Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Win32:rootkit-gen found, vaulted, is my pc safe now?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby carolb » July 21st, 2015, 5:56 pm

Hi- I know next to nothing about computers. My Avast program found this rootkit and placed it in a vault. I then ran a full windows defender scan (it took over 12 hours) and it said the pc is clean but I want to be sure before I do my online banking, etc. I have not noticed any issues with the pc other than it being slow but it is always slow. I only use the pc for emails, paying bills, casual surfing for news, etc. No gaming. I am careful about opening links. How do I know if I am safe again? Thank-you for your help, and have a great day :-)




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.45.2
Run by carol at 14:42:30 on 2015-07-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1969 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Users\carol\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Users\carol\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
StartupFolder: C:\Users\carol\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\carol\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1 ... rol_32.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
TCP: NameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{76026F56-6A8F-405A-8C58-A13205CDBF7D} : DHCPNameServer = 24.116.0.53 24.116.2.50
TCP: Interfaces\{76026F56-6A8F-405A-8C58-A13205CDBF7D}\4786963702E6564777F627B602963702D65697E602 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{76026F56-6A8F-405A-8C58-A13205CDBF7D}\A696D6E696 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{76026F56-6A8F-405A-8C58-A13205CDBF7D}\D4F445F425F4C414D26443234334 : DHCPNameServer = 24.116.0.53 24.116.2.50
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-8-25 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-8-25 40064]
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2015-5-3 449896]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-10-4 65736]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-10-4 272248]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-10-4 28144]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-10-4 1047320]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-10-4 442264]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-25 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-10-4 29168]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-10-4 89944]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-10-4 137288]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-5-5 343336]
R2 avast! Firewall;Avast Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2015-5-5 107448]
R2 BackupService;BackupService;C:\Users\carol\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2012-7-28 83512]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 Garmin Device Interaction Service;Garmin Device Interaction Service;C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2015-4-8 708616]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-25 2375168]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-6-10 46136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-8-25 114704]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-6-10 1360960]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-8-25 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 436840]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-6-10 44672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe --> C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-4-24 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-14 114688]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-5-19 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-3 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-07-21 03:10:38 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-21 03:10:38 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-21 03:10:38 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-21 03:10:38 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-21 03:10:38 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-21 03:10:38 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-21 03:10:38 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-21 03:10:38 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-21 03:10:38 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-21 03:10:38 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-20 17:43:26 -------- d-----w- C:\Windows\pss
2015-07-18 04:07:23 12221144 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8570CD3-5ACE-4048-95ED-51A99ACA16EE}\mpengine.dll
2015-07-14 22:20:29 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-14 22:19:46 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-07-04 05:02:27 -------- d-----w- C:\Users\carol\AppData\Local\{6A9094BF-F3E2-4167-95C0-A96A7545C1E7}
2015-06-30 06:37:01 -------- d-----w- C:\Users\carol\AppData\Local\{718B5B7A-7BE9-4CBD-A034-6F8D40A52977}
2015-06-29 13:43:16 229608 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2015-06-23 18:35:14 -------- d-----w- C:\Users\carol\AppData\Local\{CADD1C42-3BC2-40FB-BDAD-6A4583A1EE5C}
.
==================== Find3M ====================
.
2015-07-14 19:05:39 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-14 19:05:39 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-09 17:59:59 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:41 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:31 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-09 17:58:26 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:24 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-09 17:58:23 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-09 17:58:23 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:50:11 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-04 18:07:11 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-23 20:30:20 300704 ------w- C:\Windows\System32\MpSigStub.exe
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-06-15 21:50:42 112064 ----a-w- C:\Windows\System32\consent.exe
2015-06-15 21:45:42 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-06-15 21:45:34 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-06-15 21:45:34 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-06-15 21:44:47 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-06-15 21:43:35 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-06-15 21:43:35 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-06-15 21:43:24 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-06-15 21:42:49 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
.
============= FINISH: 14:45:27.61 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/2/2011 7:11:33 PM
System Uptime: 7/21/2015 2:37:00 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1697
Processor: AMD Phenom(tm) II P650 Dual-Core Processor | Socket S1G4 | 780/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 383.597 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.603 GiB free.
E: is CDROM (UDF)
F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP466: 7/21/2015 3:19:45 AM - Windows Update
.
==== Installed Programs ======================
.
Active Managerial Control Sop Wizard
Adobe Flash Player 18 ActiveX
Adobe Reader XI (11.0.12)
Adobe Refresh Manager
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AMD APP SDK Runtime
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
ANT Drivers Installer x64
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
Avast Internet Security
Bejeweled 2 Deluxe
Bejeweled 3
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Build-a-lot 2
Cake Mania
Canon Easy-WebPrint EX
Canon IJ Scan Utility
Canon MG2500 series MP Drivers
Canon MG2500 series On-screen Manual
Canon MG2500 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Dropbox
Elevated Installer
Energy Star Digital Logo
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Farm Frenzy
FATE - The Traitor Soul
Garmin BaseCamp
Garmin Express
Garmin Express Tray
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Update Helper
HP Auto
HP Client Services
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
Java 8 Update 31
Java 8 Update 31 (64-bit)
Java 8 Update 40
Java 8 Update 40 (64-bit)
Java 8 Update 45
Java 8 Update 45 (64-bit)
Java Auto Updater
Junk Mail filter update
Mah Jong Medley
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office 2000 Premium
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Works
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
QuickTime 7
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
RoxioNow Player
Search App by Ask
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Skype™ 7.2
Slingo Supreme
Southwest Trails
Stellarium 0.11.0
Synaptics TouchPad Driver
The Weather Channel App
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Visual Studio C++ 10.0 Runtime
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
7/21/2015 3:37:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
7/21/2015 3:37:27 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2015 8:57:13 PM, Error: volmgr [46] - Crash dump initialization failed!
7/19/2015 10:42:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
7/19/2015 10:41:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
7/19/2015 10:41:53 PM, Error: Service Control Manager [7000] - The Garmin Device Interaction Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/17/2015 9:24:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
7/17/2015 9:24:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Device Interaction Service service.
7/15/2015 11:15:11 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
.
==== End Of File ===========================
carolb
Active Member
 
Posts: 12
Joined: July 21st, 2015, 12:46 pm
Advertisement
Register to Remove

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby Gary R » July 22nd, 2015, 1:05 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby Gary R » July 22nd, 2015, 1:26 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi carolb

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There's no obvious signs of infection showing in your DDS logs, though there are a few things that need attention.

However, since the item flagged by Avast was a rootkit, we need to run some further checks before we can say with any confidence that your computer is clean.

So .... First ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ....

Download TDSSKiller.exe to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • When prompted by UAC allow the prompt.
  • Accept the EULA from TDSSKiller.
  • Accept the KSN Statement.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Copy/Paste the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING THAT IT FINDS AT THIS POINT DOING SO COULD LEAVE YOU WITH AN UNBOOTABLE COMPUTER

Summary of the logs I need from you in your next post:
  • FRST.txt
  • Addition.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby carolb » July 22nd, 2015, 10:58 am

Thanx Gary- I have printed copies of all instructions and will begin the process as soon as my Avast has finished it's quick scan...I ran it first thing this morning and it has found one infected file, I don't know what it is yet but it will tell me when it's done scanning. I do appreciate all your help.
carolb
Active Member
 
Posts: 12
Joined: July 21st, 2015, 12:46 pm

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby carolb » July 22nd, 2015, 12:31 pm

Hi Gary- This is the FRST.txt log...I will send the Addition.txt next...


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by carol (administrator) on CAROL-HP on 22-07-2015 09:23:00
Running from C:\Users\carol\Downloads
Loaded Profiles: carol (Available Profiles: carol)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ArcSoft, Inc.) C:\Users\carol\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dropbox, Inc.) C:\Users\carol\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-08-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-08-25] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-71845956-64373784-659071831-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-21]
ShortcutTarget: Dropbox.lnk -> C:\Users\carol\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-05] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-71845956-64373784-659071831-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-71845956-64373784-659071831-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {59770764-3C1E-40C3-A9AD-D328112D6C80} URL = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {59770764-3C1E-40C3-A9AD-D328112D6C80} URL = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> {59770764-3C1E-40C3-A9AD-D328112D6C80} URL = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-16] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-16] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2006-03-10] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2006-03-10] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2006-03-10] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2006-03-10] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2006-03-10] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2006-03-10] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2006-03-10] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{76026F56-6A8F-405A-8C58-A13205CDBF7D}: [DhcpNameServer] 24.116.0.53 24.116.2.50

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-04]

Chrome:
=======
CHR Profile: C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-05]
CHR Extension: (Google Docs) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-05]
CHR Extension: (Google Drive) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-05]
CHR Extension: (YouTube) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-05]
CHR Extension: (Google Search) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-05]
CHR Extension: (Google Sheets) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-05]
CHR Extension: (Avast Online Security) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Extension: (Gmail) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-05]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-02-14]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-02-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-05] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-05] (Avast Software s.r.o.)
R2 BackupService; C:\Users\carol\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-08-25] (Realsil Microelectronics Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-03] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-03] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-03] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-03] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-03] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-03] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-03] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-03] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-08-22] ()
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 09:23 - 2015-07-22 09:23 - 00023215 _____ C:\Users\carol\Downloads\FRST.txt
2015-07-22 09:22 - 2015-07-22 09:23 - 00000000 ____D C:\FRST
2015-07-22 09:21 - 2015-07-22 09:21 - 02135552 _____ (Farbar) C:\Users\carol\Downloads\FRST64.exe
2015-07-22 09:18 - 2015-07-22 09:18 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CAROL-HP-Windows-7-Home-Premium-(64-bit).dat
2015-07-22 09:17 - 2015-07-22 09:17 - 00000000 ____D C:\RegBackup
2015-07-22 09:16 - 2015-07-22 09:16 - 00002187 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-07-22 09:16 - 2015-07-22 09:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-22 09:16 - 2015-07-22 09:16 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-07-22 09:14 - 2015-07-22 09:14 - 04720448 _____ C:\Users\carol\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-21 14:45 - 2015-07-21 14:45 - 00024983 _____ C:\Users\carol\Desktop\dds.txt
2015-07-21 14:45 - 2015-07-21 14:45 - 00007874 _____ C:\Users\carol\Desktop\attach.txt
2015-07-21 14:42 - 2015-07-21 14:42 - 00688992 ____R (Swearware) C:\Users\carol\Downloads\dds.scr
2015-07-20 20:10 - 2015-07-14 20:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 20:10 - 2015-07-14 20:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 20:10 - 2015-07-14 20:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 20:10 - 2015-07-14 20:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 20:10 - 2015-07-14 19:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 20:10 - 2015-07-14 19:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 20:10 - 2015-07-14 19:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-20 20:10 - 2015-07-14 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-20 20:10 - 2015-07-14 18:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 20:10 - 2015-07-14 18:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 10:43 - 2015-07-20 10:43 - 00000000 ____D C:\Windows\pss
2015-07-19 21:57 - 2015-07-19 21:57 - 00886256 _____ (Microsoft Corporation) C:\Users\carol\Downloads\mssstool64.exe
2015-07-14 15:21 - 2015-07-09 10:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 15:21 - 2015-07-09 10:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 15:21 - 2015-07-09 10:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 15:21 - 2015-07-09 10:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 15:21 - 2015-07-09 10:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 15:21 - 2015-07-09 10:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 15:21 - 2015-07-09 10:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 15:21 - 2015-07-09 10:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 15:21 - 2015-07-09 10:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 15:21 - 2015-07-09 10:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 15:21 - 2015-07-09 10:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-14 15:21 - 2015-07-09 10:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 15:21 - 2015-07-09 10:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 15:21 - 2015-07-09 10:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 15:21 - 2015-07-09 10:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 15:21 - 2015-07-09 10:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 15:21 - 2015-07-04 11:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 15:21 - 2015-07-04 10:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 15:21 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 15:21 - 2015-07-02 14:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-14 15:21 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 15:21 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 15:21 - 2015-07-02 13:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 15:21 - 2015-07-02 13:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 15:21 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 15:21 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 15:21 - 2015-07-02 13:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 15:21 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 15:21 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 15:21 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 15:21 - 2015-06-26 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 15:21 - 2015-06-26 19:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 15:21 - 2015-06-26 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-14 15:21 - 2015-06-26 18:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 15:21 - 2015-06-25 11:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 15:21 - 2015-06-25 10:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 15:21 - 2015-06-25 01:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 15:21 - 2015-06-20 13:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 15:21 - 2015-06-20 12:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 15:21 - 2015-06-20 12:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 15:21 - 2015-06-20 12:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 15:21 - 2015-06-20 12:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 15:21 - 2015-06-20 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 15:21 - 2015-06-20 12:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 15:21 - 2015-06-20 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 15:21 - 2015-06-20 12:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 15:21 - 2015-06-20 12:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 15:21 - 2015-06-20 12:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 15:21 - 2015-06-20 12:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 15:21 - 2015-06-20 12:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 15:21 - 2015-06-20 12:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 15:21 - 2015-06-20 12:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 15:21 - 2015-06-20 12:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 15:21 - 2015-06-20 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 15:21 - 2015-06-20 11:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 15:21 - 2015-06-20 11:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 15:21 - 2015-06-20 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 15:21 - 2015-06-20 11:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 15:21 - 2015-06-20 11:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 15:21 - 2015-06-20 11:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 15:21 - 2015-06-19 11:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 15:21 - 2015-06-19 11:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-14 15:21 - 2015-06-19 11:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-14 15:21 - 2015-06-19 11:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-14 15:21 - 2015-06-19 11:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 15:21 - 2015-06-19 11:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-14 15:21 - 2015-06-19 11:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-14 15:21 - 2015-06-19 11:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 15:21 - 2015-06-19 11:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-14 15:21 - 2015-06-19 11:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 15:21 - 2015-06-19 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 15:21 - 2015-06-19 10:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 15:21 - 2015-06-19 10:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 15:21 - 2015-06-19 10:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 15:21 - 2015-06-19 10:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 15:21 - 2015-06-19 10:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 15:21 - 2015-06-19 10:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-14 15:21 - 2015-06-19 10:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 15:21 - 2015-06-19 10:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 15:21 - 2015-06-17 10:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 15:21 - 2015-06-17 10:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 15:21 - 2015-06-01 17:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 15:21 - 2015-06-01 16:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 15:21 - 2015-04-27 12:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-14 15:21 - 2015-04-27 12:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-14 15:21 - 2015-04-27 12:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-14 15:21 - 2015-04-27 12:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-14 15:21 - 2015-04-27 12:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-14 15:21 - 2015-04-27 12:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-14 15:21 - 2015-04-27 12:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-14 15:21 - 2015-04-27 12:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-14 15:20 - 2015-07-01 13:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 15:20 - 2015-07-01 13:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 15:20 - 2015-07-01 13:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 15:20 - 2015-07-01 13:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 15:20 - 2015-07-01 13:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 15:20 - 2015-07-01 13:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 15:20 - 2015-07-01 13:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 15:20 - 2015-07-01 13:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 15:20 - 2015-07-01 13:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 15:20 - 2015-07-01 13:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 15:20 - 2015-07-01 13:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 15:20 - 2015-07-01 13:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 15:20 - 2015-07-01 13:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 15:20 - 2015-07-01 13:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 15:20 - 2015-07-01 13:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 15:20 - 2015-07-01 13:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 15:20 - 2015-07-01 13:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 15:20 - 2015-07-01 13:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 15:20 - 2015-07-01 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 15:20 - 2015-07-01 13:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 15:20 - 2015-07-01 13:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 15:20 - 2015-07-01 13:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 15:20 - 2015-07-01 13:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-14 15:20 - 2015-07-01 13:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-14 15:20 - 2015-07-01 13:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-14 15:20 - 2015-07-01 13:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-14 15:20 - 2015-07-01 13:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-14 15:20 - 2015-07-01 13:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-14 15:20 - 2015-07-01 13:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-14 15:20 - 2015-07-01 13:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 15:20 - 2015-07-01 13:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-14 15:20 - 2015-07-01 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-14 15:20 - 2015-07-01 13:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-14 15:20 - 2015-07-01 13:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-14 15:20 - 2015-07-01 13:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-14 15:20 - 2015-07-01 12:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 15:20 - 2015-07-01 12:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 15:20 - 2015-07-01 12:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 15:19 - 2015-07-09 10:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 15:19 - 2015-07-09 10:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 15:19 - 2015-07-09 10:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 15:19 - 2015-07-09 10:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 15:19 - 2015-07-09 10:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 15:19 - 2015-07-09 10:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 15:19 - 2015-07-09 10:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 15:19 - 2015-07-09 10:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 15:19 - 2015-06-15 14:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 15:19 - 2015-06-15 14:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 15:19 - 2015-06-15 14:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 15:19 - 2015-06-15 14:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 15:19 - 2015-06-15 14:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 15:19 - 2015-06-15 14:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 15:19 - 2015-06-15 14:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 15:19 - 2015-06-15 14:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 15:19 - 2015-06-15 14:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 15:19 - 2015-06-15 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 15:19 - 2015-06-15 14:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 15:19 - 2015-06-15 14:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-10 22:03 - 2015-07-10 22:03 - 00000000 ____D C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-04 21:36 - 2015-07-04 21:36 - 00434783 _____ C:\Users\carol\Downloads\PEANUT BUTTER CHEESECAKE OVER PEANUT BUTTER CUPS SITTING ON A GRAHAM CRACKER CRUST & THEN TOPPED WITH PEANUT BUTTER GANACHE AND A CHOCOLATE DRIZZLE!.html
2015-07-04 21:36 - 2015-07-04 21:36 - 00000000 ____D C:\Users\carol\Downloads\PEANUT BUTTER CHEESECAKE OVER PEANUT BUTTER CUPS SITTING ON A GRAHAM CRACKER CRUST & THEN TOPPED WITH PEANUT BUTTER GANACHE AND A CHOCOLATE DRIZZLE!_files
2015-07-03 22:02 - 2015-07-03 22:02 - 00000000 ____D C:\Users\carol\AppData\Local\{6A9094BF-F3E2-4167-95C0-A96A7545C1E7}
2015-06-30 08:35 - 2015-06-30 08:35 - 00269457 _____ C:\Users\carol\Downloads\PRESCOTT VALLEY HAIL STORM 6-29-15 - YouTube.html
2015-06-30 08:35 - 2015-06-30 08:35 - 00000000 ____D C:\Users\carol\Downloads\PRESCOTT VALLEY HAIL STORM 6-29-15 - YouTube_files
2015-06-29 23:37 - 2015-06-29 23:37 - 00355243 _____ C:\Users\carol\Downloads\Outlook.com.zip
2015-06-29 23:37 - 2015-06-29 23:37 - 00000000 ____D C:\Users\carol\AppData\Local\{718B5B7A-7BE9-4CBD-A034-6F8D40A52977}
2015-06-23 11:35 - 2015-06-23 11:35 - 00000000 ____D C:\Users\carol\AppData\Local\{CADD1C42-3BC2-40FB-BDAD-6A4583A1EE5C}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 09:14 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-22 09:14 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-22 09:13 - 2009-07-13 22:13 - 00783400 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-22 09:09 - 2012-04-01 08:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-22 08:33 - 2014-10-04 21:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 08:32 - 2015-06-17 21:21 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-71845956-64373784-659071831-1001UA.job
2015-07-22 08:32 - 2015-06-17 21:21 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-71845956-64373784-659071831-1001Core.job
2015-07-22 08:11 - 2011-06-10 21:25 - 01663540 _____ C:\Windows\WindowsUpdate.log
2015-07-22 08:09 - 2015-01-08 21:47 - 00000000 __SHD C:\found.006
2015-07-22 07:54 - 2012-07-30 08:16 - 00000000 ____D C:\Users\carol\AppData\Roaming\Skype
2015-07-22 07:06 - 2015-04-03 08:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-22 07:06 - 2012-07-30 08:16 - 00000000 ____D C:\ProgramData\Skype
2015-07-22 07:03 - 2013-10-19 10:17 - 00000000 ___RD C:\Users\carol\Dropbox
2015-07-22 07:03 - 2013-10-19 10:14 - 00000000 ____D C:\Users\carol\AppData\Roaming\Dropbox
2015-07-22 07:01 - 2014-10-04 21:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 07:01 - 2013-02-19 11:13 - 00000494 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-07-22 07:01 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 07:00 - 2014-08-17 08:52 - 00025894 _____ C:\Windows\setupact.log
2015-07-22 06:54 - 2011-08-02 19:22 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C14D0CA3-9662-4B87-9B81-1C5DF6B99118}
2015-07-22 04:46 - 2014-04-06 00:57 - 00000563 _____ C:\Windows\Tasks\RegCure Pro_sch_2531AC9A-BD61-11E3-A6C2-78E3B550176D.job
2015-07-21 20:36 - 2014-10-04 21:35 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-21 18:00 - 2013-02-19 11:14 - 00000468 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2015-07-21 03:38 - 2009-07-13 21:45 - 00322544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 20:40 - 2011-11-03 08:12 - 00000000 ____D C:\Users\carol\AppData\Local\CrashDumps
2015-07-20 07:48 - 2014-02-18 20:03 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForcarol
2015-07-20 07:48 - 2014-02-18 20:03 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForcarol.job
2015-07-19 22:16 - 2014-08-17 08:51 - 00106204 _____ C:\Windows\PFRO.log
2015-07-19 07:24 - 2013-02-19 11:13 - 00000442 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2015-07-18 08:27 - 2015-06-17 21:21 - 00003888 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-71845956-64373784-659071831-1001UA
2015-07-18 08:27 - 2015-06-17 21:21 - 00003492 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-71845956-64373784-659071831-1001Core
2015-07-17 08:09 - 2013-08-13 11:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 22:28 - 2014-10-04 21:34 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 22:28 - 2014-10-04 21:34 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 21:58 - 2015-04-04 10:18 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-15 21:58 - 2015-04-04 10:18 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-15 08:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 08:31 - 2014-12-10 20:50 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 08:31 - 2014-05-02 07:54 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 08:26 - 2011-08-02 19:11 - 00000000 ____D C:\Users\carol
2015-07-14 12:05 - 2012-04-01 08:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 12:05 - 2012-04-01 08:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 12:05 - 2011-08-10 08:51 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 07:52 - 2014-12-25 07:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-10 08:32 - 2012-12-02 21:18 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCAROL-HP$
2015-07-10 08:32 - 2012-12-02 21:18 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForCAROL-HP$.job
2015-07-02 19:52 - 2009-07-13 22:08 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-29 21:21 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-26 07:17 - 2014-10-04 21:33 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-23 13:30 - 2010-11-20 20:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-09-23 21:49 - 2014-09-23 21:49 - 0000000 _____ () C:\Users\carol\AppData\Roaming\wklnhst.dat

Some files in TEMP:
====================
C:\Users\carol\AppData\Local\Temp\APNSetup.exe
C:\Users\carol\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplqaukl.dll
C:\Users\carol\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\carol\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\carol\AppData\Local\Temp\jre-8u31-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 07:47

==================== End of log ============================
carolb
Active Member
 
Posts: 12
Joined: July 21st, 2015, 12:46 pm

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby carolb » July 22nd, 2015, 12:34 pm

Gary- This is the next log you requested, Addition.txt log. I hope to get the third log completed before leaving for work. Thanx again.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by carol at 2015-07-22 09:24:43
Running from C:\Users\carol\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-71845956-64373784-659071831-500 - Administrator - Disabled)
carol (S-1-5-21-71845956-64373784-659071831-1001 - Administrator - Enabled) => C:\Users\carol
Guest (S-1-5-21-71845956-64373784-659071831-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-71845956-64373784-659071831-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active Managerial Control Sop Wizard (HKLM-x32\...\Active Managerial Control Sop Wizard_is1) (Version: - Alaska Department of Environmental Conservation, Div. of Environmental Health)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-71845956-64373784-659071831-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Garmin BaseCamp (HKLM-x32\...\{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}) (Version: 3.3.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{31EEA563-3544-4EA1-8773-BCBF83F9627A}) (Version: 4.1.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.01.18.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.81 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1902}) (Version: 12.25.2.60 - APN, LLC) <==== ATTENTION
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Southwest Trails (HKLM-x32\...\Southwest Trails) (Version: - )
Stellarium 0.11.0 (HKLM-x32\...\Stellarium_is1) (Version: - )
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-71845956-64373784-659071831-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\carol\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-71845956-64373784-659071831-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-71845956-64373784-659071831-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-71845956-64373784-659071831-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-71845956-64373784-659071831-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-71845956-64373784-659071831-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-71845956-64373784-659071831-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-71845956-64373784-659071831-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-71845956-64373784-659071831-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-71845956-64373784-659071831-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\carol\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

21-07-2015 03:19:45 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BC0AB8B-63CE-4CB1-9528-49B43B1DC36E} - System32\Tasks\avastBCLRestartS-1-5-21-71845956-64373784-659071831-1001 => Chrome.exe
Task: {1FA284DA-31E5-4B52-AC1F-7415F179EE14} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-71845956-64373784-659071831-1001Core => C:\Users\carol\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {2ADA177E-9BA7-4768-895D-6C50B7A025A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {3E816B62-777F-475E-BEFE-EBE869E8DAC6} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {3F48FAB0-3B67-47CC-A0E2-2FC44FC2D2B0} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {4E21DAF9-A17B-4599-80EE-26C9F005A266} - System32\Tasks\HPCeeScheduleForCAROL-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {53827024-CC55-4FBD-BF4B-3F6E7281ECA3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-04] (Google Inc.)
Task: {75359A69-1815-4288-853B-428530C0EDE6} - System32\Tasks\RegCure Pro_sch_2531AC9A-BD61-11E3-A6C2-78E3B550176D => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: {7CD8BA8E-2CAF-4D9E-9728-4A744F484CC5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {7DC03D57-4B85-4678-8882-4A2B146F6E30} - System32\Tasks\HPCeeScheduleForcarol => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {82583974-43FE-4364-BB15-BDC6F57F8360} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-04] (Google Inc.)
Task: {868845A7-0329-45AF-B1E7-25C193464460} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {A18B77EA-F020-4866-AA3D-96D4069840F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A3F1CAC2-1EB7-404F-9031-9C35BCFB38D2} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {AB9ED779-3D70-42FD-9ACE-E761C1822B36} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {C06145CF-CF4F-4B3C-9D59-94337BE60B0F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-71845956-64373784-659071831-1001UA => C:\Users\carol\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {DC24BCDC-D574-4109-9A0B-6DFE8D5F0125} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {EAC82C85-3B3D-4073-93C7-AE8391A39684} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-71845956-64373784-659071831-1001Core.job => C:\Users\carol\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-71845956-64373784-659071831-1001UA.job => C:\Users\carol\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCAROL-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForcarol.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Windows\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\RegCure Pro_sch_2531AC9A-BD61-11E3-A6C2-78E3B550176D.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2011-07-05 11:27 - 2011-07-05 11:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-07-05 11:27 - 2011-07-05 11:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-05 11:13 - 2011-07-05 11:13 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 13:42 - 2011-06-17 13:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-08 09:57 - 2011-04-08 09:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2015-05-05 08:33 - 2015-05-05 08:33 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-05 08:33 - 2015-05-05 08:33 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-21 11:21 - 2015-07-21 11:21 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072101\algo.dll
2015-07-22 07:02 - 2015-07-22 07:02 - 00043008 _____ () c:\users\carol\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplqaukl.dll
2015-03-04 14:45 - 2015-03-19 00:15 - 00750080 _____ () C:\Users\carol\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 14:45 - 2015-03-19 00:15 - 00047616 _____ () C:\Users\carol\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 14:45 - 2015-03-19 00:15 - 00865280 _____ () C:\Users\carol\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 14:45 - 2015-03-19 00:15 - 00200704 _____ () C:\Users\carol\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-07-10 22:03 - 2015-03-19 00:15 - 00010240 _____ () C:\Users\carol\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 14:45 - 2015-03-19 00:15 - 00726016 _____ () C:\Users\carol\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-10 22:03 - 2015-03-19 00:15 - 00010240 _____ () C:\Users\carol\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-03-23 08:22 - 2015-03-23 08:22 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-04-08 09:57 - 2011-04-08 09:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2015-07-14 07:55 - 2015-07-13 14:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 07:55 - 2015-07-13 14:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-71845956-64373784-659071831-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\carol\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 24.116.0.53 - 24.116.2.50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^carol^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Dropbox Update => "C:\Users\carol\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F587132F-5B14-49E4-8AEB-9CFE05742790}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{39CAB820-F092-49BF-8DE9-E0FFDE712D47}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{5C73C0E8-49D5-480F-902A-625007311667}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{8CFCE8E9-72FD-4034-8579-CDF44E94ED6A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{0E3EE51E-8DC6-4D7C-A148-0C2E793A4B26}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E6978A87-05A2-4ABB-8BA7-4970B20A55DA}] => (Allow) LPort=2869
FirewallRules: [{2992C613-8278-4975-9310-FD7C55A0E11A}] => (Allow) LPort=1900
FirewallRules: [{C6529339-84BD-4F87-99BB-A3F09F836828}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5253CDDC-903C-481C-BD1F-D9ABE2E393A9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C7C737DB-D4D7-498B-8C1A-7B4475C5FC85}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{009A0470-949D-4587-B1E5-B649C0CB440B}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{C1691BD3-0586-45D2-BAE7-D3E3EF4F235C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{DA22F2E0-C3CF-461B-825D-F51912555955}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1F4FACC4-6A60-4029-8769-28BF0DB66F37}] => (Allow) C:\Users\carol\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EA1F049F-F579-4466-9B17-3EF7B5B10AD7}] => (Allow) C:\Users\carol\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{87244289-D9EC-4446-8AEC-B7465C19ECC0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DAAC6EF9-7190-49A3-9DC9-CCA0B44DFE6A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{68DC441A-52D9-4462-A23E-6C6911DB494C}C:\users\carol\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\carol\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8FBF164D-A4EB-402D-8F9C-88F8E37542E0}C:\users\carol\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\carol\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{1545707E-ABA6-407A-B4A6-7C698E5584EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2015 07:02:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 04:26:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 04:10:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 02:38:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 03:38:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 08:40:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0x13b8
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (07/20/2015 07:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0x18f4
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (07/20/2015 05:20:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0x50c
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (07/20/2015 08:36:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000005
Fault offset: 0x000000000004ada4
Faulting process id: 0x18f0
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (07/20/2015 08:24:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program avastui.exe version 10.2.2218.944 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 99c

Start Time: 01d0c2aec625b917

Termination Time: 60000

Application Path: C:\Program Files\AVAST Software\Avast\avastui.exe

Report Id: 0d14b1fe-2eef-11e5-b2df-78e3b550176d


System errors:
=============
Error: (07/22/2015 07:02:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (07/22/2015 07:01:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053

Error: (07/22/2015 07:01:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

Error: (07/22/2015 07:00:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:55:13 AM on ‎7/‎22/‎2015 was unexpected.

Error: (07/21/2015 04:23:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/21/2015 04:08:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/21/2015 11:22:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/21/2015 03:37:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%1053

Error: (07/21/2015 03:37:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

Error: (07/21/2015 03:35:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office:
=========================
Error: (07/22/2015 07:02:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 04:26:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 04:10:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 02:38:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 03:38:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 08:40:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.18869556366f2c0000005000000000004ada413b801d0c366ebfe8448C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll2b7d9cde-2f5a-11e5-b2df-78e3b550176d

Error: (07/20/2015 07:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.18869556366f2c0000005000000000004ada418f401d0c360e096ece5C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll202b71dd-2f54-11e5-b2df-78e3b550176d

Error: (07/20/2015 05:20:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.18869556366f2c0000005000000000004ada450c01d0c34b1563597cC:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll556ee342-2f3e-11e5-b2df-78e3b550176d

Error: (07/20/2015 08:36:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GWXUX.exe6.3.9600.1792355945dbdntdll.dll6.1.7601.18869556366f2c0000005000000000004ada418f001d0c301d1d51570C:\Windows\System32\GWX\GWXUX.exeC:\Windows\SYSTEM32\ntdll.dll11eee777-2ef5-11e5-b2df-78e3b550176d

Error: (07/20/2015 08:24:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avastui.exe10.2.2218.94499c01d0c2aec625b91760000C:\Program Files\AVAST Software\Avast\avastui.exe0d14b1fe-2eef-11e5-b2df-78e3b550176d


==================== Memory info ===========================

Processor: AMD Phenom(tm) II P650 Dual-Core Processor
Percentage of memory in use: 51%
Total physical RAM: 3834.9 MB
Available physical RAM: 1845.02 MB
Total Virtual: 7668.01 MB
Available Virtual: 5340.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:451.05 GB) (Free:382.65 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.42 GB) (Free:1.6 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B7C2B775)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of log ============================
carolb
Active Member
 
Posts: 12
Joined: July 21st, 2015, 12:46 pm

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby carolb » July 22nd, 2015, 12:47 pm

Gary- Here is the TDDSKiller log. I will have to send it in two posts. Thanx.


09:37:17.0808 0x1894 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
09:37:26.0217 0x1894 ============================================================
09:37:26.0217 0x1894 Current date / time: 2015/07/22 09:37:26.0217
09:37:26.0217 0x1894 SystemInfo:
09:37:26.0217 0x1894
09:37:26.0217 0x1894 OS Version: 6.1.7601 ServicePack: 1.0
09:37:26.0217 0x1894 Product type: Workstation
09:37:26.0217 0x1894 ComputerName: CAROL-HP
09:37:26.0218 0x1894 UserName: carol
09:37:26.0218 0x1894 Windows directory: C:\Windows
09:37:26.0218 0x1894 System windows directory: C:\Windows
09:37:26.0218 0x1894 Running under WOW64
09:37:26.0218 0x1894 Processor architecture: Intel x64
09:37:26.0218 0x1894 Number of processors: 2
09:37:26.0218 0x1894 Page size: 0x1000
09:37:26.0218 0x1894 Boot type: Normal boot
09:37:26.0218 0x1894 ============================================================
09:37:26.0890 0x1894 KLMD registered as C:\Windows\system32\drivers\06460345.sys
09:37:27.0398 0x1894 System UUID: {3F45C3DA-5567-7F74-E98E-84FCBC389857}
09:37:28.0829 0x1894 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:37:28.0866 0x1894 Drive \Device\Harddisk1\DR3 - Size: 0x3A3B00000 ( 14.56 Gb ), SectorSize: 0x200, Cylinders: 0x76C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:37:28.0872 0x1894 ============================================================
09:37:28.0872 0x1894 \Device\Harddisk0\DR0:
09:37:28.0883 0x1894 MBR partitions:
09:37:28.0883 0x1894 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:37:28.0883 0x1894 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38618000
09:37:28.0884 0x1894 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3867C000, BlocksNum 0x1CD6000
09:37:28.0884 0x1894 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
09:37:28.0884 0x1894 \Device\Harddisk1\DR3:
09:37:28.0885 0x1894 MBR partitions:
09:37:28.0885 0x1894 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1D1D7E0
09:37:28.0885 0x1894 ============================================================
09:37:28.0912 0x1894 C: <-> \Device\Harddisk0\DR0\Partition2
09:37:29.0071 0x1894 D: <-> \Device\Harddisk0\DR0\Partition3
09:37:29.0087 0x1894 F: <-> \Device\Harddisk0\DR0\Partition4
09:37:29.0087 0x1894 ============================================================
09:37:29.0087 0x1894 Initialize success
09:37:29.0087 0x1894 ============================================================
09:37:56.0070 0x1130 ============================================================
09:37:56.0070 0x1130 Scan started
09:37:56.0070 0x1130 Mode: Manual;
09:37:56.0070 0x1130 ============================================================
09:37:56.0070 0x1130 KSN ping started
09:37:59.0190 0x1130 KSN ping finished: true
09:38:00.0110 0x1130 ================ Scan system memory ========================
09:38:00.0110 0x1130 System memory - ok
09:38:00.0110 0x1130 ================ Scan services =============================
09:38:00.0344 0x1130 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:38:00.0360 0x1130 1394ohci - ok
09:38:00.0454 0x1130 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:38:00.0485 0x1130 ACPI - ok
09:38:00.0516 0x1130 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:38:00.0516 0x1130 AcpiPmi - ok
09:38:00.0641 0x1130 [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:38:00.0656 0x1130 AdobeARMservice - ok
09:38:00.0797 0x1130 [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:38:00.0812 0x1130 AdobeFlashPlayerUpdateSvc - ok
09:38:00.0875 0x1130 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:38:00.0906 0x1130 adp94xx - ok
09:38:00.0968 0x1130 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:38:00.0984 0x1130 adpahci - ok
09:38:01.0015 0x1130 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:38:01.0015 0x1130 adpu320 - ok
09:38:01.0062 0x1130 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:38:01.0062 0x1130 AeLookupSvc - ok
09:38:01.0140 0x1130 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
09:38:01.0156 0x1130 AFD - ok
09:38:01.0187 0x1130 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
09:38:01.0187 0x1130 agp440 - ok
09:38:01.0234 0x1130 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
09:38:01.0234 0x1130 ALG - ok
09:38:01.0280 0x1130 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
09:38:01.0280 0x1130 aliide - ok
09:38:01.0343 0x1130 [ 715B02B892C5BA46471EFC8DCD2AE934, 9DB0CC1D33BF71EAA3DB8DD9ADFB131FE220E3FE638286F55042056B8B56CE74 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:38:01.0358 0x1130 AMD External Events Utility - ok
09:38:01.0436 0x1130 AMD FUEL Service - ok
09:38:01.0483 0x1130 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
09:38:01.0483 0x1130 amdide - ok
09:38:01.0514 0x1130 [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
09:38:01.0530 0x1130 amdiox64 - ok
09:38:01.0577 0x1130 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:38:01.0577 0x1130 AmdK8 - ok
09:38:01.0982 0x1130 [ 7054D5D028B6CA727D0575192D633FA9, 41FEF2500004C6EAE116A109E525BE86494306709689A624A656A29D438C20AB ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:38:02.0201 0x1130 amdkmdag - ok
09:38:02.0326 0x1130 [ 1CD2BC11467FD5FC7BE9827A9F3D8566, 952C881CF3DF67125C539409399C820632631782D426DF51900BB6F70C833024 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:38:02.0326 0x1130 amdkmdap - ok
09:38:02.0357 0x1130 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:38:02.0357 0x1130 AmdPPM - ok
09:38:02.0419 0x1130 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:38:02.0419 0x1130 amdsata - ok
09:38:02.0497 0x1130 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:38:02.0513 0x1130 amdsbs - ok
09:38:02.0544 0x1130 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:38:02.0544 0x1130 amdxata - ok
09:38:02.0575 0x1130 [ F9D46B6B322708BD5AFCC8767EBDC901, BD4872A62516D8326D43FD37A8BECEBADB80C51CD79506FD8A2013358710F774 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
09:38:02.0575 0x1130 amd_sata - ok
09:38:02.0622 0x1130 [ 329CC9C7E20DEEBCD4CD10816193EF14, FA217536D56EA0BFC783FC29919F529A9AF8E0F7B2A49AA452B218BC6F1E0366 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
09:38:02.0622 0x1130 amd_xata - ok
09:38:02.0669 0x1130 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
09:38:02.0669 0x1130 AppID - ok
09:38:02.0700 0x1130 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:38:02.0700 0x1130 AppIDSvc - ok
09:38:02.0747 0x1130 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
09:38:02.0747 0x1130 Appinfo - ok
09:38:02.0809 0x1130 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
09:38:02.0825 0x1130 arc - ok
09:38:02.0840 0x1130 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:38:02.0856 0x1130 arcsas - ok
09:38:02.0996 0x1130 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:38:02.0996 0x1130 aspnet_state - ok
09:38:03.0074 0x1130 [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
09:38:03.0090 0x1130 aswHwid - ok
09:38:03.0137 0x1130 [ 2EF62E6F46345480A2946AA7D7EB28F5, E1952C776CA41A2D9242154BD6613559BFE4D38E47C7C4AE894108B479B2F9D0 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
09:38:03.0137 0x1130 aswKbd - ok
09:38:03.0168 0x1130 [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
09:38:03.0184 0x1130 aswMonFlt - ok
09:38:03.0262 0x1130 [ 81A2A421E6D7B43AA9E87A5FCB5730C3, CF232DBB07FAD95248FED789E67592D73027F145E08BD5269A3773E48693641B ] aswNdisFlt C:\Windows\system32\DRIVERS\aswNdisFlt.sys
09:38:03.0293 0x1130 aswNdisFlt - ok
09:38:03.0386 0x1130 [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
09:38:03.0386 0x1130 aswRdr - ok
09:38:03.0418 0x1130 [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
09:38:03.0418 0x1130 aswRvrt - ok
09:38:03.0527 0x1130 [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
09:38:03.0589 0x1130 aswSnx - ok
09:38:03.0667 0x1130 [ A04F190FCD762E7BCC9BFC70563C52DB, 2BF6823F2EADBDA28DF1CCECCAC84D9FF37D3CFB66A7B402575C6B9FCFB45EB3 ] aswSP C:\Windows\system32\drivers\aswSP.sys
09:38:03.0714 0x1130 aswSP - ok
09:38:03.0776 0x1130 [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm C:\Windows\system32\drivers\aswStm.sys
09:38:03.0776 0x1130 aswStm - ok
09:38:03.0823 0x1130 [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
09:38:03.0839 0x1130 aswVmm - ok
09:38:03.0886 0x1130 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:38:03.0886 0x1130 AsyncMac - ok
09:38:03.0917 0x1130 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
09:38:03.0917 0x1130 atapi - ok
09:38:04.0073 0x1130 [ CBD14F698DEF12EE3557604B726CB8EB, 45EDD88B18F2DE9024851BFDE9DC0CA943692DD306CB3A0822F4A5C0C3D7CDD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:38:04.0073 0x1130 AtiHDAudioService - ok
09:38:04.0120 0x1130 [ 2D648572BA9A610952FCAFBA1E119C2D, 4CD7E7D3C878DEF8CC18A925EAB1E0E8E8893BE99DA1E1F78FE9AD12EF1C48BC ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
09:38:04.0135 0x1130 AtiHdmiService - ok
09:38:04.0166 0x1130 [ E82E61F46D1336447F4DEFF8C074F13E, 9FC152B33F1D9F5684B687743E943AA26AC17A1093F4C31A43C7012E70BC302E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
09:38:04.0166 0x1130 AtiPcie - ok
09:38:04.0244 0x1130 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:38:04.0307 0x1130 AudioEndpointBuilder - ok
09:38:04.0385 0x1130 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:38:04.0432 0x1130 AudioSrv - ok
09:38:04.0572 0x1130 [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:38:04.0603 0x1130 avast! Antivirus - ok
09:38:04.0666 0x1130 [ C569E7F268C43D6C9C4D74EE2F06CCD8, 8E66A2C610E00D0F01CECAC8E32824D3B54E823781E953C8A506BAB4CFDE7F23 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
09:38:04.0666 0x1130 avast! Firewall - ok
09:38:04.0744 0x1130 AvastVBoxSvc - ok
09:38:04.0822 0x1130 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:38:04.0837 0x1130 AxInstSV - ok
09:38:04.0915 0x1130 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:38:04.0946 0x1130 b06bdrv - ok
09:38:05.0024 0x1130 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:38:05.0040 0x1130 b57nd60a - ok
09:38:05.0227 0x1130 [ 68B86DD9D455A6A8DE6D13C84FB5CE31, ED02BCEE2874F2E1B32CB0F6E44712BEDF80ABC3E8F233D258D485CCE2714C17 ] BackupService C:\Users\carol\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
09:38:05.0227 0x1130 BackupService - ok
09:38:05.0383 0x1130 [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
09:38:05.0477 0x1130 BCM43XX - ok
09:38:05.0524 0x1130 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
09:38:05.0539 0x1130 BDESVC - ok
09:38:05.0555 0x1130 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
09:38:05.0555 0x1130 Beep - ok
09:38:05.0648 0x1130 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
09:38:05.0711 0x1130 BFE - ok
09:38:05.0804 0x1130 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
09:38:05.0867 0x1130 BITS - ok
09:38:05.0929 0x1130 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:38:05.0929 0x1130 blbdrive - ok
09:38:05.0976 0x1130 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:38:05.0976 0x1130 bowser - ok
09:38:06.0007 0x1130 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:38:06.0007 0x1130 BrFiltLo - ok
09:38:06.0023 0x1130 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:38:06.0023 0x1130 BrFiltUp - ok
09:38:06.0070 0x1130 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
09:38:06.0085 0x1130 Browser - ok
09:38:06.0132 0x1130 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:38:06.0148 0x1130 Brserid - ok
09:38:06.0163 0x1130 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:38:06.0163 0x1130 BrSerWdm - ok
09:38:06.0194 0x1130 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:38:06.0194 0x1130 BrUsbMdm - ok
09:38:06.0210 0x1130 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:38:06.0210 0x1130 BrUsbSer - ok
09:38:06.0241 0x1130 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:38:06.0257 0x1130 BTHMODEM - ok
09:38:06.0304 0x1130 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
09:38:06.0319 0x1130 bthserv - ok
09:38:06.0366 0x1130 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:38:06.0382 0x1130 cdfs - ok
09:38:06.0428 0x1130 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:38:06.0428 0x1130 cdrom - ok
09:38:06.0491 0x1130 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
09:38:06.0506 0x1130 CertPropSvc - ok
09:38:06.0569 0x1130 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
09:38:06.0569 0x1130 circlass - ok
09:38:06.0631 0x1130 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
09:38:06.0694 0x1130 CLFS - ok
09:38:06.0787 0x1130 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:38:06.0787 0x1130 clr_optimization_v2.0.50727_32 - ok
09:38:06.0834 0x1130 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:38:06.0834 0x1130 clr_optimization_v2.0.50727_64 - ok
09:38:06.0943 0x1130 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:38:06.0959 0x1130 clr_optimization_v4.0.30319_32 - ok
09:38:07.0006 0x1130 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:38:07.0006 0x1130 clr_optimization_v4.0.30319_64 - ok
09:38:07.0052 0x1130 [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
09:38:07.0052 0x1130 clwvd - ok
09:38:07.0084 0x1130 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:38:07.0099 0x1130 CmBatt - ok
09:38:07.0130 0x1130 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:38:07.0130 0x1130 cmdide - ok
09:38:07.0208 0x1130 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
09:38:07.0255 0x1130 CNG - ok
09:38:07.0333 0x1130 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:38:07.0333 0x1130 Compbatt - ok
09:38:07.0380 0x1130 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:38:07.0380 0x1130 CompositeBus - ok
09:38:07.0396 0x1130 COMSysApp - ok
09:38:07.0427 0x1130 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:38:07.0442 0x1130 crcdisk - ok
09:38:07.0505 0x1130 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:38:07.0520 0x1130 CryptSvc - ok
09:38:07.0708 0x1130 [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:38:07.0786 0x1130 cvhsvc - ok
09:38:07.0864 0x1130 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:38:07.0910 0x1130 DcomLaunch - ok
09:38:07.0973 0x1130 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
09:38:08.0004 0x1130 defragsvc - ok
09:38:08.0035 0x1130 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:38:08.0051 0x1130 DfsC - ok
09:38:08.0098 0x1130 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:38:08.0129 0x1130 Dhcp - ok
09:38:08.0285 0x1130 [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll
09:38:08.0394 0x1130 DiagTrack - ok
09:38:08.0441 0x1130 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
09:38:08.0441 0x1130 discache - ok
09:38:08.0472 0x1130 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
09:38:08.0488 0x1130 Disk - ok
09:38:08.0534 0x1130 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:38:08.0566 0x1130 Dnscache - ok
09:38:08.0612 0x1130 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
09:38:08.0659 0x1130 dot3svc - ok
09:38:08.0675 0x1130 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
09:38:08.0706 0x1130 DPS - ok
09:38:08.0753 0x1130 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:38:08.0753 0x1130 drmkaud - ok
09:38:08.0878 0x1130 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:38:08.0956 0x1130 DXGKrnl - ok
09:38:09.0034 0x1130 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
09:38:09.0049 0x1130 EapHost - ok
09:38:09.0346 0x1130 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:38:09.0611 0x1130 ebdrv - ok
09:38:09.0673 0x1130 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] EFS C:\Windows\System32\lsass.exe
09:38:09.0673 0x1130 EFS - ok
09:38:09.0798 0x1130 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:38:09.0876 0x1130 ehRecvr - ok
09:38:09.0907 0x1130 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
09:38:09.0923 0x1130 ehSched - ok
09:38:09.0985 0x1130 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:38:10.0048 0x1130 elxstor - ok
09:38:10.0063 0x1130 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:38:10.0063 0x1130 ErrDev - ok
09:38:10.0172 0x1130 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
09:38:10.0204 0x1130 EventSystem - ok
09:38:10.0266 0x1130 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
09:38:10.0282 0x1130 exfat - ok
09:38:10.0313 0x1130 ezSharedSvc - ok
09:38:10.0344 0x1130 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:38:10.0375 0x1130 fastfat - ok
09:38:10.0484 0x1130 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
09:38:10.0562 0x1130 Fax - ok
09:38:10.0578 0x1130 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
09:38:10.0594 0x1130 fdc - ok
09:38:10.0609 0x1130 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
09:38:10.0625 0x1130 fdPHost - ok
09:38:10.0640 0x1130 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
09:38:10.0640 0x1130 FDResPub - ok
09:38:10.0687 0x1130 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:38:10.0703 0x1130 FileInfo - ok
09:38:10.0718 0x1130 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:38:10.0718 0x1130 Filetrace - ok
09:38:10.0734 0x1130 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:38:10.0750 0x1130 flpydisk - ok
09:38:10.0796 0x1130 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:38:10.0843 0x1130 FltMgr - ok
09:38:10.0968 0x1130 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
09:38:11.0093 0x1130 FontCache - ok
09:38:11.0155 0x1130 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:38:11.0155 0x1130 FontCache3.0.0.0 - ok
09:38:11.0202 0x1130 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:38:11.0218 0x1130 FsDepends - ok
09:38:11.0249 0x1130 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:38:11.0249 0x1130 Fs_Rec - ok
09:38:11.0296 0x1130 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:38:11.0311 0x1130 fvevol - ok
09:38:11.0374 0x1130 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:38:11.0374 0x1130 gagp30kx - ok
09:38:11.0467 0x1130 [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:38:11.0483 0x1130 GamesAppService - ok
09:38:11.0654 0x1130 [ 805DAC448BEBDA900BF5520AB27D9616, C0A2935C75EC4B3D860E68ABAE6756D6D4B31BA9AFD742FF9C0B6ED11BEFD163 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
09:38:11.0732 0x1130 Garmin Device Interaction Service - ok
09:38:11.0842 0x1130 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
09:38:11.0920 0x1130 gpsvc - ok
09:38:12.0029 0x1130 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:38:12.0044 0x1130 gupdate - ok
09:38:12.0076 0x1130 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:38:12.0076 0x1130 gupdatem - ok
09:38:12.0107 0x1130 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:38:12.0107 0x1130 hcw85cir - ok
09:38:12.0185 0x1130 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:38:12.0216 0x1130 HdAudAddService - ok
09:38:12.0263 0x1130 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:38:12.0263 0x1130 HDAudBus - ok
09:38:12.0294 0x1130 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:38:12.0294 0x1130 HidBatt - ok
09:38:12.0325 0x1130 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:38:12.0341 0x1130 HidBth - ok
09:38:12.0372 0x1130 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
09:38:12.0388 0x1130 HidIr - ok
09:38:12.0419 0x1130 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
09:38:12.0434 0x1130 hidserv - ok
09:38:12.0497 0x1130 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
09:38:12.0512 0x1130 HidUsb - ok
09:38:12.0559 0x1130 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:38:12.0575 0x1130 hkmsvc - ok
09:38:12.0622 0x1130 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:38:12.0653 0x1130 HomeGroupListener - ok
09:38:12.0715 0x1130 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:38:12.0746 0x1130 HomeGroupProvider - ok
09:38:12.0871 0x1130 [ 170233B8D743EFE35F462A5D516B93E3, 469CD3A5DE0CB6E7068F3670DA95FCF46544546AB72B1A508B3A3CA3B8598802 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:38:12.0887 0x1130 HP Support Assistant Service - ok
09:38:12.0965 0x1130 [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
09:38:12.0996 0x1130 HPClientSvc - ok
09:38:13.0121 0x1130 [ C5D2F308E1C12A5C328EF549696DBC05, 4BBDA3E0707854CC80FF8699A478D0D2AF18094B9F7EFB629B0CE4F890C44464 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
09:38:13.0214 0x1130 hpCMSrv - ok
09:38:13.0277 0x1130 [ D17F9E527F01770BD04A9223BC40EC22, 4EF549A1087524EE80EDEC0201DAE64842D934F94B44BBDC7AF808187926CD81 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
09:38:13.0308 0x1130 HPDrvMntSvc.exe - ok
09:38:13.0417 0x1130 [ 0955C23C041451FB4E7099D6B2CF1C06, AF63822F24865D8B549C1CF213602EBA605D87BEC1D6E2F769CFA598D0B00818 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:38:13.0511 0x1130 hpqwmiex - ok
09:38:13.0558 0x1130 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:38:13.0558 0x1130 HpSAMD - ok
09:38:13.0636 0x1130 [ 171000873EB522E5EA3DD4C4E0B689B2, 8F4B2C042B7391A009DED11C12AB5CEEB853944B92B9D6C676453DF258F87B9F ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
09:38:13.0636 0x1130 HPWMISVC - ok
09:38:13.0729 0x1130 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:38:13.0792 0x1130 HTTP - ok
09:38:13.0838 0x1130 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:38:13.0838 0x1130 hwpolicy - ok
09:38:13.0885 0x1130 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:38:13.0901 0x1130 i8042prt - ok
09:38:13.0979 0x1130 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:38:14.0041 0x1130 iaStorV - ok
09:38:14.0306 0x1130 [ 3A0FF117B4ADC5ABE4D968E26A337158, 95F4EB09158DD9B4927F71F83BE3A10DDD99C131C28D9683A7CCBB8C30769AB8 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
09:38:14.0509 0x1130 IconMan_R - ok
09:38:14.0618 0x1130 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:38:14.0696 0x1130 idsvc - ok
09:38:14.0774 0x1130 IEEtwCollectorService - ok
09:38:14.0790 0x1130 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:38:14.0806 0x1130 iirsp - ok
09:38:14.0899 0x1130 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
09:38:14.0977 0x1130 IKEEXT - ok
09:38:15.0024 0x1130 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
09:38:15.0040 0x1130 intelide - ok
09:38:15.0086 0x1130 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
09:38:15.0086 0x1130 intelppm - ok
09:38:15.0149 0x1130 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:38:15.0149 0x1130 IPBusEnum - ok
09:38:15.0180 0x1130 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:38:15.0196 0x1130 IpFilterDriver - ok
09:38:15.0274 0x1130 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:38:15.0336 0x1130 iphlpsvc - ok
09:38:15.0367 0x1130 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:38:15.0383 0x1130 IPMIDRV - ok
09:38:15.0430 0x1130 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:38:15.0430 0x1130 IPNAT - ok
09:38:15.0461 0x1130 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:38:15.0476 0x1130 IRENUM - ok
09:38:15.0492 0x1130 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:38:15.0492 0x1130 isapnp - ok
09:38:15.0554 0x1130 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:38:15.0586 0x1130 iScsiPrt - ok
09:38:15.0617 0x1130 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:38:15.0617 0x1130 kbdclass - ok
09:38:15.0632 0x1130 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:38:15.0648 0x1130 kbdhid - ok
09:38:15.0664 0x1130 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] KeyIso C:\Windows\system32\lsass.exe
09:38:15.0679 0x1130 KeyIso - ok
09:38:15.0710 0x1130 [ C0A6C3D6E02B61B5D100FE17306C276F, F57C7BCC39B30F1DF739D07B76BA18EB68D12D8D1BD13B6AC8DC712C29119495 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:38:15.0726 0x1130 KSecDD - ok
09:38:15.0773 0x1130 [ 7A7328E427694CC7244235C3BC299F80, 7FC2E1F3F93B3334C3A8961CA58B4F38524650F6D8DA9FFA1FB43E1A2B86B710 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:38:15.0788 0x1130 KSecPkg - ok
09:38:15.0820 0x1130 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:38:15.0820 0x1130 ksthunk - ok
09:38:15.0882 0x1130 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
09:38:15.0929 0x1130 KtmRm - ok
09:38:15.0991 0x1130 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:38:16.0038 0x1130 LanmanServer - ok
09:38:16.0085 0x1130 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:38:16.0116 0x1130 LanmanWorkstation - ok
09:38:16.0163 0x1130 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:38:16.0163 0x1130 lltdio - ok
09:38:16.0225 0x1130 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:38:16.0256 0x1130 lltdsvc - ok
09:38:16.0288 0x1130 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:38:16.0303 0x1130 lmhosts - ok
09:38:16.0334 0x1130 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:38:16.0350 0x1130 LSI_FC - ok
09:38:16.0397 0x1130 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:38:16.0397 0x1130 LSI_SAS - ok
09:38:16.0444 0x1130 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:38:16.0459 0x1130 LSI_SAS2 - ok
09:38:16.0490 0x1130 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:38:16.0522 0x1130 LSI_SCSI - ok
09:38:16.0553 0x1130 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
09:38:16.0568 0x1130 luafv - ok
09:38:16.0615 0x1130 MBAMSwissArmy - ok
09:38:16.0631 0x1130 MBAMWebAccessControl - ok
09:38:16.0678 0x1130 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:38:16.0693 0x1130 Mcx2Svc - ok
09:38:16.0724 0x1130 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
09:38:16.0740 0x1130 megasas - ok
09:38:16.0802 0x1130 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:38:16.0834 0x1130 MegaSR - ok
09:38:16.0880 0x1130 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
09:38:16.0896 0x1130 MMCSS - ok
09:38:16.0927 0x1130 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
09:38:16.0927 0x1130 Modem - ok
09:38:16.0943 0x1130 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:38:16.0943 0x1130 monitor - ok
09:38:16.0974 0x1130 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:38:16.0974 0x1130 mouclass - ok
09:38:17.0021 0x1130 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:38:17.0036 0x1130 mouhid - ok
09:38:17.0083 0x1130 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:38:17.0083 0x1130 mountmgr - ok
09:38:17.0130 0x1130 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
09:38:17.0146 0x1130 mpio - ok
09:38:17.0192 0x1130 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:38:17.0208 0x1130 mpsdrv - ok
09:38:17.0302 0x1130 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:38:17.0395 0x1130 MpsSvc - ok
09:38:17.0442 0x1130 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:38:17.0458 0x1130 MRxDAV - ok
09:38:17.0504 0x1130 [ 1877EB1495CFBDAB27D6A32F6DDF3818, 3818055C66AB12A335A905CFFE5D05347F15AE488861C5C183E62E8E0881DA86 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:38:17.0536 0x1130 mrxsmb - ok
09:38:17.0582 0x1130 [ 21AF322605D8C7F2A627C22634D1C9C9, 6B783F95D093FEFB260EA9568926BBB3CB8ED0783184DB3A18733E211933BADD ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:38:17.0614 0x1130 mrxsmb10 - ok
09:38:17.0645 0x1130 [ 45A03A0B6461EFBEE77E0A6AC2816EDA, CFB0C11387F2EC49FD6B69EF747962114EBA6F8B4B4DEC3627E9E969775C4D7E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:38:17.0645 0x1130 mrxsmb20 - ok
09:38:17.0692 0x1130 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
09:38:17.0692 0x1130 msahci - ok
09:38:17.0723 0x1130 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:38:17.0738 0x1130 msdsm - ok
09:38:17.0770 0x1130 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
09:38:17.0770 0x1130 MSDTC - ok
09:38:17.0832 0x1130 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:38:17.0832 0x1130 Msfs - ok
09:38:17.0848 0x1130 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:38:17.0848 0x1130 mshidkmdf - ok
09:38:17.0879 0x1130 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:38:17.0879 0x1130 msisadrv - ok
09:38:17.0941 0x1130 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:38:17.0941 0x1130 MSiSCSI - ok
09:38:17.0957 0x1130 msiserver - ok
09:38:18.0004 0x1130 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:38:18.0004 0x1130 MSKSSRV - ok
09:38:18.0035 0x1130 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:38:18.0035 0x1130 MSPCLOCK - ok
09:38:18.0050 0x1130 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:38:18.0050 0x1130 MSPQM - ok
09:38:18.0097 0x1130 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:38:18.0128 0x1130 MsRPC - ok
09:38:18.0175 0x1130 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:38:18.0175 0x1130 mssmbios - ok
09:38:18.0191 0x1130 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:38:18.0191 0x1130 MSTEE - ok
09:38:18.0238 0x1130 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:38:18.0253 0x1130 MTConfig - ok
09:38:18.0269 0x1130 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
09:38:18.0269 0x1130 Mup - ok
09:38:18.0347 0x1130 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
09:38:18.0394 0x1130 napagent - ok
09:38:18.0472 0x1130 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:38:18.0518 0x1130 NativeWifiP - ok
09:38:18.0628 0x1130 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
09:38:18.0690 0x1130 NDIS - ok
09:38:18.0721 0x1130 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:38:18.0721 0x1130 NdisCap - ok
09:38:18.0752 0x1130 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:38:18.0768 0x1130 NdisTapi - ok
09:38:18.0784 0x1130 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:38:18.0799 0x1130 Ndisuio - ok
09:38:18.0830 0x1130 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:38:18.0846 0x1130 NdisWan - ok
09:38:18.0877 0x1130 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:38:18.0877 0x1130 NDProxy - ok
09:38:18.0893 0x1130 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:38:18.0893 0x1130 NetBIOS - ok
09:38:18.0940 0x1130 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:38:18.0971 0x1130 NetBT - ok
09:38:18.0986 0x1130 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] Netlogon C:\Windows\system32\lsass.exe
09:38:19.0002 0x1130 Netlogon - ok
09:38:19.0064 0x1130 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
09:38:19.0111 0x1130 Netman - ok
09:38:19.0158 0x1130 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:19.0189 0x1130 NetMsmqActivator - ok
09:38:19.0236 0x1130 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:19.0236 0x1130 NetPipeActivator - ok
09:38:19.0314 0x1130 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
09:38:19.0376 0x1130 netprofm - ok
09:38:19.0548 0x1130 [ 8B5D2D7CB0EF5B1967860B8AB742A46C, 65B61FF5156D0EC0F95143FFBB0099F6F8B9CBB4CA4227F455884B8F51E93FB4 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
09:38:19.0657 0x1130 netr28x - ok
09:38:19.0704 0x1130 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:19.0720 0x1130 NetTcpActivator - ok
09:38:19.0751 0x1130 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:19.0751 0x1130 NetTcpPortSharing - ok
09:38:19.0798 0x1130 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:38:19.0813 0x1130 nfrd960 - ok
09:38:19.0876 0x1130 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
09:38:19.0907 0x1130 NlaSvc - ok
09:38:19.0938 0x1130 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:38:19.0938 0x1130 Npfs - ok
09:38:19.0985 0x1130 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
09:38:19.0985 0x1130 nsi - ok
09:38:20.0016 0x1130 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:38:20.0016 0x1130 nsiproxy - ok
09:38:20.0188 0x1130 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:38:20.0312 0x1130 Ntfs - ok
09:38:20.0344 0x1130 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
09:38:20.0344 0x1130 Null - ok
09:38:20.0390 0x1130 [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
09:38:20.0453 0x1130 NVENETFD - ok
09:38:20.0500 0x1130 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:38:20.0500 0x1130 nvraid - ok
09:38:20.0531 0x1130 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:38:20.0531 0x1130 nvstor - ok
09:38:20.0578 0x1130 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:38:20.0578 0x1130 nv_agp - ok
09:38:20.0624 0x1130 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:38:20.0624 0x1130 ohci1394 - ok
09:38:20.0687 0x1130 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:38:20.0702 0x1130 ose - ok
09:38:20.0968 0x1130 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:38:21.0155 0x1130 osppsvc - ok
09:38:21.0217 0x1130 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:38:21.0233 0x1130 p2pimsvc - ok
09:38:21.0264 0x1130 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
09:38:21.0295 0x1130 p2psvc - ok
09:38:21.0342 0x1130 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
09:38:21.0342 0x1130 Parport - ok
09:38:21.0373 0x1130 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:38:21.0389 0x1130 partmgr - ok
09:38:21.0436 0x1130 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:38:21.0436 0x1130 PcaSvc - ok
09:38:21.0467 0x1130 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
09:38:21.0467 0x1130 pci - ok
09:38:21.0498 0x1130 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
09:38:21.0498 0x1130 pciide - ok
09:38:21.0529 0x1130 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:38:21.0529 0x1130 pcmcia - ok
09:38:21.0560 0x1130 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
09:38:21.0576 0x1130 pcw - ok
09:38:21.0654 0x1130 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:38:21.0716 0x1130 PEAUTH - ok
09:38:21.0841 0x1130 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:38:21.0841 0x1130 PerfHost - ok
09:38:22.0028 0x1130 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
09:38:22.0153 0x1130 pla - ok
09:38:22.0231 0x1130 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:38:22.0278 0x1130 PlugPlay - ok
09:38:22.0294 0x1130 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:38:22.0309 0x1130 PNRPAutoReg - ok
09:38:22.0356 0x1130 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:38:22.0387 0x1130 PNRPsvc - ok
09:38:22.0465 0x1130 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:38:22.0512 0x1130 PolicyAgent - ok
09:38:22.0574 0x1130 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
09:38:22.0590 0x1130 Power - ok
09:38:22.0652 0x1130 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:38:22.0668 0x1130 PptpMiniport - ok
09:38:22.0684 0x1130 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
09:38:22.0699 0x1130 Processor - ok
09:38:22.0746 0x1130 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
09:38:22.0777 0x1130 ProfSvc - ok
09:38:22.0793 0x1130 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] ProtectedStorage C:\Windows\system32\lsass.exe
09:38:22.0808 0x1130 ProtectedStorage - ok
09:38:22.0840 0x1130 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:38:22.0855 0x1130 Psched - ok
09:38:23.0011 0x1130 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:38:23.0120 0x1130 ql2300 - ok
09:38:23.0183 0x1130 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:38:23.0183 0x1130 ql40xx - ok
09:38:23.0261 0x1130 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
09:38:23.0292 0x1130 QWAVE - ok
09:38:23.0323 0x1130 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:38:23.0339 0x1130 QWAVEdrv - ok
09:38:23.0354 0x1130 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:38:23.0370 0x1130 RasAcd - ok
09:38:23.0401 0x1130 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:38:23.0417 0x1130 RasAgileVpn - ok
09:38:23.0464 0x1130 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
09:38:23.0479 0x1130 RasAuto - ok
09:38:23.0510 0x1130 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:38:23.0526 0x1130 Rasl2tp - ok
09:38:23.0573 0x1130 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
09:38:23.0620 0x1130 RasMan - ok
09:38:23.0651 0x1130 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:38:23.0651 0x1130 RasPppoe - ok
09:38:23.0682 0x1130 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:38:23.0698 0x1130 RasSstp - ok
09:38:23.0776 0x1130 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:38:23.0791 0x1130 rdbss - ok
09:38:23.0822 0x1130 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:38:23.0822 0x1130 rdpbus - ok
09:38:23.0838 0x1130 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:38:23.0838 0x1130 RDPCDD - ok
09:38:23.0854 0x1130 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:38:23.0854 0x1130 RDPENCDD - ok
09:38:23.0885 0x1130 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:38:23.0885 0x1130 RDPREFMP - ok
09:38:23.0932 0x1130 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:38:23.0947 0x1130 RDPWD - ok
09:38:24.0010 0x1130 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:38:24.0025 0x1130 rdyboost - ok
09:38:24.0056 0x1130 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:38:24.0072 0x1130 RemoteAccess - ok
09:38:24.0103 0x1130 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:38:24.0119 0x1130 RemoteRegistry - ok
09:38:24.0181 0x1130 [ 085D18C71AB2611A3D61528132B6501E, 2AD2DD88EBD8C498E3043CDAA37E83C69F7FE2FD6B65524F631527555B80C112 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
09:38:24.0228 0x1130 RoxioNow Service - ok
09:38:24.0290 0x1130 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:38:24.0306 0x1130 RpcEptMapper - ok
09:38:24.0353 0x1130 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
09:38:24.0353 0x1130 RpcLocator - ok
09:38:24.0415 0x1130 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
09:38:24.0462 0x1130 RpcSs - ok
09:38:24.0556 0x1130 [ CFDFD15D2D26BB50B6F4BF2D4FE6FA70, 5764E6077DDF1FA5F6188C5EA1C2ED41FD1051D53231E17E5D64756EBA295126 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
09:38:24.0587 0x1130 RSPCIESTOR - ok
09:38:24.0649 0x1130 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:38:24.0649 0x1130 rspndr - ok
09:38:24.0712 0x1130 [ 3372196F61AF48503656EF6AA3E92D1B, 47816E28E9DE9F9698A47D7C7782D2F9E62D51A7BC92F91F2B23F818C61F2020 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:38:24.0758 0x1130 RTL8167 - ok
09:38:24.0790 0x1130 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] SamSs C:\Windows\system32\lsass.exe
09:38:24.0790 0x1130 SamSs - ok
09:38:24.0821 0x1130 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:38:24.0836 0x1130 sbp2port - ok
09:38:24.0883 0x1130 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:38:24.0914 0x1130 SCardSvr - ok
09:38:24.0930 0x1130 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:38:24.0946 0x1130 scfilter - ok
09:38:25.0039 0x1130 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
09:38:25.0148 0x1130 Schedule - ok
09:38:25.0211 0x1130 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:38:25.0211 0x1130 SCPolicySvc - ok
09:38:25.0304 0x1130 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
09:38:25.0304 0x1130 sdbus - ok
09:38:25.0367 0x1130 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:38:25.0382 0x1130 SDRSVC - ok
09:38:25.0429 0x1130 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:38:25.0445 0x1130 secdrv - ok
09:38:25.0460 0x1130 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
09:38:25.0476 0x1130 seclogon - ok
09:38:25.0492 0x1130 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
09:38:25.0507 0x1130 SENS - ok
09:38:25.0523 0x1130 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:38:25.0538 0x1130 SensrSvc - ok
09:38:25.0554 0x1130 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
09:38:25.0570 0x1130 Serenum - ok
09:38:25.0601 0x1130 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
09:38:25.0601 0x1130 Serial - ok
09:38:25.0648 0x1130 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:38:25.0663 0x1130 sermouse - ok
09:38:25.0726 0x1130 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
09:38:25.0741 0x1130 SessionEnv - ok
09:38:25.0772 0x1130 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:38:25.0772 0x1130 sffdisk - ok
09:38:25.0804 0x1130 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:38:25.0804 0x1130 sffp_mmc - ok
09:38:25.0819 0x1130 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:38:25.0819 0x1130 sffp_sd - ok
09:38:25.0866 0x1130 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:38:25.0866 0x1130 sfloppy - ok
09:38:25.0960 0x1130 [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
09:38:26.0038 0x1130 Sftfs - ok
09:38:26.0178 0x1130 [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:38:26.0209 0x1130 sftlist - ok
09:38:26.0256 0x1130 [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
09:38:26.0303 0x1130 Sftplay - ok
09:38:26.0318 0x1130 [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
09:38:26.0334 0x1130 Sftredir - ok
09:38:26.0365 0x1130 [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
09:38:26.0381 0x1130 Sftvol - ok
09:38:26.0428 0x1130 [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:38:26.0459 0x1130 sftvsa - ok
09:38:26.0537 0x1130 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:38:26.0584 0x1130 SharedAccess - ok
09:38:26.0630 0x1130 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:38:26.0646 0x1130 ShellHWDetection - ok
09:38:26.0693 0x1130 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:38:26.0693 0x1130 SiSRaid2 - ok
09:38:26.0724 0x1130 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:38:26.0740 0x1130 SiSRaid4 - ok
09:38:26.0833 0x1130 [ 0B70786BD1062CD4C6B58E412B9C3E55, 60ED027642FFF97BFFA55AE3EFFCCBB6D6AD8196D35E9ED06F9AF431E3C0402A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:38:26.0849 0x1130 SkypeUpdate - ok
09:38:26.0927 0x1130 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:38:26.0927 0x1130 Smb - ok
09:38:27.0005 0x1130 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:38:27.0020 0x1130 SNMPTRAP - ok
09:38:27.0036 0x1130 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
09:38:27.0036 0x1130 spldr - ok
09:38:27.0114 0x1130 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
09:38:27.0176 0x1130 Spooler - ok
09:38:27.0551 0x1130 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
09:38:27.0847 0x1130 sppsvc - ok
09:38:27.0878 0x1130 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:38:27.0894 0x1130 sppuinotify - ok
09:38:27.0972 0x1130 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:38:28.0019 0x1130 srv - ok
09:38:28.0066 0x1130 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:38:28.0112 0x1130 srv2 - ok
09:38:28.0175 0x1130 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:38:28.0206 0x1130 SrvHsfHDA - ok
09:38:28.0346 0x1130 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:38:28.0424 0x1130 SrvHsfV92 - ok
09:38:28.0487 0x1130 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:38:28.0534 0x1130 SrvHsfWinac - ok
09:38:28.0580 0x1130 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:38:28.0612 0x1130 srvnet - ok
09:38:28.0674 0x1130 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:38:28.0705 0x1130 SSDPSRV - ok
09:38:28.0721 0x1130 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:38:28.0736 0x1130 SstpSvc - ok
09:38:28.0877 0x1130 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0, AD540FB4F300731DE403FB95F110A0F3DBA25917A91EAB23966286DD88C98D17 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
09:38:28.0908 0x1130 STacSV - ok
09:38:28.0939 0x1130 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:38:28.0939 0x1130 stexstor - ok
09:38:29.0017 0x1130 [ EBA98394A7D58F7552C52192BD8FA7E6, 4238870E50132E87772300058B37E36973695CC1A5E62117EEF4B424C6A137E4 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
09:38:29.0080 0x1130 STHDA - ok
09:38:29.0189 0x1130 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
09:38:29.0251 0x1130 stisvc - ok
09:38:29.0329 0x1130 [ D506A2433E66CB0C6173697566047567, BB80723C850C93648BC10C392DFDE66A60F46357A40BAC35BC2BBBD243FA960B ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
09:38:29.0329 0x1130 SWDUMon - ok
09:38:29.0345 0x1130 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
09:38:29.0360 0x1130 swenum - ok
09:38:29.0438 0x1130 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
09:38:29.0501 0x1130 swprv - ok
09:38:29.0704 0x1130 [ C447977ED2A4AE9346FE3A0579A34D7C, 35A8F13AAB57549BBC1457AD86F44FEF2394E55841A1D6D6C5E029310E02F377 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:38:29.0828 0x1130 SynTP - ok
09:38:30.0016 0x1130 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
09:38:30.0172 0x1130 SysMain - ok
09:38:30.0250 0x1130 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:38:30.0265 0x1130 TabletInputService - ok
09:38:30.0312 0x1130 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
09:38:30.0359 0x1130 TapiSrv - ok
09:38:30.0390 0x1130 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
09:38:30.0406 0x1130 TBS - ok
09:38:30.0640 0x1130 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:38:30.0811 0x1130 Tcpip - ok
09:38:31.0014 0x1130 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:38:31.0139 0x1130 TCPIP6 - ok
09:38:31.0201 0x1130 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:38:31.0201 0x1130 tcpipreg - ok
09:38:31.0232 0x1130 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:38:31.0232 0x1130 TDPIPE - ok
09:38:31.0264 0x1130 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:38:31.0264 0x1130 TDTCP - ok
09:38:31.0310 0x1130 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:38:31.0310 0x1130 tdx - ok
09:38:31.0342 0x1130 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
09:38:31.0342 0x1130 TermDD - ok
09:38:31.0435 0x1130 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
09:38:31.0513 0x1130 TermService - ok
09:38:31.0560 0x1130 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
09:38:31.0591 0x1130 Themes - ok
09:38:31.0622 0x1130 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
09:38:31.0638 0x1130 THREADORDER - ok
09:38:31.0669 0x1130 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
09:38:31.0700 0x1130 TrkWks - ok
09:38:31.0763 0x1130 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:38:31.0794 0x1130 TrustedInstaller - ok
09:38:31.0841 0x1130 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:38:31.0841 0x1130 tssecsrv - ok
09:38:31.0888 0x1130 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:38:31.0903 0x1130 TsUsbFlt - ok
09:38:31.0934 0x1130 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:38:31.0950 0x1130 TsUsbGD - ok
09:38:31.0981 0x1130 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:38:31.0981 0x1130 tunnel - ok
09:38:32.0012 0x1130 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:38:32.0028 0x1130 uagp35 - ok
09:38:32.0059 0x1130 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:38:32.0090 0x1130 udfs - ok
09:38:32.0137 0x1130 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:38:32.0153 0x1130 UI0Detect - ok
09:38:32.0200 0x1130 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:38:32.0200 0x1130 uliagpkx - ok
09:38:32.0246 0x1130 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:38:32.0246 0x1130 umbus - ok
09:38:32.0293 0x1130 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
09:38:32.0293 0x1130 UmPass - ok
09:38:32.0340 0x1130 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
09:38:32.0387 0x1130 upnphost - ok
09:38:32.0449 0x1130 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:38:32.0465 0x1130 usbccgp - ok
09:38:32.0512 0x1130 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:38:32.0512 0x1130 usbcir - ok
09:38:32.0558 0x1130 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:38:32.0574 0x1130 usbehci - ok
09:38:32.0605 0x1130 [ 76E2FFAD301490BA27B947C6507752FB, A4C6FC5C3BF428C624D0792873CB01C8F16F49B0E8B36422025A1094F0AAE231 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
09:38:32.0605 0x1130 usbfilter - ok
09:38:32.0652 0x1130 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:38:32.0683 0x1130 usbhub - ok
09:38:32.0714 0x1130 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:38:32.0714 0x1130 usbohci - ok
09:38:32.0761 0x1130 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:38:32.0777 0x1130 usbprint - ok
09:38:32.0824 0x1130 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:38:32.0839 0x1130 usbscan - ok
09:38:32.0886 0x1130 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:38:32.0902 0x1130 USBSTOR - ok
09:38:32.0933 0x1130 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:38:32.0933 0x1130 usbuhci - ok
09:38:32.0995 0x1130 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:38:33.0011 0x1130 usbvideo - ok
09:38:33.0073 0x1130 [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
09:38:33.0073 0x1130 usb_rndisx - ok
09:38:33.0104 0x1130 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
09:38:33.0120 0x1130 UxSms - ok
09:38:33.0151 0x1130 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] VaultSvc C:\Windows\system32\lsass.exe
09:38:33.0167 0x1130 VaultSvc - ok
09:38:33.0260 0x1130 VBoxAswDrv - ok
09:38:33.0276 0x1130 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:38:33.0292 0x1130 vdrvroot - ok
09:38:33.0370 0x1130 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
09:38:33.0432 0x1130 vds - ok
09:38:33.0463 0x1130 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:38:33.0463 0x1130 vga - ok
09:38:33.0494 0x1130 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:38:33.0494 0x1130 VgaSave - ok
09:38:33.0557 0x1130 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:38:33.0572 0x1130 vhdmp - ok
09:38:33.0619 0x1130 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
09:38:33.0619 0x1130 viaide - ok
09:38:33.0650 0x1130 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:38:33.0650 0x1130 volmgr - ok
09:38:33.0682 0x1130 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:38:33.0713 0x1130 volmgrx - ok
09:38:33.0760 0x1130 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:38:33.0791 0x1130 volsnap - ok
09:38:33.0838 0x1130 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:38:33.0853 0x1130 vsmraid - ok
09:38:34.0009 0x1130 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
09:38:34.0150 0x1130 VSS - ok
09:38:34.0196 0x1130 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:38:34.0196 0x1130 vwifibus - ok
09:38:34.0212 0x1130 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:38:34.0228 0x1130 vwififlt - ok
09:38:34.0259 0x1130 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:38:34.0274 0x1130 vwifimp - ok
09:38:34.0337 0x1130 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
09:38:34.0384 0x1130 W32Time - ok
09:38:34.0446 0x1130 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:38:34.0446 0x1130 WacomPen - ok
09:38:34.0493 0x1130 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:38:34.0493 0x1130 WANARP - ok
09:38:34.0508 0x1130 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:38:34.0524 0x1130 Wanarpv6 - ok
09:38:34.0680 0x1130 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:38:34.0774 0x1130 WatAdminSvc - ok
09:38:34.0945 0x1130 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
09:38:35.0086 0x1130 wbengine - ok
09:38:35.0148 0x1130 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:38:35.0195 0x1130 WbioSrvc - ok
09:38:35.0257 0x1130 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:38:35.0304 0x1130 wcncsvc - ok
09:38:35.0320 0x1130 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:38:35.0351 0x1130 WcsPlugInService - ok
09:38:35.0398 0x1130 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
09:38:35.0398 0x1130 Wd - ok
09:38:35.0491 0x1130 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:38:35.0569 0x1130 Wdf01000 - ok
09:38:35.0632 0x1130 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:38:35.0647 0x1130 WdiServiceHost - ok
09:38:35.0663 0x1130 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:38:35.0679 0x1130 WdiSystemHost - ok
09:38:35.0741 0x1130 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
09:38:35.0772 0x1130 WebClient - ok
09:38:35.0819 0x1130 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:38:35.0866 0x1130 Wecsvc - ok
09:38:35.0881 0x1130 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:38:35.0913 0x1130 wercplsupport - ok
09:38:35.0944 0x1130 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
09:38:35.0959 0x1130 WerSvc - ok
09:38:36.0006 0x1130 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:38:36.0022 0x1130 WfpLwf - ok
09:38:36.0037 0x1130 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:38:36.0037 0x1130 WIMMount - ok
09:38:36.0069 0x1130 WinDefend - ok
09:38:36.0100 0x1130 WinHttpAutoProxySvc - ok
09:38:36.0178 0x1130 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:38:36.0209 0x1130 Winmgmt - ok
09:38:36.0427 0x1130 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
09:38:36.0599 0x1130 WinRM - ok
09:38:36.0708 0x1130 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
09:38:36.0708 0x1130 WinUsb - ok
09:38:36.0817 0x1130 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:38:36.0895 0x1130 Wlansvc - ok
09:38:36.0973 0x1130 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:38:36.0973 0x1130 wlcrasvc - ok
09:38:37.0207 0x1130 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:38:37.0395 0x1130 wlidsvc - ok
09:38:37.0441 0x1130 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:38:37.0457 0x1130 WmiAcpi - ok
09:38:37.0519 0x1130 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:38:37.0551 0x1130 wmiApSrv - ok
09:38:37.0582 0x1130 WMPNetworkSvc - ok
09:38:37.0629 0x1130 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:38:37.0629 0x1130 WPCSvc - ok
09:38:37.0660 0x1130 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:38:37.0691 0x1130 WPDBusEnum - ok
09:38:37.0722 0x1130 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:38:37.0738 0x1130 ws2ifsl - ok
09:38:37.0753 0x1130 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
09:38:37.0785 0x1130 wscsvc - ok
09:38:37.0800 0x1130 WSearch - ok
09:38:38.0034 0x1130 [ AA3E844A2595B1AA5825C70CA50D963E, F9C7D64D9563CA5167EC9B0D957473B55C02E9456E041AE2CDA6ABFA9641D176 ] wuauserv C:\Windows\system32\wuaueng.dll
09:38:38.0253 0x1130 wuauserv - ok
09:38:38.0299 0x1130 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:38:38.0299 0x1130 WudfPf - ok
09:38:38.0362 0x1130 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:38:38.0377 0x1130 WUDFRd - ok
09:38:38.0424 0x1130 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:38:38.0455 0x1130 wudfsvc - ok
09:38:38.0518 0x1130 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
09:38:38.0565 0x1130 WwanSvc - ok
carolb
Active Member
 
Posts: 12
Joined: July 21st, 2015, 12:46 pm

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby carolb » July 22nd, 2015, 12:48 pm

Gary- This is the 2nd part of the TDDSKiller log. Thanx.


09:38:38.0627 0x1130 ================ Scan global ===============================
09:38:38.0658 0x1130 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:38:38.0721 0x1130 [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
09:38:38.0799 0x1130 [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
09:38:38.0861 0x1130 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:38:38.0923 0x1130 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
09:38:38.0970 0x1130 [ Global ] - ok
09:38:38.0970 0x1130 ================ Scan MBR ==================================
09:38:38.0986 0x1130 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:38:39.0360 0x1130 \Device\Harddisk0\DR0 - ok
09:38:39.0376 0x1130 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR3
09:38:39.0376 0x1130 \Device\Harddisk1\DR3 - ok
09:38:39.0376 0x1130 ================ Scan VBR ==================================
09:38:39.0391 0x1130 [ 5BE6844E85B3DE453475AF5F1593DBAE ] \Device\Harddisk0\DR0\Partition1
09:38:39.0391 0x1130 \Device\Harddisk0\DR0\Partition1 - ok
09:38:39.0407 0x1130 [ 9C8ACB6E6347BC8FC512825B8A8A3FF1 ] \Device\Harddisk0\DR0\Partition2
09:38:39.0407 0x1130 \Device\Harddisk0\DR0\Partition2 - ok
09:38:39.0407 0x1130 [ 6949E474556DE81D3618B9CFDBE953F0 ] \Device\Harddisk0\DR0\Partition3
09:38:39.0423 0x1130 \Device\Harddisk0\DR0\Partition3 - ok
09:38:39.0423 0x1130 [ 34B63E320FA6540B3DCF589E887F43B5 ] \Device\Harddisk0\DR0\Partition4
09:38:39.0423 0x1130 \Device\Harddisk0\DR0\Partition4 - ok
09:38:39.0438 0x1130 [ 4AC09DC11F6BD3B54CDEA91DE1657CD3 ] \Device\Harddisk1\DR3\Partition1
09:38:39.0438 0x1130 \Device\Harddisk1\DR3\Partition1 - ok
09:38:39.0454 0x1130 ================ Scan generic autorun ======================
09:38:39.0454 0x1130 SynTPEnh - ok
09:38:39.0547 0x1130 [ D5A3EB5ED95E36B643E55F9F489FC8FC, 9DAE0075888E540659E6FC3FAB433108BF296CDF52DA11ECA4440E06E5187ED1 ] C:\Program Files\IDT\WDM\sttray64.exe
09:38:39.0641 0x1130 SysTrayApp - ok
09:38:39.0688 0x1130 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
09:38:39.0688 0x1130 Logitech Download Assistant - ok
09:38:39.0797 0x1130 [ 8C6F1392E80D9185399C7B8694EDC2AA, 0DB223C4F858C809D2746354B3EF605D8955B758AE58CB7AC0891A7B63ED1639 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
09:38:39.0844 0x1130 StartCCC - ok
09:38:39.0922 0x1130 [ D6CBDEA24FE913664FA65EAF92EE1222, 882A745BF50AAFB6126AEA00DFD0869EC3EC7E20C70164114C49D2E57600F740 ] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
09:38:39.0937 0x1130 HPConnectionManager - ok
09:38:40.0078 0x1130 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:38:40.0171 0x1130 Sidebar - ok
09:38:40.0218 0x1130 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:38:40.0218 0x1130 mctadmin - ok
09:38:40.0327 0x1130 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:38:40.0390 0x1130 Sidebar - ok
09:38:40.0421 0x1130 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:38:40.0437 0x1130 mctadmin - ok
09:38:40.0499 0x1130 GarminExpressTrayApp - ok
09:38:40.0499 0x1130 Waiting for KSN requests completion. In queue: 79
09:38:41.0513 0x1130 Waiting for KSN requests completion. In queue: 79
09:38:42.0527 0x1130 Waiting for KSN requests completion. In queue: 79
09:38:43.0666 0x1130 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
09:38:43.0681 0x1130 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41010 ( enabled )
09:38:46.0661 0x1130 ============================================================
09:38:46.0661 0x1130 Scan finished
09:38:46.0661 0x1130 ============================================================
09:38:46.0677 0x19cc Detected object count: 0
09:38:46.0677 0x19cc Actual detected object count: 0
carolb
Active Member
 
Posts: 12
Joined: July 21st, 2015, 12:46 pm

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby Gary R » July 22nd, 2015, 1:24 pm

Looks like Avast caught your rootkit before it had time to establish itself. So all we need to do is a little housekeeping.

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Search App by Ask


Reboot your computer once they're all uninstalled.

Old outdated versions of Java can be (and usually are) exploited. If you have Java installed, it is critical that you keep it updated to the latest version, and ensure that all earlier versions are removed.

To be honest, most people don't need to have Java installed, as very few websites use it these days. Do not mistake Java for Javascript, which is something entirely different, and used by almost every website. I haven't had Java on my machine for nearly 2 years now, and I can't remember the last site that needed me to have it.

If however you do have a need for it, then download and install the latest version ... https://java.com/en/download/

Next ...

Question .... Do you know why the following ports have been enabled in your firewall ?????

Port=2869
Port=1900


Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
Toolbar: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
2015-07-03 22:02 - 2015-07-03 22:02 - 00000000 ____D C:\Users\carol\AppData\Local\{6A9094BF-F3E2-4167-95C0-A96A7545C1E7}
2015-06-29 23:37 - 2015-06-29 23:37 - 00000000 ____D C:\Users\carol\AppData\Local\{718B5B7A-7BE9-4CBD-A034-6F8D40A52977}
2015-06-23 11:35 - 2015-06-23 11:35 - 00000000 ____D C:\Users\carol\AppData\Local\{CADD1C42-3BC2-40FB-BDAD-6A4583A1EE5C}
C:\Users\carol\AppData\Local\Temp\APNSetup.exe
C:\Users\carol\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplqaukl.dll
C:\Users\carol\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\carol\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\carol\AppData\Local\Temp\jre-8u31-windows-au.exe
Task: C:\Windows\Tasks\RegCure Pro_sch_2531AC9A-BD61-11E3-A6C2-78E3B550176D.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q= {SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-02-14]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-02-14]
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • Please answer the question about the 2 ports in your firewall
  • Please post me fixlog.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby carolb » July 23rd, 2015, 1:03 am

Hi Gary- Thanx again for all your help. I uninstalled the items as requested...it wouldn't do it until I closed out Chrome, is that standard for uninstalling things? I am a novice at all this.

I don't know anything about ports and firewalls, but the phrase itself makes me think it's bad to have open ports in my firewall, right? I have no idea why they are there or how they got there.

Below is the "fixlog.txt" that you requested.

Just out of curiosity, when I rebooted after the 'fix' as directed, when the laptop went thru startup it looked normal for the first 30 secs or so (blue start-up screen) but then it went black with only the white cursor arrow showing for about 60 secs. Was that normal?

Thanx a million times for all your help; you folks and your website are amazing, and a Godsend for sure ;-)



Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by carol at 2015-07-22 21:44:22 Run:1
Running from C:\Users\carol\Downloads
Loaded Profiles: carol (Available Profiles: carol)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Toolbar: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
2015-07-03 22:02 - 2015-07-03 22:02 - 00000000 ____D C:\Users\carol\AppData\Local\{6A9094BF-F3E2-4167-95C0-A96A7545C1E7}
2015-06-29 23:37 - 2015-06-29 23:37 - 00000000 ____D C:\Users\carol\AppData\Local\{718B5B7A-7BE9-4CBD-A034-6F8D40A52977}
2015-06-23 11:35 - 2015-06-23 11:35 - 00000000 ____D C:\Users\carol\AppData\Local\{CADD1C42-3BC2-40FB-BDAD-6A4583A1EE5C}
C:\Users\carol\AppData\Local\Temp\APNSetup.exe
C:\Users\carol\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplqaukl.dll
C:\Users\carol\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\carol\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\carol\AppData\Local\Temp\jre-8u31-windows-au.exe
Task: C:\Windows\Tasks\RegCure Pro_sch_2531AC9A-BD61-11E3-A6C2-78E3B550176D.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q= {searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-71845956-64373784-659071831-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q= {SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-02-14]
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-02-14]
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
*****************

HKU\S-1-5-21-71845956-64373784-659071831-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Users\carol\AppData\Local\{6A9094BF-F3E2-4167-95C0-A96A7545C1E7} => moved successfully.
C:\Users\carol\AppData\Local\{718B5B7A-7BE9-4CBD-A034-6F8D40A52977} => moved successfully.
C:\Users\carol\AppData\Local\{CADD1C42-3BC2-40FB-BDAD-6A4583A1EE5C} => moved successfully.
C:\Users\carol\AppData\Local\Temp\APNSetup.exe => moved successfully.
"C:\Users\carol\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplqaukl.dll" => File/Folder not found.
C:\Users\carol\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => moved successfully.
C:\Users\carol\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => moved successfully.
C:\Users\carol\AppData\Local\Temp\jre-8u31-windows-au.exe => moved successfully.
C:\Windows\Tasks\RegCure Pro_sch_2531AC9A-BD61-11E3-A6C2-78E3B550176D.job => moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-71845956-64373784-659071831-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-71845956-64373784-659071831-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf => key not found.
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx" => File/Folder not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf => key not found.
"C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx" => File/Folder not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 1.3 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:45:19 ====
carolb
Active Member
 
Posts: 12
Joined: July 21st, 2015, 12:46 pm

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby Gary R » July 23rd, 2015, 4:04 am

Yes, having open ports in your Firewall is a "vulnerability" that could potentially be exploited.

In this case one of the ports is a "listening" port used by Universal plug n play devices, so I think it's probably OK to leave it as it is, but the other port is not usually used by anything, so I think it's probably best that we close it. We can always open it again if closing it causes one of your legitimate programs to have problems connecting to the internet.

To do that ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
FirewallRules: [{E6978A87-05A2-4ABB-8BA7-4970B20A55DA}] => (Allow) LPort=2869

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


As far as your "problem" on bootup goes, it's normal to have an abnormal boot the first time after a fix, since many of the items scripted for removal can only be removed at bootup.

Try booting up again, and if you have any abnormal behaviour on any subsequent boots, then please let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby carolb » July 23rd, 2015, 10:17 am

Good Morning Gary :-) Here is the most recent 'fixlist' log.

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by carol at 2015-07-23 07:00:08 Run:2
Running from C:\Users\carol\Downloads
Loaded Profiles: carol (Available Profiles: carol)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FirewallRules: [{E6978A87-05A2-4ABB-8BA7-4970B20A55DA}] => (Allow) LPort=2869
*****************

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6978A87-05A2-4ABB-8BA7-4970B20A55DA} => value removed successfully

==== End of Fixlog 07:00:08 ====


So then, I'm assuming I am good to go? Everything is running smoothly now, even the little circle thing that spins while I'm waiting for something to open up spins MUCH faster now. You are amazing. Before I sign off, may I ask a few questions? I saw a lot of Dropbox entries in a log and the program pops up often...Dropbox is a sharing photos thing right? I'm not really sure how it works but if I put something (photos) in it it is out there for the world to have access to? Should/can I get rid of it? Or is it a better place to store pics than on my pc because I won't lose them in a pc crash?
Next question....are you allowed to make recommendations on how to keep my pc grime free? It seems like crud builds up real fast and simply deleting temp internet files doesn't do much good; things still build up. And are you allowed to talk about virus/malware protection? I have used various programs and most seem to bog this thing down and I've had some that interfere with one another and that is no good at all, and some pretty much put the pc on hold while they scan and some scans take forever. Any thoughts form your end would be much appreciated but I'd understand if you can't say anything.

Once again, THANX!!!!! Have a great day and a fabulous weekend :-)
carolb
Active Member
 
Posts: 12
Joined: July 21st, 2015, 12:46 pm

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby carolb » July 23rd, 2015, 10:18 am

Oh, I forgot to ask....should I delete all the logs and downloads that we just put on this thing?
carolb
Active Member
 
Posts: 12
Joined: July 21st, 2015, 12:46 pm

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby Gary R » July 23rd, 2015, 11:00 am

OK, in answer to some of your questions, now that we're finished it's time to remove the programs we've been using to clean your machine (and their attendant log files) ...

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes ...
    • Remove disinfection tools

    ... then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

As far as cleaning away your temp files etc. on a regular basis, I usually use the free version of ... CCleaner ... to clean temp files from my computer.

Just be sure when you install it to uncheck whatever pre-checked "bundled addition" that it comes with these days, and don't use the Registry option to clean your Registry, since like all registry cleaners it will do nothing to improve the performance of your machine, and could well cause damage (even if it doesn't intend to).

As for whether to keep drop-box or not, well really that's up to you. If you want to share your photos with others, then it's a perfectly good service, I use something similar at Photobucket, however if all you're wanting to do is back up your photos in case your computer crashes, then there's few things safer than making copies of them and saving them to an external drive.

A 32GByte Flash drive can cost as little as $10 these days, and a 320GByte plug-in drive can be picked up for about $35, so they're not particularly expensive.

Hope that's answered all your questions, if you have any more I'll be happy to answer them if I can.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Win32:rootkit-gen found, vaulted, is my pc safe now?

Unread postby carolb » July 23rd, 2015, 11:09 am

Hi Gary- Here is the log you requested. Everything seems fine so far and again I thank-you for your patience in helping me. If I do need more help, can I reach you directly or do I use the forum thing again? Have a super day :-)

# DelFix v1.010 - Logfile created 23/07/2015 at 08:07:01
# Updated 26/04/2015 by Xplode
# Username : carol - CAROL-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\RegBackup
Deleted : C:\TDSSKiller.3.0.0.44_22.07.2015_09.37.17_log.txt
Deleted : C:\Users\carol\Desktop\dds.txt
Deleted : C:\Users\carol\Downloads\Addition.txt
Deleted : C:\Users\carol\Downloads\dds.scr
Deleted : C:\Users\carol\Downloads\Fixlog.txt
Deleted : C:\Users\carol\Downloads\FRST.txt
Deleted : C:\Users\carol\Downloads\FRST64 (1).exe
Deleted : C:\Users\carol\Downloads\FRST64 (2).exe
Deleted : C:\Users\carol\Downloads\FRST64.exe
Deleted : C:\Users\carol\Downloads\tdsskiller.exe

########## - EOF - ##########
carolb
Active Member
 
Posts: 12
Joined: July 21st, 2015, 12:46 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 23 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware