windows\system32\DLA\DLAUDF_M.SYS
23:27:57.0321 0x0e14 DLAUDF_M - ok
23:27:57.0368 0x0e14 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:27:57.0415 0x0e14 Dnscache - ok
23:27:57.0462 0x0e14 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
23:27:57.0492 0x0e14 dot3svc - ok
23:27:57.0559 0x0e14 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
23:27:57.0609 0x0e14 DPS - ok
23:27:57.0644 0x0e14 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:27:57.0679 0x0e14 drmkaud - ok
23:27:57.0715 0x0e14 [ C00440385CF9F3D142917C63F989E244, 5DD3684D3C6DE4E9C82778C4097E9017E1DB0617DDD1D04831263B1E390B2D08 ] DRVMCDB C:\Windows\system32\Drivers\DRVMCDB.SYS
23:27:57.0747 0x0e14 DRVMCDB - ok
23:27:57.0767 0x0e14 [ FFC371525AA55D1BAE18715EBCB8797C, 4894F67772CEB0143B5DAFE10B42D90727E36A58B02F6221E83CE4CFD26E32B6 ] DRVNDDM C:\Windows\system32\Drivers\DRVNDDM.SYS
23:27:57.0777 0x0e14 DRVNDDM - ok
23:27:57.0855 0x0e14 [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:27:57.0901 0x0e14 DXGKrnl - ok
23:27:57.0951 0x0e14 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:27:58.0001 0x0e14 E1G60 - ok
23:27:58.0051 0x0e14 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
23:27:58.0106 0x0e14 EapHost - ok
23:27:58.0122 0x0e14 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
23:27:58.0153 0x0e14 Ecache - ok
23:27:58.0194 0x0e14 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:27:58.0234 0x0e14 elxstor - ok
23:27:58.0294 0x0e14 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:27:58.0389 0x0e14 EMDMgmt - ok
23:27:58.0425 0x0e14 [ A81AB23EDDB4693612014D87367D014C, 6AF1B0D3C3A61710A31B11C531E090C363C34A3D7C6365FDFA2B425F03E9EBAB ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:27:58.0531 0x0e14 ErrDev - ok
23:27:58.0591 0x0e14 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
23:27:58.0646 0x0e14 EventSystem - ok
23:27:58.0696 0x0e14 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
23:27:58.0761 0x0e14 exfat - ok
23:27:58.0833 0x0e14 [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:27:58.0864 0x0e14 fastfat - ok
23:27:58.0927 0x0e14 [ DFBA0F60FA301E5B1BFB1403A93EE23E, 727A01AA77BFD6B6FEB394A4C4CCBDB785987A1904F8EED3739A5F6D03C15965 ] Fax C:\Windows\system32\fxssvc.exe
23:27:58.0989 0x0e14 Fax - ok
23:27:59.0005 0x0e14 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:27:59.0067 0x0e14 fdc - ok
23:27:59.0083 0x0e14 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
23:27:59.0161 0x0e14 fdPHost - ok
23:27:59.0176 0x0e14 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
23:27:59.0254 0x0e14 FDResPub - ok
23:27:59.0285 0x0e14 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:27:59.0301 0x0e14 FileInfo - ok
23:27:59.0332 0x0e14 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:27:59.0395 0x0e14 Filetrace - ok
23:27:59.0426 0x0e14 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:27:59.0473 0x0e14 flpydisk - ok
23:27:59.0504 0x0e14 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:27:59.0535 0x0e14 FltMgr - ok
23:27:59.0613 0x0e14 [ 7417E869AE5AAC3026329E7749698110, 14545202D90C23EE6A2ADC5627791A3B43B5EEA6F78F44021C9AE2B5B8A351DD ] FontCache C:\Windows\system32\FntCache.dll
23:27:59.0691 0x0e14 FontCache - ok
23:27:59.0753 0x0e14 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:27:59.0758 0x0e14 FontCache3.0.0.0 - ok
23:27:59.0803 0x0e14 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:27:59.0838 0x0e14 Fs_Rec - ok
23:27:59.0883 0x0e14 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:27:59.0908 0x0e14 gagp30kx - ok
23:27:59.0976 0x0e14 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
23:28:00.0085 0x0e14 gpsvc - ok
23:28:00.0257 0x0e14 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:28:00.0288 0x0e14 gupdate - ok
23:28:00.0319 0x0e14 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:28:00.0335 0x0e14 gupdatem - ok
23:28:00.0397 0x0e14 [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:28:00.0491 0x0e14 HdAudAddService - ok
23:28:00.0537 0x0e14 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:28:00.0640 0x0e14 HDAudBus - ok
23:28:00.0666 0x0e14 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:28:00.0751 0x0e14 HidBth - ok
23:28:00.0792 0x0e14 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
23:28:00.0885 0x0e14 HidIr - ok
23:28:00.0905 0x0e14 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\system32\hidserv.dll
23:28:00.0930 0x0e14 hidserv - ok
23:28:00.0960 0x0e14 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:28:01.0006 0x0e14 HidUsb - ok
23:28:01.0038 0x0e14 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
23:28:01.0108 0x0e14 hkmsvc - ok
23:28:01.0160 0x0e14 [ 7EBEC5EB56B90ED65A8BBD91464E5CFB, 1CBDF532EFFFD564F79A45B2204BF02D9E6AC390796928DBE6DE9AF73E20C4B3 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:28:01.0180 0x0e14 HpCISSs - ok
23:28:01.0252 0x0e14 [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:28:01.0338 0x0e14 HSFHWAZL - ok
23:28:01.0413 0x0e14 [ EC36F1D542ED4252390D446BF6D4DFD0, DB55D73726E96D3653C37EEBE628D48466D766A9EC1219ED735D5D8FF2822BE2 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:28:01.0558 0x0e14 HSF_DPV - ok
23:28:01.0639 0x0e14 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:28:01.0680 0x0e14 HTTP - ok
23:28:01.0741 0x0e14 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:28:01.0757 0x0e14 i2omp - ok
23:28:01.0777 0x0e14 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:28:01.0817 0x0e14 i8042prt - ok
23:28:01.0858 0x0e14 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:28:01.0915 0x0e14 iaStorV - ok
23:28:01.0993 0x0e14 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:28:02.0008 0x0e14 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
23:28:02.0008 0x0e14 Detect skipped due to KSN trusted
23:28:02.0008 0x0e14 IDriverT - ok
23:28:02.0102 0x0e14 [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:28:02.0195 0x0e14 idsvc - ok
23:28:02.0461 0x0e14 [ 9467514EA189475A6E7FDC5D7BDE9D3F, E6F5B99BF6B614832770F9310B06334A8174C7660DDEC7589433640527A14683 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:28:02.0911 0x0e14 igfx - ok
23:28:02.0976 0x0e14 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:28:02.0996 0x0e14 iirsp - ok
23:28:03.0079 0x0e14 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
23:28:03.0157 0x0e14 IKEEXT - ok
23:28:03.0204 0x0e14 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
23:28:03.0235 0x0e14 intelide - ok
23:28:03.0251 0x0e14 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:28:03.0313 0x0e14 intelppm - ok
23:28:03.0344 0x0e14 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:28:03.0422 0x0e14 IPBusEnum - ok
23:28:03.0469 0x0e14 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:28:03.0516 0x0e14 IpFilterDriver - ok
23:28:03.0557 0x0e14 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:28:03.0588 0x0e14 iphlpsvc - ok
23:28:03.0604 0x0e14 IpInIp - ok
23:28:03.0635 0x0e14 [ 4B9C0F4D4A3ACC535F9771039ECD6365, C150DB53288BFC30B9CE8C061A5FF3AFCB4D6FFCB76CB4E6966191BB7B2E99EE ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:28:03.0666 0x0e14 IPMIDRV - ok
23:28:03.0687 0x0e14 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:28:03.0762 0x0e14 IPNAT - ok
23:28:03.0787 0x0e14 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:28:03.0832 0x0e14 IRENUM - ok
23:28:03.0867 0x0e14 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:28:03.0892 0x0e14 isapnp - ok
23:28:03.0944 0x0e14 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:28:03.0975 0x0e14 iScsiPrt - ok
23:28:04.0001 0x0e14 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:28:04.0021 0x0e14 iteatapi - ok
23:28:04.0046 0x0e14 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:28:04.0066 0x0e14 iteraid - ok
23:28:04.0117 0x0e14 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:28:04.0148 0x0e14 kbdclass - ok
23:28:04.0164 0x0e14 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:28:04.0184 0x0e14 kbdhid - ok
23:28:04.0261 0x0e14 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
23:28:04.0301 0x0e14 KeyIso - ok
23:28:04.0371 0x0e14 [ 5035EDF1F2E72F78BB1EC5BD9B97463F, 8AFAD580A96F002FFB22761B65D4B414917895C45B11B53089BB3E0331995EF7 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:28:04.0428 0x0e14 KSecDD - ok
23:28:04.0473 0x0e14 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:28:04.0576 0x0e14 KtmRm - ok
23:28:04.0638 0x0e14 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\system32\srvsvc.dll
23:28:04.0668 0x0e14 LanmanServer - ok
23:28:04.0724 0x0e14 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:28:04.0761 0x0e14 LanmanWorkstation - ok
23:28:04.0822 0x0e14 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:28:04.0873 0x0e14 lltdio - ok
23:28:04.0924 0x0e14 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:28:04.0980 0x0e14 lltdsvc - ok
23:28:05.0032 0x0e14 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:28:05.0141 0x0e14 lmhosts - ok
23:28:05.0360 0x0e14 [ 2DBE437F190686B191A44E9688EA1AD5, 7E9545F21C334C035465EC81DCFE18D56B227692A24E5D2D6858CD98291EAF1A ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
23:28:05.0407 0x0e14 LMIGuardianSvc - ok
23:28:05.0422 0x0e14 LMIInfo - ok
23:28:05.0469 0x0e14 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
23:28:05.0485 0x0e14 lmimirr - ok
23:28:05.0500 0x0e14 LMIRfsClientNP - ok
23:28:05.0531 0x0e14 [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
23:28:05.0547 0x0e14 LMIRfsDriver - ok
23:28:05.0594 0x0e14 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:28:05.0625 0x0e14 LSI_FC - ok
23:28:05.0641 0x0e14 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:28:05.0672 0x0e14 LSI_SAS - ok
23:28:05.0687 0x0e14 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:28:05.0719 0x0e14 LSI_SCSI - ok
23:28:05.0734 0x0e14 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
23:28:05.0812 0x0e14 luafv - ok
23:28:05.0859 0x0e14 [ 39603EEF8E6A55FC951600AF796FCB26, AD72A3D85B866AA30BF62F710B51A0445D91875F662DD49AEB75B8DB0F0E0DC0 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:28:05.0875 0x0e14 MBAMProtector - ok
23:28:06.0003 0x0e14 [ 09AF7E9CCD7888493EE7AA20F9F5B46A, 14D8F7584513F43384BB80DE170F09F7C0D9A6DFD7250BC33A07BBC2290A5474 ] MBAMScheduler C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
23:28:06.0128 0x0e14 MBAMScheduler - ok
23:28:06.0221 0x0e14 [ 0CA0A394693FB627E107F279E30B830B, 7094A22865F694EAE00E15D0E1C1A0799028667F7AF91264C125104063DC4822 ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
23:28:06.0330 0x0e14 MBAMService - ok
23:28:06.0408 0x0e14 [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:28:06.0423 0x0e14 MBAMSwissArmy - ok
23:28:06.0470 0x0e14 [ 5CC135D7BC671237F2FD6996172D1BCD, 162A9EA9DFD5B5C7CEB1723EA2252615817A93F4703B2C58850D3B9E68D8EEA5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
23:28:06.0486 0x0e14 MBAMWebAccessControl - ok
23:28:06.0533 0x0e14 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
23:28:06.0548 0x0e14 megasas - ok
23:28:06.0595 0x0e14 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:28:06.0657 0x0e14 MegaSR - ok
23:28:06.0689 0x0e14 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
23:28:06.0735 0x0e14 MMCSS - ok
23:28:06.0767 0x0e14 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
23:28:06.0822 0x0e14 Modem - ok
23:28:06.0853 0x0e14 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:28:06.0908 0x0e14 monitor - ok
23:28:06.0933 0x0e14 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:28:06.0958 0x0e14 mouclass - ok
23:28:07.0005 0x0e14 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:28:07.0067 0x0e14 mouhid - ok
23:28:07.0082 0x0e14 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:28:07.0107 0x0e14 MountMgr - ok
23:28:07.0162 0x0e14 [ 5DA347912FD3AF24D7BFB3DE519D4BD0, 4115406BAD580D9B4BF9589711D76B61CF516959E467BFA4456CE78017F89FCB ] mpio C:\Windows\system32\drivers\mpio.sys
23:28:07.0187 0x0e14 mpio - ok
23:28:07.0238 0x0e14 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:28:07.0309 0x0e14 mpsdrv - ok
23:28:07.0369 0x0e14 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:28:07.0477 0x0e14 MpsSvc - ok
23:28:07.0507 0x0e14 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:28:07.0537 0x0e14 Mraid35x - ok
23:28:07.0577 0x0e14 [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:28:07.0618 0x0e14 MRxDAV - ok
23:28:07.0665 0x0e14 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:28:07.0700 0x0e14 mrxsmb - ok
23:28:07.0757 0x0e14 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:28:07.0792 0x0e14 mrxsmb10 - ok
23:28:07.0812 0x0e14 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:28:07.0852 0x0e14 mrxsmb20 - ok
23:28:07.0882 0x0e14 [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci C:\Windows\system32\drivers\msahci.sys
23:28:07.0928 0x0e14 msahci - ok
23:28:07.0975 0x0e14 [ 2C563AEF15B8D0014C36C5F27742AC7B, 378BA92A1C7E3B0DEBD7B4C28EDF9E5461313D66985B40EFB075DD6169936494 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:28:08.0022 0x0e14 msdsm - ok
23:28:08.0047 0x0e14 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
23:28:08.0154 0x0e14 MSDTC - ok
23:28:08.0186 0x0e14 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:28:08.0326 0x0e14 Msfs - ok
23:28:08.0342 0x0e14 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:28:08.0357 0x0e14 msisadrv - ok
23:28:08.0420 0x0e14 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:28:08.0513 0x0e14 MSiSCSI - ok
23:28:08.0529 0x0e14 msiserver - ok
23:28:08.0560 0x0e14 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:28:08.0607 0x0e14 MSKSSRV - ok
23:28:08.0638 0x0e14 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:28:08.0685 0x0e14 MSPCLOCK - ok
23:28:08.0716 0x0e14 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:28:08.0778 0x0e14 MSPQM - ok
23:28:08.0810 0x0e14 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:28:08.0841 0x0e14 MsRPC - ok
23:28:08.0903 0x0e14 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:28:08.0919 0x0e14 mssmbios - ok
23:28:08.0934 0x0e14 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:28:08.0997 0x0e14 MSTEE - ok
23:28:09.0028 0x0e14 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
23:28:09.0059 0x0e14 Mup - ok
23:28:09.0094 0x0e14 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
23:28:09.0159 0x0e14 napagent - ok
23:28:09.0194 0x0e14 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:28:09.0261 0x0e14 NativeWifiP - ok
23:28:09.0308 0x0e14 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:28:09.0417 0x0e14 NDIS - ok
23:28:09.0448 0x0e14 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:28:09.0495 0x0e14 NdisTapi - ok
23:28:09.0542 0x0e14 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:28:09.0589 0x0e14 Ndisuio - ok
23:28:09.0620 0x0e14 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:28:09.0682 0x0e14 NdisWan - ok
23:28:09.0698 0x0e14 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:28:09.0745 0x0e14 NDProxy - ok
23:28:09.0760 0x0e14 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:28:09.0823 0x0e14 NetBIOS - ok
23:28:09.0854 0x0e14 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:28:09.0889 0x0e14 netbt - ok
23:28:09.0940 0x0e14 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
23:28:09.0956 0x0e14 Netlogon - ok
23:28:09.0986 0x0e14 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
23:28:10.0051 0x0e14 Netman - ok
23:28:10.0096 0x0e14 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:28:10.0126 0x0e14 NetMsmqActivator - ok
23:28:10.0151 0x0e14 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:28:10.0181 0x0e14 NetPipeActivator - ok
23:28:10.0237 0x0e14 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
23:28:10.0330 0x0e14 netprofm - ok
23:28:10.0345 0x0e14 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:28:10.0377 0x0e14 NetTcpActivator - ok
23:28:10.0382 0x0e14 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:28:10.0407 0x0e14 NetTcpPortSharing - ok
23:28:10.0576 0x0e14 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7, EE044FB7A49336FEDA1BDBBD2AD7A4A163C780A6A464B7712688E0BA0B4E6C40 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
23:28:10.0768 0x0e14 NETw3v32 - ok
23:28:10.0952 0x0e14 [ 6522DD40A5F67CED020BD81B856613FB, 2242703412FA89B2D6E9A7025D0C14DFC0BFC66890D295BDA839274C313B4BAF ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
23:28:11.0166 0x0e14 NETw4v32 - ok
23:28:11.0238 0x0e14 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:28:11.0253 0x0e14 nfrd960 - ok
23:28:11.0300 0x0e14 [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:28:11.0363 0x0e14 NlaSvc - ok
23:28:11.0378 0x0e14 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:28:11.0425 0x0e14 Npfs - ok
23:28:11.0456 0x0e14 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
23:28:11.0519 0x0e14 nsi - ok
23:28:11.0550 0x0e14 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:28:11.0597 0x0e14 nsiproxy - ok
23:28:11.0706 0x0e14 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:28:11.0799 0x0e14 Ntfs - ok
23:28:11.0846 0x0e14 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:28:11.0924 0x0e14 ntrigdigi - ok
23:28:11.0955 0x0e14 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
23:28:12.0002 0x0e14 Null - ok
23:28:12.0033 0x0e14 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:28:12.0065 0x0e14 nvraid - ok
23:28:12.0096 0x0e14 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:28:12.0111 0x0e14 nvstor - ok
23:28:12.0143 0x0e14 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:28:12.0158 0x0e14 nv_agp - ok
23:28:12.0174 0x0e14 NwlnkFlt - ok
23:28:12.0179 0x0e14 NwlnkFwd - ok
23:28:12.0229 0x0e14 [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:28:12.0269 0x0e14 ohci1394 - ok
23:28:12.0356 0x0e14 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:28:12.0465 0x0e14 p2pimsvc - ok
23:28:12.0512 0x0e14 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
23:28:12.0590 0x0e14 p2psvc - ok
23:28:12.0637 0x0e14 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
23:28:12.0731 0x0e14 Parport - ok
23:28:12.0777 0x0e14 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:28:12.0793 0x0e14 partmgr - ok
23:28:12.0824 0x0e14 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:28:12.0933 0x0e14 Parvdm - ok
23:28:12.0965 0x0e14 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
23:28:12.0985 0x0e14 PcaSvc - ok
23:28:13.0026 0x0e14 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
23:28:13.0073 0x0e14 pci - ok
23:28:13.0083 0x0e14 [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide C:\Windows\system32\drivers\pciide.sys
23:28:13.0108 0x0e14 pciide - ok
23:28:13.0143 0x0e14 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:28:13.0173 0x0e14 pcmcia - ok
23:28:13.0251 0x0e14 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:28:13.0554 0x0e14 PEAUTH - ok
23:28:13.0695 0x0e14 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
23:28:13.0925 0x0e14 pla - ok
23:28:13.0955 0x0e14 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:28:14.0005 0x0e14 PlugPlay - ok
23:28:14.0062 0x0e14 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:28:14.0127 0x0e14 PNRPAutoReg - ok
23:28:14.0173 0x0e14 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:28:14.0253 0x0e14 PNRPsvc - ok
23:28:14.0324 0x0e14 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:28:14.0434 0x0e14 PolicyAgent - ok
23:28:14.0480 0x0e14 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:28:14.0543 0x0e14 PptpMiniport - ok
23:28:14.0574 0x0e14 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
23:28:14.0621 0x0e14 Processor - ok
23:28:14.0668 0x0e14 [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc C:\Windows\system32\profsvc.dll
23:28:14.0714 0x0e14 ProfSvc - ok
23:28:14.0746 0x0e14 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
23:28:14.0777 0x0e14 ProtectedStorage - ok
23:28:14.0792 0x0e14 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:28:14.0886 0x0e14 PSched - ok
23:28:14.0933 0x0e14 [ FEFFCFDC528764A04C8ED63D5FA6E711, BECC9174DA5860FCF011957CB6A12DE5074A770DC14076C0C94E63AD42ECF19E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:28:14.0964 0x0e14 PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
23:28:14.0964 0x0e14 Detect skipped due to KSN trusted
23:28:14.0964 0x0e14 PxHelp20 - ok
23:28:15.0042 0x0e14 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:28:15.0214 0x0e14 ql2300 - ok
23:28:15.0245 0x0e14 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:28:15.0276 0x0e14 ql40xx - ok
23:28:15.0326 0x0e14 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
23:28:15.0386 0x0e14 QWAVE - ok
23:28:15.0453 0x0e14 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:28:15.0468 0x0e14 QWAVEdrv - ok
23:28:15.0500 0x0e14 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:28:15.0546 0x0e14 RasAcd - ok
23:28:15.0578 0x0e14 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
23:28:15.0640 0x0e14 RasAuto - ok
23:28:15.0656 0x0e14 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:28:15.0718 0x0e14 Rasl2tp - ok
23:28:15.0765 0x0e14 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
23:28:15.0827 0x0e14 RasMan - ok
23:28:15.0858 0x0e14 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:28:15.0890 0x0e14 RasPppoe - ok
23:28:15.0921 0x0e14 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:28:15.0952 0x0e14 RasSstp - ok
23:28:15.0983 0x0e14 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:28:16.0046 0x0e14 rdbss - ok
23:28:16.0066 0x0e14 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:28:16.0121 0x0e14 RDPCDD - ok
23:28:16.0171 0x0e14 [ 943B18305EAE3935598A9B4A3D560B4C, E083FA4B9CA1A24031FF23A54942372D7FB3F02F62EE3580F01BEC3229DB2101 ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
23:28:16.0239 0x0e14 rdpdr - ok
23:28:16.0244 0x0e14 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:28:16.0289 0x0e14 RDPENCDD - ok
23:28:16.0355 0x0e14 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:28:16.0375 0x0e14 RDPWD - ok
23:28:16.0437 0x0e14 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
23:28:16.0488 0x0e14 RemoteAccess - ok
23:28:16.0539 0x0e14 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:28:16.0580 0x0e14 RemoteRegistry - ok
23:28:16.0636 0x0e14 [ D85E3FA9F5B1F29BB4ED185C450D1470, 5DCB3DF594E907B058CCF3EDA07EB019D9E1835177B6CDAEA2EDE9003699809E ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
23:28:16.0652 0x0e14 rimmptsk - ok
23:28:16.0673 0x0e14 [ DB8EB01C58C9FADA00C70B1775278AE0, 35F0F3F15211D0F0B3EC85832C7E307ED7FDA6A2C9B463740EA0D7A49BC64926 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
23:28:16.0703 0x0e14 rimsptsk - ok
23:28:16.0718 0x0e14 [ 6C1F93C0760C9F79A1869D07233DF39D, 70DD037E76F6E89CE9630175772707BB8588324058079B5F18C505B31306BACE ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
23:28:16.0753 0x0e14 rismxdp - ok
23:28:16.0905 0x0e14 [ EBCDE8B48FADC6479D96A56D0A432160, 2F73D8656A929321D8B651FCFF55DFF5F90489CE9BEB7BB7DC3C7444D9A3C0FD ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
23:28:16.0992 0x0e14 RoxMediaDB9 - detected UnsignedFile.Multi.Generic ( 1 )
23:28:16.0992 0x0e14 Detect skipped due to KSN trusted
23:28:16.0992 0x0e14 RoxMediaDB9 - ok
23:28:17.0060 0x0e14 [ AB2B1DE1C8F31EFCE2384B14B3DC4260, 5E67354010A19726810C172775C39C9A9AD3AAE1EB09CF2C552473D75ABD01BD ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
23:28:17.0085 0x0e14 RoxWatch9 - detected UnsignedFile.Multi.Generic ( 1 )
23:28:17.0085 0x0e14 Detect skipped due to KSN trusted
23:28:17.0085 0x0e14 RoxWatch9 - ok
23:28:17.0115 0x0e14 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
23:28:17.0155 0x0e14 RpcLocator - ok
23:28:17.0200 0x0e14 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
23:28:17.0290 0x0e14 RpcSs - ok
23:28:17.0342 0x0e14 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:28:17.0402 0x0e14 rspndr - ok
23:28:17.0427 0x0e14 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
23:28:17.0473 0x0e14 SamSs - ok
23:28:17.0505 0x0e14 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:28:17.0520 0x0e14 sbp2port - ok
23:28:17.0567 0x0e14 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:28:17.0614 0x0e14 SCardSvr - ok
23:28:17.0692 0x0e14 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
23:28:17.0754 0x0e14 Schedule - ok
23:28:17.0785 0x0e14 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
23:28:17.0832 0x0e14 SCPolicySvc - ok
23:28:17.0863 0x0e14 [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:28:17.0910 0x0e14 sdbus - ok
23:28:17.0926 0x0e14 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:28:17.0973 0x0e14 SDRSVC - ok
23:28:18.0004 0x0e14 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:28:18.0082 0x0e14 secdrv - ok
23:28:18.0113 0x0e14 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
23:28:18.0175 0x0e14 seclogon - ok
23:28:18.0207 0x0e14 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
23:28:18.0269 0x0e14 SENS - ok
23:28:18.0300 0x0e14 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
23:28:18.0378 0x0e14 Serenum - ok
23:28:18.0393 0x0e14 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
23:28:18.0508 0x0e14 Serial - ok
23:28:18.0554 0x0e14 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:28:18.0601 0x0e14 sermouse - ok
23:28:18.0664 0x0e14 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
23:28:18.0726 0x0e14 SessionEnv - ok
23:28:18.0757 0x0e14 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:28:18.0866 0x0e14 sffdisk - ok
23:28:18.0898 0x0e14 [ E5EAFE85815BD89095FEF3144A09AB68, 625A3D73380AA3C1BAACA1ED7382B30DA4E435418DF5AEF911C473ADB220789B ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:28:18.0960 0x0e14 sffp_mmc - ok
23:28:19.0022 0x0e14 [ 9F66A46C55D6F1CCABC79BB7AFCCC545, 029115C69315D2298F7FC944A53EF7F120FF74919208EB5ABC190022176D9B16 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:28:19.0069 0x0e14 sffp_sd - ok
23:28:19.0085 0x0e14 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:28:19.0178 0x0e14 sfloppy - ok
23:28:19.0223 0x0e14 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:28:19.0288 0x0e14 SharedAccess - ok
23:28:19.0371 0x0e14 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:28:19.0406 0x0e14 ShellHWDetection - ok
23:28:19.0431 0x0e14 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:28:19.0461 0x0e14 sisagp - ok
23:28:19.0521 0x0e14 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:28:19.0541 0x0e14 SiSRaid2 - ok
23:28:19.0581 0x0e14 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:28:19.0606 0x0e14 SiSRaid4 - ok
23:28:19.0708 0x0e14 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:28:19.0754 0x0e14 SkypeUpdate - ok
23:28:19.0945 0x0e14 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
23:28:20.0263 0x0e14 slsvc - ok
23:28:20.0308 0x0e14 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:28:20.0355 0x0e14 SLUINotify - ok
23:28:20.0381 0x0e14 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:28:20.0453 0x0e14 Smb - ok
23:28:20.0483 0x0e14 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:28:20.0530 0x0e14 SNMPTRAP - ok
23:28:20.0561 0x0e14 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
23:28:20.0577 0x0e14 spldr - ok
23:28:20.0623 0x0e14 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
23:28:20.0670 0x0e14 Spooler - ok
23:28:20.0717 0x0e14 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
23:28:20.0764 0x0e14 srv - ok
23:28:20.0811 0x0e14 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:28:20.0842 0x0e14 srv2 - ok
23:28:20.0873 0x0e14 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:28:20.0920 0x0e14 srvnet - ok
23:28:20.0951 0x0e14 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:28:21.0013 0x0e14 SSDPSRV - ok
23:28:21.0045 0x0e14 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:28:21.0107 0x0e14 SstpSvc - ok
23:28:21.0154 0x0e14 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
23:28:21.0247 0x0e14 stisvc - ok
23:28:21.0294 0x0e14 [ 51778FD315C9882F1CBD932743E62A72, 5127292970ABC2966723CC5535DD547C77AAC132AAA849BCBD90D0F00EDD08C0 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:28:21.0294 0x0e14 stllssvr - detected UnsignedFile.Multi.Generic ( 1 )
23:28:21.0294 0x0e14 Detect skipped due to KSN trusted
23:28:21.0294 0x0e14 stllssvr - ok
23:28:21.0341 0x0e14 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:28:21.0357 0x0e14 swenum - ok
23:28:21.0388 0x0e14 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
23:28:21.0450 0x0e14 swprv - ok
23:28:21.0486 0x0e14 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:28:21.0506 0x0e14 Symc8xx - ok
23:28:21.0536 0x0e14 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:28:21.0556 0x0e14 Sym_hi - ok
23:28:21.0586 0x0e14 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:28:21.0606 0x0e14 Sym_u3 - ok
23:28:21.0688 0x0e14 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
23:28:21.0766 0x0e14 SysMain - ok
23:28:21.0797 0x0e14 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:28:21.0844 0x0e14 TabletInputService - ok
23:28:21.0875 0x0e14 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:28:21.0938 0x0e14 TapiSrv - ok
23:28:21.0969 0x0e14 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
23:28:22.0031 0x0e14 TBS - ok
23:28:22.0125 0x0e14 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:28:22.0187 0x0e14 Tcpip - ok
23:28:22.0250 0x0e14 [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:28:22.0326 0x0e14 Tcpip6 - ok
23:28:22.0371 0x0e14 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:28:22.0443 0x0e14 tcpipreg - ok
23:28:22.0494 0x0e14 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:28:22.0571 0x0e14 TDPIPE - ok
23:28:22.0592 0x0e14 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:28:22.0652 0x0e14 TDTCP - ok
23:28:22.0692 0x0e14 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:28:22.0754 0x0e14 tdx - ok
23:28:22.0774 0x0e14 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:28:22.0804 0x0e14 TermDD - ok
23:28:22.0869 0x0e14 [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService C:\Windows\System32\termsrv.dll
23:28:22.0983 0x0e14 TermService - ok
23:28:23.0003 0x0e14 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
23:28:23.0054 0x0e14 Themes - ok
23:28:23.0095 0x0e14 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
23:28:23.0145 0x0e14 THREADORDER - ok
23:28:23.0185 0x0e14 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
23:28:23.0247 0x0e14 TrkWks - ok
23:28:23.0308 0x0e14 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:28:23.0355 0x0e14 TrustedInstaller - ok
23:28:23.0406 0x0e14 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:28:23.0437 0x0e14 tssecsrv - ok
23:28:23.0457 0x0e14 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:28:23.0492 0x0e14 tunmp - ok
23:28:23.0539 0x0e14 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:28:23.0569 0x0e14 tunnel - ok
23:28:23.0621 0x0e14 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:28:23.0636 0x0e14 uagp35 - ok
23:28:23.0683 0x0e14 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:28:23.0730 0x0e14 udfs - ok
23:28:23.0761 0x0e14 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:28:23.0823 0x0e14 UI0Detect - ok
23:28:23.0855 0x0e14 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:28:23.0870 0x0e14 uliagpkx - ok
23:28:23.0933 0x0e14 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:28:23.0964 0x0e14 uliahci - ok
23:28:23.0979 0x0e14 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:28:24.0011 0x0e14 UlSata - ok
23:28:24.0042 0x0e14 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:28:24.0057 0x0e14 ulsata2 - ok
23:28:24.0151 0x0e14 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:28:24.0245 0x0e14 umbus - ok
23:28:24.0307 0x0e14 [ 8A66360F38F81E960E2367B428CBD5D9, 349A39BD63E1FF3C3D0249A3BE834D62F3EFC5EA4416269421AF03F10356D3E5 ] UmRdpService C:\Windows\System32\umrdp.dll
23:28:24.0369 0x0e14 UmRdpService - ok
23:28:24.0432 0x0e14 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
23:28:24.0525 0x0e14 upnphost - ok
23:28:24.0562 0x0e14 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:28:24.0602 0x0e14 usbccgp - ok
23:28:24.0647 0x0e14 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:28:24.0758 0x0e14 usbcir - ok
23:28:24.0790 0x0e14 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:28:24.0805 0x0e14 usbehci - ok
23:28:24.0852 0x0e14 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:28:24.0899 0x0e14 usbhub - ok
23:28:24.0930 0x0e14 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:28:24.0992 0x0e14 usbohci - ok
23:28:25.0039 0x0e14 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:28:25.0102 0x0e14 usbprint - ok
23:28:25.0133 0x0e14 [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:28:25.0164 0x0e14 usbscan - ok
23:28:25.0195 0x0e14 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:28:25.0242 0x0e14 USBSTOR - ok
23:28:25.0273 0x0e14 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:28:25.0289 0x0e14 usbuhci - ok
23:28:25.0320 0x0e14 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
23:28:25.0382 0x0e14 UxSms - ok
23:28:25.0562 0x0e14 [ ACC8107C8CA822972D3E70550DCBF07B, 1FFC80E5FA9B971DF6499ACCC57DB6C07D24991101FE663AFB58A6C07FEFB305 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
23:28:25.0643 0x0e14 VBoxAswDrv - ok
23:28:25.0708 0x0e14 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
23:28:25.0796 0x0e14 vds - ok
23:28:25.0831 0x0e14 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:28:25.0886 0x0e14 vga - ok
23:28:25.0938 0x0e14 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:28:25.0984 0x0e14 VgaSave - ok
23:28:26.0009 0x0e14 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:28:26.0034 0x0e14 viaagp - ok
23:28:26.0094 0x0e14 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:28:26.0174 0x0e14 ViaC7 - ok
23:28:26.0226 0x0e14 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
23:28:26.0277 0x0e14 viaide - ok
23:28:26.0367 0x0e14 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:28:26.0392 0x0e14 volmgr - ok
23:28:26.0459 0x0e14 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:28:26.0582 0x0e14 volmgrx - ok
23:28:26.0677 0x0e14 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:28:26.0728 0x0e14 volsnap - ok
23:28:26.0822 0x0e14 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:28:26.0853 0x0e14 vsmraid - ok
23:28:26.0994 0x0e14 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
23:28:27.0150 0x0e14 VSS - ok
23:28:27.0196 0x0e14 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
23:28:27.0274 0x0e14 W32Time - ok
23:28:27.0337 0x0e14 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:28:27.0399 0x0e14 WacomPen - ok
23:28:27.0446 0x0e14 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:28:27.0524 0x0e14 Wanarp - ok
23:28:27.0555 0x0e14 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:28:27.0602 0x0e14 Wanarpv6 - ok
23:28:27.0689 0x0e14 [ 20B23332885DFB93FE0185362EE811E9, 67B8026E8285FEB6E3939DEEE4E0F2FD0FA0917E0ED0F1FAE56B7841AF74C8F8 ] wbengine C:\Windows\system32\wbengine.exe
23:28:27.0799 0x0e14 wbengine - ok
23:28:27.0872 0x0e14 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:28:27.0965 0x0e14 wcncsvc - ok
23:28:28.0012 0x0e14 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:28:28.0075 0x0e14 WcsPlugInService - ok
23:28:28.0106 0x0e14 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
23:28:28.0137 0x0e14 Wd - ok
23:28:28.0199 0x0e14 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:28:28.0277 0x0e14 Wdf01000 - ok
23:28:28.0309 0x0e14 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:28:28.0371 0x0e14 WdiServiceHost - ok
23:28:28.0402 0x0e14 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:28:28.0449 0x0e14 WdiSystemHost - ok
23:28:28.0475 0x0e14 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
23:28:28.0530 0x0e14 WebClient - ok
23:28:28.0701 0x0e14 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:28:28.0741 0x0e14 Wecsvc - ok
23:28:28.0796 0x0e14 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:28:28.0846 0x0e14 wercplsupport - ok
23:28:28.0916 0x0e14 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
23:28:28.0966 0x0e14 WerSvc - ok
23:28:29.0041 0x0e14 [ 5C7BDCF5864DB00323FE2D90FA26A8A2, E948B6BF8985CFF56FBE99AF7AF78CC3123AE5DAC9A5420ADE3C8B52CA702686 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:28:29.0154 0x0e14 winachsf - ok
23:28:29.0246 0x0e14 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:28:29.0277 0x0e14 WinDefend - ok
23:28:29.0302 0x0e14 WinHttpAutoProxySvc - ok
23:28:29.0369 0x0e14 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:28:29.0424 0x0e14 Winmgmt - ok
23:28:29.0562 0x0e14 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
23:28:29.0761 0x0e14 WinRM - ok
23:28:29.0854 0x0e14 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:28:29.0947 0x0e14 Wlansvc - ok
23:28:29.0979 0x0e14 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:28:30.0010 0x0e14 WmiAcpi - ok
23:28:30.0057 0x0e14 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:28:30.0119 0x0e14 wmiApSrv - ok
23:28:30.0197 0x0e14 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:28:30.0291 0x0e14 WMPNetworkSvc - ok
23:28:30.0337 0x0e14 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:28:30.0400 0x0e14 WPDBusEnum - ok
23:28:30.0431 0x0e14 [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:28:30.0493 0x0e14 WpdUsb - ok
23:28:30.0618 0x0e14 [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:28:30.0681 0x0e14 WPFFontCache_v0400 - ok
23:28:30.0743 0x0e14 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:28:30.0804 0x0e14 ws2ifsl - ok
23:28:30.0844 0x0e14 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\System32\wscsvc.dll
23:28:30.0905 0x0e14 wscsvc - ok
23:28:30.0920 0x0e14 WSearch - ok
23:28:31.0076 0x0e14 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
23:28:31.0217 0x0e14 wuauserv - ok
23:28:31.0248 0x0e14 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:28:31.0295 0x0e14 WudfPf - ok
23:28:31.0326 0x0e14 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:28:31.0373 0x0e14 WUDFRd - ok
23:28:31.0404 0x0e14 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:28:31.0435 0x0e14 wudfsvc - ok
23:28:31.0466 0x0e14 ================ Scan global ===============================
23:28:31.0513 0x0e14 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
23:28:31.0565 0x0e14 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
23:28:31.0621 0x0e14 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
23:28:31.0672 0x0e14 [ 4F0A7910FC7D8A66433FA9961EEF8BB5, 2086EDEE8CF9CC9BDBDC03018F7C28BB56172F941CB4D6F3D857BCF82B32FB6B ] C:\Windows\system32\services.exe
23:28:31.0687 0x0e14 [ Global ] - ok
23:28:31.0708 0x0e14 ================ Scan MBR ==================================
23:28:31.0724 0x0e14 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:28:32.0021 0x0e14 \Device\Harddisk0\DR0 - ok
23:28:32.0021 0x0e14 ================ Scan VBR ==================================
23:28:32.0021 0x0e14 [ 74C11877FFB4309DC9564559695BC084 ] \Device\Harddisk0\DR0\Partition1
23:28:32.0052 0x0e14 \Device\Harddisk0\DR0\Partition1 - ok
23:28:32.0057 0x0e14 [ D5169124E5B0B660AA9B150E432C62D6 ] \Device\Harddisk0\DR0\Partition2
23:28:32.0087 0x0e14 \Device\Harddisk0\DR0\Partition2 - ok
23:28:32.0092 0x0e14 ================ Scan generic autorun ======================
23:28:32.0174 0x0e14 [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
23:28:32.0259 0x0e14 Windows Defender - ok
23:28:32.0316 0x0e14 [ 8854C4474E4E31FCA0C18BB9BD3A9D47, 26EAECA23FF49E1DD495F0F94F745F4C776382EE7BEF4926325E2AD21AC09313 ] C:\Windows\system32\igfxtray.exe
23:28:32.0347 0x0e14 IgfxTray - ok
23:28:32.0382 0x0e14 [ CE7544B51C3A15D87A78C33FDDA9EC54, 078C6B9296A42DC3776D8F0596E128521245D9CC0AB641B11140898DF2034F28 ] C:\Windows\system32\hkcmd.exe
23:28:32.0429 0x0e14 HotKeysCmds - ok
23:28:32.0444 0x0e14 [ 5D836F63676305D99C179F024E2210CB, F4996ABAEDD53A3E34E22C48812B7B541C20CBBE84C6D2B2781035799143982A ] C:\Windows\system32\igfxpers.exe
23:28:32.0464 0x0e14 Persistence - ok
23:28:32.0572 0x0e14 [ 90A3525C7399B7784D28F99EA1A51C4C, EFECE6A0A66ED3166197C3D90E1787D695BBA388E7BD344520597A115969C266 ] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
23:28:32.0617 0x0e14 EEventManager - ok
23:28:32.0729 0x0e14 [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:28:32.0745 0x0e14 Adobe Reader Speed Launcher - ok
23:28:32.0868 0x0e14 [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:28:32.0954 0x0e14 Adobe ARM - ok
23:28:33.0251 0x0e14 [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
23:28:33.0552 0x0e14 AvastUI.exe - ok
23:28:33.0687 0x0e14 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:28:33.0889 0x0e14 Sidebar - ok
23:28:33.0909 0x0e14 WindowsWelcomeCenter - ok
23:28:33.0974 0x0e14 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:28:34.0110 0x0e14 Sidebar - ok
23:28:34.0110 0x0e14 WindowsWelcomeCenter - ok
23:28:34.0188 0x0e14 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
23:28:34.0298 0x0e14 Sidebar - ok
23:28:34.0329 0x0e14 swg - ok
23:28:34.0360 0x0e14 [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
23:28:34.0391 0x0e14 WMPNSCFG - ok
23:28:34.0469 0x0e14 [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:28:34.0578 0x0e14 Sidebar - ok
23:28:34.0594 0x0e14 WindowsWelcomeCenter - ok
23:28:34.0610 0x0e14 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
23:28:34.0625 0x0e14 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x40010 ( disabled )
23:28:34.0625 0x0e14 Win FW state via NFP2: enabled
23:28:37.0160 0x0e14 ============================================================
23:28:37.0160 0x0e14 Scan finished
23:28:37.0160 0x0e14 ============================================================
23:28:37.0175 0x0f44 Detected object count: 0
23:28:37.0175 0x0f44 Actual detected object count: 0
23:36:00.0826 0x0c7c Deinitialize success
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby maranatha-lord » June 29th, 2015, 6:57 pm

OTL logfile created on: 29/06/2015 23:39:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Data\Greville\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.27% Memory free
4.22 Gb Paging File | 3.08 Gb Available in Paging File | 72.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.12 Gb Total Space | 36.97 Gb Free Space | 47.33% Space Free | Partition Type: NTFS
Drive D: | 154.76 Gb Total Space | 138.23 Gb Free Space | 89.32% Space Free | Partition Type: NTFS

Computer Name: GREVILLE-DELL-P | User Name: User 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/06/29 23:36:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Data\Greville\Desktop\OTL.exe
PRC - [2015/06/05 19:22:15 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2015/05/13 13:39:22 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/04/22 13:12:07 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/04/22 13:10:32 | 003,207,800 | ---- | M] (Avast Software) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
PRC - [2009/04/11 14:19:56 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2015/04/22 13:12:19 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/04/22 13:12:10 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/04/22 13:12:07 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2006/10/26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - [2015/04/22 13:12:07 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/04/22 13:10:32 | 003,207,800 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV - [2015/04/14 10:37:42 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/04/14 10:37:40 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/01/02 20:45:12 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/07/29 20:21:19 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2008/01/21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2015/06/29 23:16:44 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2015/06/28 18:18:23 | 000,428,120 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2015/04/22 13:12:22 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/04/22 13:12:22 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/04/22 13:12:22 | 000,057,888 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2015/04/22 13:12:22 | 000,055,200 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2015/04/22 13:12:22 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/04/22 13:12:22 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/04/22 13:11:58 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2015/04/22 13:10:32 | 000,220,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV - [2015/04/14 10:39:02 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015/04/14 10:38:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/08/06 16:26:31 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/01/21 03:23:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3511597724-2799826871-2226428781-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3511597724-2799826871-2226428781-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3511597724-2799826871-2226428781-1001\..\URLSearchHook: {256db8bc-7da7-4248-97cd-44e07216b7f1} - No CLSID value found
IE - HKU\S-1-5-21-3511597724-2799826871-2226428781-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3511597724-2799826871-2226428781-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3511597724-2799826871-2226428781-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPCK_en
IE - HKU\S-1-5-21-3511597724-2799826871-2226428781-1001\..\SearchScopes\{A44D7DFB-7AD6-4C24-B0E4-573CD4A0AF6D}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3511597724-2799826871-2226428781-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/05/13 13:38:02 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.9_0\
CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\
CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmphiokjnpmaihbjjkobajiehmblogi\1.5.2_0\
CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\18.1.15_0\
CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-3511597724-2799826871-2226428781-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBD30D2F-3C5D-48C5-8E0D-99352B30B487}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2015/06/29 23:36:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Data\Greville\Desktop\OTL.exe
[2015/06/29 23:25:11 | 004,197,016 | ---- | C] (Kaspersky Lab ZAO) -- D:\Data\Greville\Desktop\tdsskiller.exe
[2015/06/29 23:19:13 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015/06/29 23:17:36 | 002,950,645 | ---- | C] (Malwarebytes Corporation) -- D:\Data\Greville\Desktop\JRT.exe
[2015/06/29 22:59:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/06/28 21:52:12 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015/06/28 21:49:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2015/06/28 21:49:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2015/06/28 21:49:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2015/06/28 21:49:20 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2015/06/28 18:56:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015/06/28 18:56:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015/06/28 18:56:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015/06/28 18:56:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/06/28 18:56:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/06/28 18:56:39 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/06/28 18:56:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015/06/28 18:56:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/06/28 18:56:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/06/28 18:56:36 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/06/28 18:56:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/06/28 18:56:33 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/06/28 18:56:29 | 001,809,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/06/28 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\Avg
[2015/06/28 17:09:54 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/06/28 17:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/06/28 17:09:15 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015/06/28 17:09:15 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015/06/28 17:09:15 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015/06/28 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/06/28 17:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/06/08 13:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_0215pit
[2015/06/08 12:57:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2015/06/08 12:57:27 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Local\MFAData
[2015/06/08 12:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2015/06/07 20:30:07 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2015/06/07 20:30:07 | 000,682,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2015/06/07 20:30:07 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2015/06/07 20:30:07 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2015/06/07 20:30:07 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2015/06/07 20:30:07 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2015/06/07 20:30:06 | 001,072,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015/06/07 20:30:06 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2015/06/07 20:28:20 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\User 1\AppData\Local\*.tmp files -> C:\Users\User 1\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/06/29 23:36:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Data\Greville\Desktop\OTL.exe
[2015/06/29 23:25:15 | 004,197,016 | ---- | M] (Kaspersky Lab ZAO) -- D:\Data\Greville\Desktop\tdsskiller.exe
[2015/06/29 23:23:06 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/06/29 23:23:06 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/06/29 23:23:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/06/29 23:19:21 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-GREVILLE-DELL-P-Windows-Vista-(TM)-Business-(32-bit).dat
[2015/06/29 23:17:48 | 002,950,645 | ---- | M] (Malwarebytes Corporation) -- D:\Data\Greville\Desktop\JRT.exe
[2015/06/29 23:16:44 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/06/29 23:15:14 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/06/29 23:14:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/06/29 23:14:41 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2015/06/29 20:05:25 | 000,295,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/06/28 18:18:23 | 000,428,120 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswsp.sys
[2015/06/28 17:09:20 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/06/25 20:02:48 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2015/06/09 16:20:19 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/05/31 00:55:03 | 001,809,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/05/31 00:54:04 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/05/31 00:49:08 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/05/31 00:48:44 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015/05/31 00:48:39 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/05/31 00:48:29 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015/05/31 00:48:22 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/05/31 00:48:10 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/05/31 00:48:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/05/31 00:48:03 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015/05/31 00:47:55 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015/05/31 00:47:50 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/05/31 00:47:49 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\User 1\AppData\Local\*.tmp files -> C:\Users\User 1\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/06/29 23:19:21 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-GREVILLE-DELL-P-Windows-Vista-(TM)-Business-(32-bit).dat
[2015/06/29 19:53:21 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys
[2015/06/28 17:09:20 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/06/21 13:43:52 | 000,001,955 | ---- | C] () -- D:\Data\Greville\Desktop\Google Chrome.lnk
[2015/06/08 12:37:23 | 000,000,258 | ---- | C] () -- D:\Data\Greville\Desktop\Shows Desktop.lnk
[2015/05/15 18:48:47 | 000,000,000 | ---- | C] () -- C:\Users\User 1\AppData\Local\{4252CDFA-812B-4CE4-9C96-D6C9A086FBA3}
[2014/12/24 16:18:09 | 000,209,048 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/12/24 16:18:08 | 000,049,904 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/12/24 16:18:07 | 000,024,144 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/06/18 15:22:59 | 000,000,000 | ---- | C] () -- C:\Users\User 1\AppData\Local\{C5A95FA9-8BCC-4D8B-8DBF-52937900C341}
[2011/08/26 19:13:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/21 21:41:15 | 000,000,680 | ---- | C] () -- C:\Users\User 1\AppData\Local\d3d9caps.dat
[2010/08/05 20:11:19 | 000,008,192 | ---- | C] () -- C:\Users\User 1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/18 03:02:58 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:19:56 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:19:45 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2015/06/28 18:48:49 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2015/06/28 18:48:49 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2010/08/05 18:51:56 | 000,000,000 | ---D | M] -- C:\Users\Greville\AppData\Roaming\ESET
[2014/12/24 16:20:07 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\AVAST Software
[2013/11/20 18:29:22 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop
[2010/10/06 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2010/09/23 21:25:58 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\Epson
[2010/08/05 20:01:06 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\ESET
[2014/12/24 19:17:38 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\OpenOffice
[2010/08/06 10:09:33 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\OpenOffice.org

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> D:\Data\Greville\Desktop\TRACTOR PICS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Data\Greville\Desktop\SOHAM TRACTOR OPEN DAY JUNE 2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Data\Greville\Desktop\pics 308.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Data\Greville\Desktop\GREVILLE'S FRIENDS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Data\Greville\Desktop\GREVILLE AND HIS MUM AND DAD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Data\Greville\Desktop\CARS AND BUSES (7):Roxio EMC Stream

< End of report >
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby maranatha-lord » June 29th, 2015, 6:57 pm

OTL Extras logfile created on: 29/06/2015 23:39:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Data\Greville\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.27% Memory free
4.22 Gb Paging File | 3.08 Gb Available in Paging File | 72.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.12 Gb Total Space | 36.97 Gb Free Space | 47.33% Space Free | Partition Type: NTFS
Drive D: | 154.76 Gb Total Space | 138.23 Gb Free Space | 89.32% Space Free | Partition Type: NTFS

Computer Name: GREVILLE-DELL-P | User Name: User 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3511597724-2799826871-2226428781-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C6DFD932-0D0C-4BA9-BE04-2482B8F82EDE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3817B98D-F0CA-4FB0-930D-4B619A678277}" = protocol=6 | dir=in | app=c:\program files\avg\avg2015\avgmfapx.exe |
"{58FB2029-DFD1-48CA-938A-AD5C31326B9B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2015\avgmfapx.exe |
"{71BE5165-9DE6-4E7F-8261-AE8EF3376ED4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0E9C62C-1512-4DF9-949B-A9180C81CE5B}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{E77BADAF-60C9-4E6F-9E62-7515DADA0CE8}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"TCP Query User{244762BB-DD5A-4C14-8FF3-AB39DECD3F54}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{E1FF6550-4707-4CAE-959F-EC9488D3CD06}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{40E3F096-03D8-4315-A257-FCF455A120CB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{C0AC6A44-0042-4199-A853-2634FB581B3F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.1
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86F2B095-3998-41D5-833D-1C5075300950}" = OpenOffice 4.1.1
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"Avast" = Avast Free Antivirus
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 User’s Guide" = Epson Stylus SX210_SX410_TX210_TX410 Manual
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.6.1022
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"TVWiz" = Intel(R) TV Wizard

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28/06/2015 15:08:38 | Computer Name = GREVILLE-DELL-P | Source = Windows Search Service | ID = 3013
Description =

Error - 28/06/2015 15:08:39 | Computer Name = GREVILLE-DELL-P | Source = Windows Search Service | ID = 3013
Description =

Error - 28/06/2015 15:08:39 | Computer Name = GREVILLE-DELL-P | Source = Windows Search Service | ID = 3013
Description =

Error - 28/06/2015 16:48:33 | Computer Name = GREVILLE-DELL-P | Source = VSS | ID = 8193
Description =

Error - 29/06/2015 15:32:05 | Computer Name = GREVILLE-DELL-P | Source = VSS | ID = 8193
Description =

Error - 29/06/2015 15:37:34 | Computer Name = GREVILLE-DELL-P | Source = MsiInstaller | ID = 10005
Description =

Error - 29/06/2015 15:39:00 | Computer Name = GREVILLE-DELL-P | Source = VSS | ID = 8193
Description =

Error - 29/06/2015 15:42:04 | Computer Name = GREVILLE-DELL-P | Source = VSS | ID = 8193
Description =

Error - 29/06/2015 15:52:49 | Computer Name = GREVILLE-DELL-P | Source = VSS | ID = 8193
Description =

Error - 29/06/2015 17:39:32 | Computer Name = GREVILLE-DELL-P | Source = VSS | ID = 8193
Description =

Error - 29/06/2015 17:42:26 | Computer Name = GREVILLE-DELL-P | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 29/06/2015 18:10:38 | Computer Name = GREVILLE-DELL-P | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 29/06/2015 18:10:38 | Computer Name = GREVILLE-DELL-P | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 29/06/2015 18:10:38 | Computer Name = GREVILLE-DELL-P | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 29/06/2015 18:16:08 | Computer Name = GREVILLE-DELL-P | Source = Service Control Manager | ID = 7000
Description =

Error - 29/06/2015 18:16:08 | Computer Name = GREVILLE-DELL-P | Source = Service Control Manager | ID = 7000
Description =

Error - 29/06/2015 18:19:53 | Computer Name = GREVILLE-DELL-P | Source = Service Control Manager | ID = 7031
Description =

Error - 29/06/2015 18:19:54 | Computer Name = GREVILLE-DELL-P | Source = Service Control Manager | ID = 7031
Description =

Error - 29/06/2015 18:19:57 | Computer Name = GREVILLE-DELL-P | Source = Service Control Manager | ID = 7034
Description =

Error - 29/06/2015 18:19:57 | Computer Name = GREVILLE-DELL-P | Source = Service Control Manager | ID = 7034
Description =

Error - 29/06/2015 18:19:58 | Computer Name = GREVILLE-DELL-P | Source = Service Control Manager | ID = 7031
Description =


< End of report >
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby maranatha-lord » June 29th, 2015, 6:59 pm

Computer is now running as it once was.

I will be interested to hear from you as to what the problem was ...

Many thanks
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm

Re: Malware/Virus suspected

Unread postby pgmigg » June 30th, 2015, 12:05 am

Hello maranatha-lord,

Computer is now running as it once was.
It is very good, but we are not finished yet. There are a lot of small issues which should be resolved. So, lets continue our treatment... :D
I will be interested to hear from you as to what the problem was
First of all, in a operating memory deficit condition you had some slowdown by problems related to the simultaneous operation of two anti-virus programs. In addition, a considerable amount of third party hidden undercover installed programs and scripts also prevents the normal operation of the system.

Please run the following:

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    E - HKU\S-1-5-21-3511597724-2799826871-2226428781-1001\..\URLSearchHook: {256db8bc-7da7-4248-97cd-44e07216b7f1} - No CLSID value found
    CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
    CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmphiokjnpmaihbjjkobajiehmblogi\1.5.2_0\
    CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
    CHR - Extension: No name found = C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O3 - HKU\S-1-5-21-3511597724-2799826871-2226428781-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    [2015/06/28 18:48:49 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2015/06/28 18:48:49 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2013/11/20 18:29:22 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop
    [2010/10/06 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
    
    :Files
    C:\Windows\*.tmp
    C:\Users\User 1\AppData\Local\*.tmp
    @D:\Data\Greville\Desktop\TRACTOR PICS:Roxio EMC Stream
    @D:\Data\Greville\Desktop\SOHAM TRACTOR OPEN DAY JUNE 2010:Roxio EMC Stream
    @D:\Data\Greville\Desktop\pics 308.JPG:Roxio EMC Stream
    @D:\Data\Greville\Desktop\GREVILLE'S FRIENDS:Roxio EMC Stream
    @D:\Data\Greville\Desktop\GREVILLE AND HIS MUM AND DAD:Roxio EMC Stream
    @D:\Data\Greville\Desktop\CARS AND BUSES (7):Roxio EMC Stream
    ipconfig /flushdns /c
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
SystemLook
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *borgata*
    *Cheat*
    *Conduit*
    *Coupons*
    *Enigma*
    *searchab*
    *Fun4IM*
    *Funmoods*
    *Hoyle*
    *iLivid*
    *MyPC*
    *Iminent*
    *Poker*
    *Realms*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Somoto*
    *Sweet*
    *Tarma*
    *trolltech*
    *systweak*
    *vshare*
    *whitesmoke*
    *YahooPartnerToolbar*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *borgata*
    *Cheat*
    *Conduit*
    *Coupons*
    *Enigma*
    *searchab*
    *smartbar*
    *Fun4IM*
    *Funmoods*
    *Hoyle*
    *iLivid*
    *MyPC*
    *Iminent*
    *Poker*
    *Realms*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Somoto*
    *Sweet*
    *Tarma*
    *trolltech*
    *systweak*
    *vshare*
    *whitesmoke*
    *YahooPartnerToolbar*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    borgata
    Cheat
    Conduit
    Coupons
    Enigma
    searchab
    Fun4IM
    Funmoods
    Hoyle
    iLivid
    MyPC
    Iminent
    Poker
    Realms
    Searchqu
    Searchnu
    Slick
    smartbar
    Somoto
    Sweetpack
    Tarma
    trolltech
    systweak
    vshare
    whitesmoke
    YahooPartnerToolbar
    Yontoo
    
  3. Press the Look button to start the scan. The scan will take a while (even more than hour), so please be patient...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3186
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Malware/Virus suspected

Unread postby maranatha-lord » June 30th, 2015, 4:01 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_metadata folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\zh_TW folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\zh_CN folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\vi folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\uk folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\tr folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\th folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\sv folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\sr folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\sl folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\sk folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ru folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ro folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\pt_PT folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\pt_BR folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\pl folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\no folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\nl folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\lv folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\lt folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ko folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ja folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\it folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\id folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\hu folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\hr folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\hi folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\he folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\fr folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\fil folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\fi folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\es folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\en folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\el folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\de folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\da folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\cs folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ca folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\bg folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ar folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0 folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmphiokjnpmaihbjjkobajiehmblogi\1.5.2_0\_metadata folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmphiokjnpmaihbjjkobajiehmblogi\1.5.2_0 folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\_platform_specific\x86-32_ folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\_platform_specific folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\_metadata folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\audio folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0 folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_metadata folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\zh_TW folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\zh_CN folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\vi folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\uk folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\tr folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\th folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\sv folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\sr folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\sl folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\sk folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ru folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ro folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\pt_PT folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\pt_BR folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\pl folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\nl folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\nb folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\lv folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\lt folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ko folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ja folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\it folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\id folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\hu folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\hr folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\hi folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\fr folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\fil folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\fi folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\et folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\es_419 folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\es folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\en_GB folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\en folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\el folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\de folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\da folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\cs folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\ca folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales\bg folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\_locales folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\images folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\html folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\css folder moved successfully.
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3511597724-2799826871-2226428781-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software folder moved successfully.
Folder C:\Users\Default User\AppData\Roaming\TuneUp Software\ not found.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop\#airversion folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store\8ef2815338434704b6cf31b99c11bceb folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store\#SharedObjects\ZooskMessenger_3.0.98.1.swf folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store\#SharedObjects\ZooskMessenger_3.0.96.2.swf folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store\#SharedObjects\ZooskMessenger_3.0.94.2.swf folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store\#SharedObjects\ZooskMessenger_3.0.92.0.swf folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store\#SharedObjects\ZooskMessenger_3.0.89.0.swf folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store\#SharedObjects\ZooskMessenger_3.0.105.2.swf folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store\#SharedObjects\ZooskMessenger_3.0.105.1.swf folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store\#SharedObjects folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store\#ApplicationUpdater folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1\Local Store folder moved successfully.
C:\Users\User 1\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 folder moved successfully.
========== FILES ==========
C:\Windows\msdownld.tmp folder moved successfully.
C:\Users\User 1\AppData\Local\BIT1F19.tmp moved successfully.
ADS D:\Data\Greville\Desktop\TRACTOR PICS:Roxio EMC Stream deleted successfully.
ADS D:\Data\Greville\Desktop\SOHAM TRACTOR OPEN DAY JUNE 2010:Roxio EMC Stream deleted successfully.
ADS D:\Data\Greville\Desktop\pics 308.JPG:Roxio EMC Stream deleted successfully.
ADS D:\Data\Greville\Desktop\GREVILLE'S FRIENDS:Roxio EMC Stream deleted successfully.
ADS D:\Data\Greville\Desktop\GREVILLE AND HIS MUM AND DAD:Roxio EMC Stream deleted successfully.
ADS D:\Data\Greville\Desktop\CARS AND BUSES (7):Roxio EMC Stream deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Data\Greville\Desktop\cmd.bat deleted successfully.
D:\Data\Greville\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Greville

User: LogMeInRemoteUser

User: Public

User: TEMP

User: User 1
->Flash cache emptied: 9230569 bytes

Total Flash Files Cleaned = 9.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Greville

User: LogMeInRemoteUser

User: Public

User: TEMP

User: User 1
->Java cache emptied: 48346 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Greville
->Temp folder emptied: 13796755 bytes
->Temporary Internet Files folder emptied: 90330036 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

User: TEMP

User: User 1
->Temp folder emptied: 71440943 bytes
->Temporary Internet Files folder emptied: 42116706 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 12277453 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 307345999 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 512.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06302015_204939

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\CR_318DA.tmp\CHROME.PACKED.7Z moved successfully.
C:\Windows\temp\CR_318DA.tmp\setup.exe moved successfully.
C:\Windows\temp\chrome_installer.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
maranatha-lord
Regular Member
 
Posts: 27
Joined: June 28th, 2015, 12:17 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware