Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Fake player update @ Hulu got me, now I'm ridin' dirty.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 14th, 2014, 4:39 pm

Decided to kill a little time and play vidya gamez, finding nothing goin on there I read some MSN news. Heres a snippet of my history doing that, and coming back here to post about it, i got atleast 5 mini windows and or new tab pop ups just navigating back to the post reply window.


Today - Sunday, September 14, 2014
4:32 PM
McAfee Promotion
-promos.mcafee.com (POPUP)
4:32 PM
http://home.mcafee.com/root/campaign.as ... ull&ctst=1
-home.mcafee.com (POPUP)
4:31 PM
Topic - Fake player update @ Hulu got me, now I'm ridin' dirty.
-www.malwareremoval.com
4:31 PM
User Control Panel • Viewing user control panel - Information
-www.malwareremoval.com
4:31 PM
Watch Now
-www.yourmediahq.com (POPUP)
4:31 PM
Free Malware Removal Forum
-www.malwareremoval.com
4:30 PM
Fake player update @ Hulu got me, now I'm ridin' dirty. | Free Malware Removal Forum
-www.malwareremoval.com
4:30 PM
Loading....
-click.dealshark.com (POPUP)
4:30 PM
bidder.tlvmedia.com etc from fake "Flash Player Update" | Free Malware Removal Forum
-www.malwareremoval.com (my link in speed dial to get back to this forum)
4:27 PM
Ryan Watenpaugh dog - Bing
-www.bing.com
4:27 PM
MSN.com
-www.msn.com
4:26 PM
Statue of singer Amy Winehouse unveiled in London - MSN Music News
-music.msn.com
4:24 PM
Purifier
-purifier.cc (POPUP)
4:23 PM
http://news.msn.com/pop-culture/failed- ... s#image=19
-news.msn.com
4:19 PM
Loading....
-coreclickhoo.com (POPUP)
4:18 PM
Kanye stops concert to tell wheelchair-bound audience members to stand up - MSN Music News
-music.msn.com
4:16 PM
flix123 - Watch Movies Instantly Online
-flix123.com (POPUP)
4:15 PM
Survey
-annualconsumersurvey.com (POPUP)
4:15 PM
Loading....
-coreclickhoo.com (POPUP)
4:14 PM
Black actress Daniele Watts handcuffed by police after kissing white husband: report | Story | Wonderwall
-wonderwall.msn.com
4:06 PM
No Hassle Car Insurance Quotes
-www.cheapinsurance.com (POPUP)
4:06 PM
live window msn Survey
-annualconsumersurvey.com (POPUP)
4:06 PM
Loading....
-coreclickhoo.com (POPUP)
4:05 PM
10 things America stopped buying- MSN Money
-money.msn.com
3:36 PM
Charter Communications Customer Survey (POPUP)
-certified.systems
3:36 PM
Loading....
-coreclickhoo.com (POPUP)
3:34 PM
Feds chase treasure hunter turned fugitive
-news.msn.com


and im fairly sure only loaded pages/tabs show on the history, not pop bubbles, small window adverts.
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm
Advertisement
Register to Remove

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 15th, 2014, 1:22 pm

Hello misfit21ca,

Thank you thus far for your time and effort on my behalf. Thank you.
You are welcome, Joshua! :D But we are not finished yet...
Now for the deletion of user data in opera to reset it. Those instructions were easily completed but made me wonder should that be done for the other browsers on the computer. there is also internet exploder, and chrome. I mainly use Opera, used the chrome to watch netflix, and rarely ever use internet exploder. mostly only if I'm having trouble with a webpage in opera. So that brings me to downloading the tools again with the rebuilt opera.
There are a lot of Internet browsers - the first three of them (Internet Explorer - Microsoft main one, included to Windows system by default and non-alternative to use with Windows updates - not the best browser but popular; Chrome from Google; and FireFox from Mozilla) used in most cases by most of people in the world. It means that such browsers are more secured, fast, tested, etc.
The Opera, Safari, Onion, Dolphin, etc. are less popular and some how less useful - there are more often such cases when webpages have troubles with opening or processing.

To make the right decision about resetting Internet Explorer and Chrome, I need to know the situation with them regarding pop-ups. Please tell me...

In the meantime, let continue:

Step 1.
TDSSKiller - Rootkit Removal Tool Image
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator...".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. Click Change parameters
  4. Under Additional Options CHECK Verify file digital signatures
  5. IMPORTANT: Ensure Detect TDLFS file system remains UNCHECKED.
  6. Click OK if changes were made.
  7. Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure SKIP is selected... then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    DO NOT change the default actions, other than CURE to SKIP.
  8. You may be asked to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  9. A log will be created on your root drive (usually C:) drive. The log will have a name like Name.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  10. If no reboot is required, click on Report. A log file should appear.
  11. Please post the contents of the log file in your next reply

Step 2.
ZOEK Auto Clean
  1. First please Disable any Antivirus you have active, as shown in This topic.
    Note: Don't forget to re-enable it after the scan.
  2. Next please download zoek.exe and save it to your desktop.
  3. Close any open browsers.
  4. Right click on zoek.exe and select "Run as administrator..." to run it.
  5. Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  6. Click the More Options button below the large panel and check the box:
    • Auto Clean
  7. Click on Run script button
  8. Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  9. Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  3. Contents of the zoek-results.log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 15th, 2014, 9:40 pm

18:49:14.0969 0x0294 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
18:49:26.0117 0x0294 ============================================================
18:49:26.0117 0x0294 Current date / time: 2014/09/15 18:49:26.0117
18:49:26.0117 0x0294 SystemInfo:
18:49:26.0117 0x0294
18:49:26.0117 0x0294 OS Version: 6.1.7601 ServicePack: 1.0
18:49:26.0117 0x0294 Product type: Workstation
18:49:26.0117 0x0294 ComputerName: 700GR
18:49:26.0119 0x0294 UserName: Joshua
18:49:26.0119 0x0294 Windows directory: C:\Windows
18:49:26.0119 0x0294 System windows directory: C:\Windows
18:49:26.0119 0x0294 Running under WOW64
18:49:26.0119 0x0294 Processor architecture: Intel x64
18:49:26.0119 0x0294 Number of processors: 2
18:49:26.0119 0x0294 Page size: 0x1000
18:49:26.0119 0x0294 Boot type: Normal boot
18:49:26.0119 0x0294 ============================================================
18:49:27.0707 0x0294 KLMD registered as C:\Windows\system32\drivers\82577931.sys
18:49:27.0897 0x0294 System UUID: {563A323C-96E6-56BA-4421-77DFB3E9A05C}
18:49:28.0541 0x0294 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:49:28.0563 0x0294 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:49:28.0754 0x0294 ============================================================
18:49:28.0754 0x0294 \Device\Harddisk0\DR0:
18:49:28.0754 0x0294 MBR partitions:
18:49:28.0754 0x0294 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEFFD800
18:49:28.0754 0x0294 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEFFE000, BlocksNum 0x2B387000
18:49:28.0754 0x0294 \Device\Harddisk1\DR1:
18:49:28.0754 0x0294 MBR partitions:
18:49:28.0754 0x0294 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
18:49:28.0754 0x0294 ============================================================
18:49:28.0775 0x0294 C: <-> \Device\Harddisk0\DR0\Partition2
18:49:28.0789 0x0294 D: <-> \Device\Harddisk0\DR0\Partition1
18:49:28.0796 0x0294 F: <-> \Device\Harddisk1\DR1\Partition1
18:49:28.0796 0x0294 ============================================================
18:49:28.0796 0x0294 Initialize success
18:49:28.0796 0x0294 ============================================================
18:50:20.0165 0x0dd8 ============================================================
18:50:20.0165 0x0dd8 Scan started
18:50:20.0165 0x0dd8 Mode: Manual;
18:50:20.0165 0x0dd8 ============================================================
18:50:20.0165 0x0dd8 KSN ping started
18:50:23.0487 0x0dd8 KSN ping finished: true
18:50:24.0314 0x0dd8 ================ Scan system memory ========================
18:50:24.0314 0x0dd8 System memory - ok
18:50:24.0314 0x0dd8 ================ Scan services =============================
18:50:24.0439 0x0dd8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:50:24.0439 0x0dd8 1394ohci - ok
18:50:24.0501 0x0dd8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:50:24.0517 0x0dd8 ACPI - ok
18:50:24.0533 0x0dd8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:50:24.0533 0x0dd8 AcpiPmi - ok
18:50:24.0626 0x0dd8 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:50:24.0626 0x0dd8 AdobeARMservice - ok
18:50:24.0704 0x0dd8 [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:50:24.0720 0x0dd8 AdobeFlashPlayerUpdateSvc - ok
18:50:24.0751 0x0dd8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:50:24.0767 0x0dd8 adp94xx - ok
18:50:24.0782 0x0dd8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:50:24.0798 0x0dd8 adpahci - ok
18:50:24.0813 0x0dd8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:50:24.0813 0x0dd8 adpu320 - ok
18:50:24.0845 0x0dd8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:50:24.0845 0x0dd8 AeLookupSvc - ok
18:50:24.0876 0x0dd8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
18:50:24.0891 0x0dd8 AFD - ok
18:50:24.0907 0x0dd8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
18:50:24.0923 0x0dd8 agp440 - ok
18:50:24.0938 0x0dd8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
18:50:24.0938 0x0dd8 ALG - ok
18:50:24.0954 0x0dd8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
18:50:24.0954 0x0dd8 aliide - ok
18:50:24.0985 0x0dd8 [ D45D3540C5AE2A48C6112DF03F06F374, FEEA22BC629D2F25321293763BBB690959B7DFA2573B922C9D7F462DFEE52647 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:50:25.0001 0x0dd8 AMD External Events Utility - ok
18:50:25.0032 0x0dd8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
18:50:25.0032 0x0dd8 amdide - ok
18:50:25.0032 0x0dd8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:50:25.0047 0x0dd8 AmdK8 - ok
18:50:25.0422 0x0dd8 [ 5B871F3E4A4A6C4693A413E3138B51D0, 3A1C4595F72DA0A852043624E52B3BE87BBC4D1AFDD09624E3EAD328D0B78310 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:50:25.0781 0x0dd8 amdkmdag - ok
18:50:25.0843 0x0dd8 [ 9BE1140CE8D2C5E878F136A7B85D41B3, DF3CABB90CC36ADCB71BF85CFE23BCD315D7DC301773E9856A6854B95740B2E2 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:50:25.0859 0x0dd8 amdkmdap - ok
18:50:25.0874 0x0dd8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:50:25.0874 0x0dd8 AmdPPM - ok
18:50:25.0921 0x0dd8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:50:25.0921 0x0dd8 amdsata - ok
18:50:25.0952 0x0dd8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:50:25.0952 0x0dd8 amdsbs - ok
18:50:25.0968 0x0dd8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:50:25.0968 0x0dd8 amdxata - ok
18:50:25.0983 0x0dd8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
18:50:25.0983 0x0dd8 AppID - ok
18:50:25.0999 0x0dd8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:50:25.0999 0x0dd8 AppIDSvc - ok
18:50:26.0030 0x0dd8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
18:50:26.0030 0x0dd8 Appinfo - ok
18:50:26.0061 0x0dd8 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
18:50:26.0077 0x0dd8 AppMgmt - ok
18:50:26.0093 0x0dd8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
18:50:26.0093 0x0dd8 arc - ok
18:50:26.0108 0x0dd8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:50:26.0108 0x0dd8 arcsas - ok
18:50:26.0186 0x0dd8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:50:26.0186 0x0dd8 aspnet_state - ok
18:50:26.0202 0x0dd8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:50:26.0202 0x0dd8 AsyncMac - ok
18:50:26.0217 0x0dd8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
18:50:26.0217 0x0dd8 atapi - ok
18:50:26.0264 0x0dd8 [ B0790FF0E25B7A2674296052F2162C1A, 930D1A09E93117E081C532D6EDB1E870736AE3806D13AE7F0C7748FD4EAB3D89 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:50:26.0264 0x0dd8 AtiHDAudioService - ok
18:50:26.0654 0x0dd8 [ 5B871F3E4A4A6C4693A413E3138B51D0, 3A1C4595F72DA0A852043624E52B3BE87BBC4D1AFDD09624E3EAD328D0B78310 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:50:26.0888 0x0dd8 atikmdag - ok
18:50:26.0951 0x0dd8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:50:26.0966 0x0dd8 AudioEndpointBuilder - ok
18:50:26.0997 0x0dd8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:50:27.0013 0x0dd8 AudioSrv - ok
18:50:27.0044 0x0dd8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:50:27.0044 0x0dd8 AxInstSV - ok
18:50:27.0075 0x0dd8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:50:27.0091 0x0dd8 b06bdrv - ok
18:50:27.0122 0x0dd8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:50:27.0122 0x0dd8 b57nd60a - ok
18:50:27.0153 0x0dd8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
18:50:27.0153 0x0dd8 BDESVC - ok
18:50:27.0169 0x0dd8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
18:50:27.0169 0x0dd8 Beep - ok
18:50:27.0216 0x0dd8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
18:50:27.0231 0x0dd8 BFE - ok
18:50:27.0294 0x0dd8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
18:50:27.0325 0x0dd8 BITS - ok
18:50:27.0341 0x0dd8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:50:27.0341 0x0dd8 blbdrive - ok
18:50:27.0372 0x0dd8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:50:27.0372 0x0dd8 bowser - ok
18:50:27.0387 0x0dd8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:50:27.0387 0x0dd8 BrFiltLo - ok
18:50:27.0403 0x0dd8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:50:27.0403 0x0dd8 BrFiltUp - ok
18:50:27.0419 0x0dd8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
18:50:27.0434 0x0dd8 Browser - ok
18:50:27.0450 0x0dd8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:50:27.0465 0x0dd8 Brserid - ok
18:50:27.0481 0x0dd8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:50:27.0481 0x0dd8 BrSerWdm - ok
18:50:27.0497 0x0dd8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:50:27.0497 0x0dd8 BrUsbMdm - ok
18:50:27.0512 0x0dd8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:50:27.0512 0x0dd8 BrUsbSer - ok
18:50:27.0528 0x0dd8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:50:27.0528 0x0dd8 BTHMODEM - ok
18:50:27.0543 0x0dd8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
18:50:27.0543 0x0dd8 bthserv - ok
18:50:27.0575 0x0dd8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:50:27.0575 0x0dd8 cdfs - ok
18:50:27.0590 0x0dd8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:50:27.0590 0x0dd8 cdrom - ok
18:50:27.0606 0x0dd8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
18:50:27.0621 0x0dd8 CertPropSvc - ok
18:50:27.0637 0x0dd8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
18:50:27.0637 0x0dd8 circlass - ok
18:50:27.0668 0x0dd8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
18:50:27.0668 0x0dd8 CLFS - ok
18:50:27.0715 0x0dd8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:50:27.0715 0x0dd8 clr_optimization_v2.0.50727_32 - ok
18:50:27.0762 0x0dd8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:50:27.0777 0x0dd8 clr_optimization_v2.0.50727_64 - ok
18:50:27.0840 0x0dd8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:50:27.0855 0x0dd8 clr_optimization_v4.0.30319_32 - ok
18:50:27.0871 0x0dd8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:50:27.0887 0x0dd8 clr_optimization_v4.0.30319_64 - ok
18:50:27.0918 0x0dd8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:50:27.0933 0x0dd8 CmBatt - ok
18:50:27.0949 0x0dd8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:50:27.0949 0x0dd8 cmdide - ok
18:50:27.0980 0x0dd8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
18:50:27.0996 0x0dd8 CNG - ok
18:50:28.0011 0x0dd8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:50:28.0011 0x0dd8 Compbatt - ok
18:50:28.0027 0x0dd8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:50:28.0043 0x0dd8 CompositeBus - ok
18:50:28.0043 0x0dd8 COMSysApp - ok
18:50:28.0058 0x0dd8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:50:28.0058 0x0dd8 crcdisk - ok
18:50:28.0089 0x0dd8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:50:28.0089 0x0dd8 CryptSvc - ok
18:50:28.0121 0x0dd8 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
18:50:28.0136 0x0dd8 CSC - ok
18:50:28.0183 0x0dd8 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
18:50:28.0199 0x0dd8 CscService - ok
18:50:28.0245 0x0dd8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:50:28.0261 0x0dd8 DcomLaunch - ok
18:50:28.0292 0x0dd8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
18:50:28.0292 0x0dd8 defragsvc - ok
18:50:28.0308 0x0dd8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:50:28.0323 0x0dd8 DfsC - ok
18:50:28.0355 0x0dd8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:50:28.0355 0x0dd8 Dhcp - ok
18:50:28.0370 0x0dd8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
18:50:28.0370 0x0dd8 discache - ok
18:50:28.0386 0x0dd8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
18:50:28.0386 0x0dd8 Disk - ok
18:50:28.0417 0x0dd8 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:50:28.0417 0x0dd8 dmvsc - ok
18:50:28.0448 0x0dd8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:50:28.0448 0x0dd8 Dnscache - ok
18:50:28.0479 0x0dd8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
18:50:28.0479 0x0dd8 dot3svc - ok
18:50:28.0511 0x0dd8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
18:50:28.0511 0x0dd8 DPS - ok
18:50:28.0542 0x0dd8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:50:28.0542 0x0dd8 drmkaud - ok
18:50:28.0604 0x0dd8 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:50:28.0620 0x0dd8 DXGKrnl - ok
18:50:28.0651 0x0dd8 [ 9F52D149EF61F90E0C901A86C2BCE447, 128A542DEA6D7D07B705E4E81CF401D2C359834E1940AA67197EC9AC7130EEB6 ] E100B C:\Windows\system32\DRIVERS\efe5b32e.sys
18:50:28.0651 0x0dd8 E100B - ok
18:50:28.0682 0x0dd8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
18:50:28.0682 0x0dd8 EapHost - ok
18:50:28.0807 0x0dd8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:50:28.0916 0x0dd8 ebdrv - ok
18:50:28.0947 0x0dd8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
18:50:28.0963 0x0dd8 EFS - ok
18:50:29.0010 0x0dd8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:50:29.0025 0x0dd8 ehRecvr - ok
18:50:29.0041 0x0dd8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
18:50:29.0057 0x0dd8 ehSched - ok
18:50:29.0088 0x0dd8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:50:29.0103 0x0dd8 elxstor - ok
18:50:29.0166 0x0dd8 EraserUtilRebootDrv - ok
18:50:29.0166 0x0dd8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:50:29.0181 0x0dd8 ErrDev - ok
18:50:29.0213 0x0dd8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
18:50:29.0228 0x0dd8 EventSystem - ok
18:50:29.0244 0x0dd8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
18:50:29.0259 0x0dd8 exfat - ok
18:50:29.0275 0x0dd8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:50:29.0275 0x0dd8 fastfat - ok
18:50:29.0322 0x0dd8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
18:50:29.0337 0x0dd8 Fax - ok
18:50:29.0353 0x0dd8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
18:50:29.0369 0x0dd8 fdc - ok
18:50:29.0369 0x0dd8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
18:50:29.0369 0x0dd8 fdPHost - ok
18:50:29.0384 0x0dd8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
18:50:29.0384 0x0dd8 FDResPub - ok
18:50:29.0400 0x0dd8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:50:29.0400 0x0dd8 FileInfo - ok
18:50:29.0415 0x0dd8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:50:29.0415 0x0dd8 Filetrace - ok
18:50:29.0431 0x0dd8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:50:29.0431 0x0dd8 flpydisk - ok
18:50:29.0478 0x0dd8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:50:29.0478 0x0dd8 FltMgr - ok
18:50:29.0540 0x0dd8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
18:50:29.0587 0x0dd8 FontCache - ok
18:50:29.0634 0x0dd8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:50:29.0634 0x0dd8 FontCache3.0.0.0 - ok
18:50:29.0649 0x0dd8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:50:29.0649 0x0dd8 FsDepends - ok
18:50:29.0665 0x0dd8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:50:29.0681 0x0dd8 Fs_Rec - ok
18:50:29.0712 0x0dd8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:50:29.0712 0x0dd8 fvevol - ok
18:50:29.0743 0x0dd8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:50:29.0743 0x0dd8 gagp30kx - ok
18:50:29.0774 0x0dd8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
18:50:29.0805 0x0dd8 gpsvc - ok
18:50:29.0837 0x0dd8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:50:29.0837 0x0dd8 gupdate - ok
18:50:29.0852 0x0dd8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:50:29.0852 0x0dd8 gupdatem - ok
18:50:29.0930 0x0dd8 [ 0A9D58AABD01DA97B1D101473EFA7659, C18EA4F5BF569C230AD682A418F69B6E4209AD467BCCBDABD0515DBB582BF04B ] gzflt C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys
18:50:29.0930 0x0dd8 gzflt - ok
18:50:29.0961 0x0dd8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:50:29.0961 0x0dd8 hcw85cir - ok
18:50:29.0993 0x0dd8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:50:30.0008 0x0dd8 HdAudAddService - ok
18:50:30.0024 0x0dd8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:50:30.0024 0x0dd8 HDAudBus - ok
18:50:30.0039 0x0dd8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:50:30.0039 0x0dd8 HidBatt - ok
18:50:30.0071 0x0dd8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:50:30.0071 0x0dd8 HidBth - ok
18:50:30.0086 0x0dd8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
18:50:30.0086 0x0dd8 HidIr - ok
18:50:30.0102 0x0dd8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
18:50:30.0102 0x0dd8 hidserv - ok
18:50:30.0133 0x0dd8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:50:30.0133 0x0dd8 HidUsb - ok
18:50:30.0164 0x0dd8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:50:30.0164 0x0dd8 hkmsvc - ok
18:50:30.0180 0x0dd8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:50:30.0195 0x0dd8 HomeGroupListener - ok
18:50:30.0211 0x0dd8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:50:30.0211 0x0dd8 HomeGroupProvider - ok
18:50:30.0242 0x0dd8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:50:30.0242 0x0dd8 HpSAMD - ok
18:50:30.0273 0x0dd8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:50:30.0289 0x0dd8 HTTP - ok
18:50:30.0320 0x0dd8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:50:30.0320 0x0dd8 hwpolicy - ok
18:50:30.0336 0x0dd8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:50:30.0336 0x0dd8 i8042prt - ok
18:50:30.0383 0x0dd8 [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:50:30.0398 0x0dd8 iaStor - ok
18:50:30.0429 0x0dd8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:50:30.0429 0x0dd8 iaStorV - ok
18:50:30.0507 0x0dd8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:50:30.0539 0x0dd8 idsvc - ok
18:50:30.0570 0x0dd8 IEEtwCollectorService - ok
18:50:30.0773 0x0dd8 [ 24CC43ECDEEFD4C19FBBEE4951B647F1, 416799965E6602F8F03E2A92E8BB42B1D5643C65EF09815FC5A56A2FA73E6773 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:50:30.0975 0x0dd8 igfx - ok
18:50:31.0007 0x0dd8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:50:31.0007 0x0dd8 iirsp - ok
18:50:31.0053 0x0dd8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
18:50:31.0085 0x0dd8 IKEEXT - ok
18:50:31.0116 0x0dd8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
18:50:31.0116 0x0dd8 intelide - ok
18:50:31.0131 0x0dd8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:50:31.0147 0x0dd8 intelppm - ok
18:50:31.0163 0x0dd8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:50:31.0163 0x0dd8 IPBusEnum - ok
18:50:31.0178 0x0dd8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:50:31.0178 0x0dd8 IpFilterDriver - ok
18:50:31.0209 0x0dd8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:50:31.0225 0x0dd8 iphlpsvc - ok
18:50:31.0256 0x0dd8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:50:31.0256 0x0dd8 IPMIDRV - ok
18:50:31.0272 0x0dd8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:50:31.0272 0x0dd8 IPNAT - ok
18:50:31.0287 0x0dd8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:50:31.0287 0x0dd8 IRENUM - ok
18:50:31.0319 0x0dd8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:50:31.0319 0x0dd8 isapnp - ok
18:50:31.0350 0x0dd8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:50:31.0350 0x0dd8 iScsiPrt - ok
18:50:31.0381 0x0dd8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:50:31.0381 0x0dd8 kbdclass - ok
18:50:31.0397 0x0dd8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:50:31.0412 0x0dd8 kbdhid - ok
18:50:31.0412 0x0dd8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
18:50:31.0412 0x0dd8 KeyIso - ok
18:50:31.0443 0x0dd8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:50:31.0443 0x0dd8 KSecDD - ok
18:50:31.0475 0x0dd8 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:50:31.0475 0x0dd8 KSecPkg - ok
18:50:31.0475 0x0dd8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:50:31.0475 0x0dd8 ksthunk - ok
18:50:31.0506 0x0dd8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
18:50:31.0521 0x0dd8 KtmRm - ok
18:50:31.0553 0x0dd8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:50:31.0568 0x0dd8 LanmanServer - ok
18:50:31.0599 0x0dd8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:50:31.0599 0x0dd8 LanmanWorkstation - ok
18:50:31.0693 0x0dd8 [ 4E99C77779FD7D844CF6DB2AD884C377, 1744C1A58EA49D6E11802CCC07908C017724ED6B0D71A53C773ABC8113368BC0 ] LavasoftAdAwareService11 C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
18:50:31.0724 0x0dd8 LavasoftAdAwareService11 - ok
18:50:31.0755 0x0dd8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:50:31.0755 0x0dd8 lltdio - ok
18:50:31.0787 0x0dd8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:50:31.0802 0x0dd8 lltdsvc - ok
18:50:31.0802 0x0dd8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:50:31.0818 0x0dd8 lmhosts - ok
18:50:31.0833 0x0dd8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:50:31.0849 0x0dd8 LSI_FC - ok
18:50:31.0865 0x0dd8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:50:31.0865 0x0dd8 LSI_SAS - ok
18:50:31.0880 0x0dd8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:50:31.0880 0x0dd8 LSI_SAS2 - ok
18:50:31.0896 0x0dd8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:50:31.0896 0x0dd8 LSI_SCSI - ok
18:50:31.0927 0x0dd8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
18:50:31.0927 0x0dd8 luafv - ok
18:50:31.0958 0x0dd8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:50:31.0958 0x0dd8 Mcx2Svc - ok
18:50:31.0974 0x0dd8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
18:50:31.0974 0x0dd8 megasas - ok
18:50:31.0989 0x0dd8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:50:32.0005 0x0dd8 MegaSR - ok
18:50:32.0036 0x0dd8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
18:50:32.0036 0x0dd8 MMCSS - ok
18:50:32.0052 0x0dd8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
18:50:32.0052 0x0dd8 Modem - ok
18:50:32.0067 0x0dd8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:50:32.0067 0x0dd8 monitor - ok
18:50:32.0083 0x0dd8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:50:32.0083 0x0dd8 mouclass - ok
18:50:32.0099 0x0dd8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:50:32.0099 0x0dd8 mouhid - ok
18:50:32.0130 0x0dd8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:50:32.0130 0x0dd8 mountmgr - ok
18:50:32.0145 0x0dd8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
18:50:32.0145 0x0dd8 mpio - ok
18:50:32.0177 0x0dd8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:50:32.0177 0x0dd8 mpsdrv - ok
18:50:32.0208 0x0dd8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:50:32.0239 0x0dd8 MpsSvc - ok
18:50:32.0286 0x0dd8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:50:32.0301 0x0dd8 MRxDAV - ok
18:50:32.0333 0x0dd8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:50:32.0333 0x0dd8 mrxsmb - ok
18:50:32.0348 0x0dd8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:50:32.0364 0x0dd8 mrxsmb10 - ok
18:50:32.0379 0x0dd8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:50:32.0379 0x0dd8 mrxsmb20 - ok
18:50:32.0395 0x0dd8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
18:50:32.0395 0x0dd8 msahci - ok
18:50:32.0411 0x0dd8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:50:32.0411 0x0dd8 msdsm - ok
18:50:32.0442 0x0dd8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
18:50:32.0442 0x0dd8 MSDTC - ok
18:50:32.0457 0x0dd8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:50:32.0457 0x0dd8 Msfs - ok
18:50:32.0489 0x0dd8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:50:32.0489 0x0dd8 mshidkmdf - ok
18:50:32.0489 0x0dd8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:50:32.0489 0x0dd8 msisadrv - ok
18:50:32.0520 0x0dd8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:50:32.0535 0x0dd8 MSiSCSI - ok
18:50:32.0535 0x0dd8 msiserver - ok
18:50:32.0551 0x0dd8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:50:32.0551 0x0dd8 MSKSSRV - ok
18:50:32.0582 0x0dd8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:50:32.0582 0x0dd8 MSPCLOCK - ok
18:50:32.0582 0x0dd8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:50:32.0598 0x0dd8 MSPQM - ok
18:50:32.0613 0x0dd8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:50:32.0629 0x0dd8 MsRPC - ok
18:50:32.0645 0x0dd8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:50:32.0645 0x0dd8 mssmbios - ok
18:50:32.0660 0x0dd8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:50:32.0660 0x0dd8 MSTEE - ok
18:50:32.0676 0x0dd8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:50:32.0676 0x0dd8 MTConfig - ok
18:50:32.0691 0x0dd8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
18:50:32.0691 0x0dd8 Mup - ok
18:50:32.0723 0x0dd8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
18:50:32.0738 0x0dd8 napagent - ok
18:50:32.0769 0x0dd8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:50:32.0785 0x0dd8 NativeWifiP - ok
18:50:32.0832 0x0dd8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
18:50:32.0863 0x0dd8 NDIS - ok
18:50:32.0894 0x0dd8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:50:32.0894 0x0dd8 NdisCap - ok
18:50:32.0910 0x0dd8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:50:32.0910 0x0dd8 NdisTapi - ok
18:50:32.0941 0x0dd8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:50:32.0941 0x0dd8 Ndisuio - ok
18:50:32.0957 0x0dd8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:50:32.0957 0x0dd8 NdisWan - ok
18:50:32.0972 0x0dd8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:50:32.0972 0x0dd8 NDProxy - ok
18:50:33.0003 0x0dd8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:50:33.0003 0x0dd8 NetBIOS - ok
18:50:33.0019 0x0dd8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:50:33.0035 0x0dd8 NetBT - ok
18:50:33.0050 0x0dd8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
18:50:33.0050 0x0dd8 Netlogon - ok
18:50:33.0081 0x0dd8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
18:50:33.0097 0x0dd8 Netman - ok
18:50:33.0144 0x0dd8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:50:33.0144 0x0dd8 NetMsmqActivator - ok
18:50:33.0159 0x0dd8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:50:33.0175 0x0dd8 NetPipeActivator - ok
18:50:33.0191 0x0dd8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
18:50:33.0206 0x0dd8 netprofm - ok
18:50:33.0206 0x0dd8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:50:33.0222 0x0dd8 NetTcpActivator - ok
18:50:33.0222 0x0dd8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:50:33.0222 0x0dd8 NetTcpPortSharing - ok
18:50:33.0253 0x0dd8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:50:33.0253 0x0dd8 nfrd960 - ok
18:50:33.0284 0x0dd8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:50:33.0284 0x0dd8 NlaSvc - ok
18:50:33.0300 0x0dd8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:50:33.0315 0x0dd8 Npfs - ok
18:50:33.0315 0x0dd8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
18:50:33.0315 0x0dd8 nsi - ok
18:50:33.0331 0x0dd8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:50:33.0331 0x0dd8 nsiproxy - ok
18:50:33.0409 0x0dd8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:50:33.0456 0x0dd8 Ntfs - ok
18:50:33.0471 0x0dd8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
18:50:33.0487 0x0dd8 Null - ok
18:50:33.0518 0x0dd8 [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
18:50:33.0518 0x0dd8 nusb3hub - ok
18:50:33.0549 0x0dd8 [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
18:50:33.0549 0x0dd8 nusb3xhc - ok
18:50:33.0596 0x0dd8 [ 7FD5C060CB907489A5702F628226F54A, 56101B878DCBFDEF4D5C8BBC6BE0D7710108E651809812BAB876A2E1D4ACB256 ] nvamacpi C:\Windows\system32\DRIVERS\NVAMACPI.sys
18:50:33.0596 0x0dd8 nvamacpi - ok
18:50:33.0627 0x0dd8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:50:33.0627 0x0dd8 nvraid - ok
18:50:33.0643 0x0dd8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:50:33.0659 0x0dd8 nvstor - ok
18:50:33.0674 0x0dd8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:50:33.0674 0x0dd8 nv_agp - ok
18:50:33.0705 0x0dd8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:50:33.0705 0x0dd8 ohci1394 - ok
18:50:33.0737 0x0dd8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:50:33.0752 0x0dd8 p2pimsvc - ok
18:50:33.0783 0x0dd8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
18:50:33.0783 0x0dd8 p2psvc - ok
18:50:33.0815 0x0dd8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:50:33.0815 0x0dd8 Parport - ok
18:50:33.0830 0x0dd8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:50:33.0830 0x0dd8 partmgr - ok
18:50:33.0846 0x0dd8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
18:50:33.0846 0x0dd8 PcaSvc - ok
18:50:33.0877 0x0dd8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
18:50:33.0877 0x0dd8 pci - ok
18:50:33.0908 0x0dd8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
18:50:33.0908 0x0dd8 pciide - ok
18:50:33.0924 0x0dd8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:50:33.0924 0x0dd8 pcmcia - ok
18:50:33.0939 0x0dd8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
18:50:33.0939 0x0dd8 pcw - ok
18:50:33.0971 0x0dd8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:50:33.0986 0x0dd8 PEAUTH - ok
18:50:34.0049 0x0dd8 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:50:34.0095 0x0dd8 PeerDistSvc - ok
18:50:34.0158 0x0dd8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:50:34.0158 0x0dd8 PerfHost - ok
18:50:34.0236 0x0dd8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
18:50:34.0283 0x0dd8 pla - ok
18:50:34.0314 0x0dd8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:50:34.0329 0x0dd8 PlugPlay - ok
18:50:34.0345 0x0dd8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:50:34.0345 0x0dd8 PNRPAutoReg - ok
18:50:34.0361 0x0dd8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:50:34.0376 0x0dd8 PNRPsvc - ok
18:50:34.0407 0x0dd8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:50:34.0423 0x0dd8 PolicyAgent - ok
18:50:34.0439 0x0dd8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
18:50:34.0454 0x0dd8 Power - ok
18:50:34.0485 0x0dd8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:50:34.0485 0x0dd8 PptpMiniport - ok
18:50:34.0501 0x0dd8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
18:50:34.0517 0x0dd8 Processor - ok
18:50:34.0548 0x0dd8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
18:50:34.0563 0x0dd8 ProfSvc - ok
18:50:34.0563 0x0dd8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:50:34.0579 0x0dd8 ProtectedStorage - ok
18:50:34.0595 0x0dd8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:50:34.0595 0x0dd8 Psched - ok
18:50:34.0657 0x0dd8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:50:34.0719 0x0dd8 ql2300 - ok
18:50:34.0735 0x0dd8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:50:34.0735 0x0dd8 ql40xx - ok
18:50:34.0766 0x0dd8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
18:50:34.0766 0x0dd8 QWAVE - ok
18:50:34.0782 0x0dd8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:50:34.0782 0x0dd8 QWAVEdrv - ok
18:50:34.0797 0x0dd8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:50:34.0797 0x0dd8 RasAcd - ok
18:50:34.0829 0x0dd8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:50:34.0829 0x0dd8 RasAgileVpn - ok
18:50:34.0844 0x0dd8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
18:50:34.0860 0x0dd8 RasAuto - ok
18:50:34.0875 0x0dd8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:50:34.0875 0x0dd8 Rasl2tp - ok
18:50:34.0891 0x0dd8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
18:50:34.0891 0x0dd8 RasMan - ok
18:50:34.0907 0x0dd8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:50:34.0907 0x0dd8 RasPppoe - ok
18:50:34.0922 0x0dd8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:50:34.0938 0x0dd8 RasSstp - ok
18:50:34.0953 0x0dd8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:50:34.0969 0x0dd8 rdbss - ok
18:50:34.0985 0x0dd8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:50:34.0985 0x0dd8 rdpbus - ok
18:50:35.0000 0x0dd8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:50:35.0000 0x0dd8 RDPCDD - ok
18:50:35.0031 0x0dd8 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:50:35.0031 0x0dd8 RDPDR - ok
18:50:35.0047 0x0dd8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:50:35.0047 0x0dd8 RDPENCDD - ok
18:50:35.0063 0x0dd8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:50:35.0063 0x0dd8 RDPREFMP - ok
18:50:35.0109 0x0dd8 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:50:35.0109 0x0dd8 RdpVideoMiniport - ok
18:50:35.0125 0x0dd8 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:50:35.0141 0x0dd8 RDPWD - ok
18:50:35.0156 0x0dd8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:50:35.0156 0x0dd8 rdyboost - ok
18:50:35.0187 0x0dd8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:50:35.0187 0x0dd8 RemoteAccess - ok
18:50:35.0234 0x0dd8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:50:35.0234 0x0dd8 RemoteRegistry - ok
18:50:35.0250 0x0dd8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:50:35.0265 0x0dd8 RpcEptMapper - ok
18:50:35.0281 0x0dd8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
18:50:35.0281 0x0dd8 RpcLocator - ok
18:50:35.0312 0x0dd8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
18:50:35.0328 0x0dd8 RpcSs - ok
18:50:35.0343 0x0dd8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:50:35.0343 0x0dd8 rspndr - ok
18:50:35.0359 0x0dd8 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:50:35.0359 0x0dd8 s3cap - ok
18:50:35.0375 0x0dd8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
18:50:35.0375 0x0dd8 SamSs - ok
18:50:35.0406 0x0dd8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:50:35.0406 0x0dd8 sbp2port - ok
18:50:35.0421 0x0dd8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:50:35.0421 0x0dd8 SCardSvr - ok
18:50:35.0437 0x0dd8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:50:35.0453 0x0dd8 scfilter - ok
18:50:35.0499 0x0dd8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
18:50:35.0531 0x0dd8 Schedule - ok
18:50:35.0609 0x0dd8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:50:35.0609 0x0dd8 SCPolicySvc - ok
18:50:35.0624 0x0dd8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:50:35.0624 0x0dd8 SDRSVC - ok
18:50:35.0655 0x0dd8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:50:35.0655 0x0dd8 secdrv - ok
18:50:35.0671 0x0dd8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
18:50:35.0671 0x0dd8 seclogon - ok
18:50:35.0687 0x0dd8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
18:50:35.0702 0x0dd8 SENS - ok
18:50:35.0718 0x0dd8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:50:35.0718 0x0dd8 SensrSvc - ok
18:50:35.0733 0x0dd8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:50:35.0733 0x0dd8 Serenum - ok
18:50:35.0749 0x0dd8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:50:35.0749 0x0dd8 Serial - ok
18:50:35.0765 0x0dd8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:50:35.0765 0x0dd8 sermouse - ok
18:50:35.0780 0x0dd8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
18:50:35.0796 0x0dd8 SessionEnv - ok
18:50:35.0811 0x0dd8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:50:35.0811 0x0dd8 sffdisk - ok
18:50:35.0827 0x0dd8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:50:35.0827 0x0dd8 sffp_mmc - ok
18:50:35.0843 0x0dd8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:50:35.0843 0x0dd8 sffp_sd - ok
18:50:35.0858 0x0dd8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:50:35.0858 0x0dd8 sfloppy - ok
18:50:35.0889 0x0dd8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:50:35.0905 0x0dd8 SharedAccess - ok
18:50:35.0921 0x0dd8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:50:35.0936 0x0dd8 ShellHWDetection - ok
18:50:35.0952 0x0dd8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:50:35.0952 0x0dd8 SiSRaid2 - ok
18:50:35.0967 0x0dd8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:50:35.0983 0x0dd8 SiSRaid4 - ok
18:50:35.0999 0x0dd8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:50:35.0999 0x0dd8 Smb - ok
18:50:36.0030 0x0dd8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:50:36.0030 0x0dd8 SNMPTRAP - ok
18:50:36.0045 0x0dd8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
18:50:36.0045 0x0dd8 spldr - ok
18:50:36.0077 0x0dd8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
18:50:36.0092 0x0dd8 Spooler - ok
18:50:36.0233 0x0dd8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
18:50:36.0357 0x0dd8 sppsvc - ok
18:50:36.0373 0x0dd8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:50:36.0373 0x0dd8 sppuinotify - ok
18:50:36.0420 0x0dd8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:50:36.0420 0x0dd8 srv - ok
18:50:36.0451 0x0dd8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:50:36.0451 0x0dd8 srv2 - ok
18:50:36.0467 0x0dd8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:50:36.0482 0x0dd8 srvnet - ok
18:50:36.0498 0x0dd8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:50:36.0513 0x0dd8 SSDPSRV - ok
18:50:36.0529 0x0dd8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:50:36.0529 0x0dd8 SstpSvc - ok
18:50:36.0545 0x0dd8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:50:36.0545 0x0dd8 stexstor - ok
18:50:36.0576 0x0dd8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
18:50:36.0591 0x0dd8 stisvc - ok
18:50:36.0623 0x0dd8 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:50:36.0623 0x0dd8 storflt - ok
18:50:36.0638 0x0dd8 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
18:50:36.0638 0x0dd8 StorSvc - ok
18:50:36.0669 0x0dd8 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:50:36.0669 0x0dd8 storvsc - ok
18:50:36.0685 0x0dd8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:50:36.0685 0x0dd8 swenum - ok
18:50:36.0701 0x0dd8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
18:50:36.0716 0x0dd8 swprv - ok
18:50:36.0794 0x0dd8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
18:50:36.0857 0x0dd8 SysMain - ok
18:50:36.0872 0x0dd8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:50:36.0872 0x0dd8 TabletInputService - ok
18:50:36.0888 0x0dd8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
18:50:36.0903 0x0dd8 TapiSrv - ok
18:50:36.0919 0x0dd8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
18:50:36.0919 0x0dd8 TBS - ok
18:50:36.0997 0x0dd8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:50:37.0059 0x0dd8 Tcpip - ok
18:50:37.0137 0x0dd8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:50:37.0169 0x0dd8 TCPIP6 - ok
18:50:37.0200 0x0dd8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:50:37.0200 0x0dd8 tcpipreg - ok
18:50:37.0215 0x0dd8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:50:37.0215 0x0dd8 TDPIPE - ok
18:50:37.0231 0x0dd8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:50:37.0231 0x0dd8 TDTCP - ok
18:50:37.0262 0x0dd8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:50:37.0262 0x0dd8 tdx - ok
18:50:37.0278 0x0dd8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:50:37.0278 0x0dd8 TermDD - ok
18:50:37.0325 0x0dd8 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
18:50:37.0340 0x0dd8 TermService - ok
18:50:37.0356 0x0dd8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
18:50:37.0356 0x0dd8 Themes - ok
18:50:37.0387 0x0dd8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
18:50:37.0387 0x0dd8 THREADORDER - ok
18:50:37.0403 0x0dd8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
18:50:37.0403 0x0dd8 TrkWks - ok
18:50:37.0465 0x0dd8 [ 325A512F98BEB97B1FFBE88927B8090D, 2A0C10516E3506D63290345DFAC98D5A623584767E034EBF652B9DBE6CF70547 ] Trufos C:\Windows\system32\DRIVERS\Trufos.sys
18:50:37.0481 0x0dd8 Trufos - ok
18:50:37.0512 0x0dd8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:50:37.0512 0x0dd8 TrustedInstaller - ok
18:50:37.0543 0x0dd8 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:50:37.0543 0x0dd8 tssecsrv - ok
18:50:37.0559 0x0dd8 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:50:37.0574 0x0dd8 TsUsbFlt - ok
18:50:37.0590 0x0dd8 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:50:37.0590 0x0dd8 TsUsbGD - ok
18:50:37.0637 0x0dd8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:50:37.0637 0x0dd8 tunnel - ok
18:50:37.0652 0x0dd8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:50:37.0652 0x0dd8 uagp35 - ok
18:50:37.0683 0x0dd8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:50:37.0683 0x0dd8 udfs - ok
18:50:37.0715 0x0dd8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:50:37.0715 0x0dd8 UI0Detect - ok
18:50:37.0730 0x0dd8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:50:37.0730 0x0dd8 uliagpkx - ok
18:50:37.0746 0x0dd8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:50:37.0746 0x0dd8 umbus - ok
18:50:37.0761 0x0dd8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
18:50:37.0777 0x0dd8 UmPass - ok
18:50:37.0808 0x0dd8 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
18:50:37.0808 0x0dd8 UmRdpService - ok
18:50:37.0839 0x0dd8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
18:50:37.0839 0x0dd8 upnphost - ok
18:50:37.0855 0x0dd8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:50:37.0871 0x0dd8 usbccgp - ok
18:50:37.0902 0x0dd8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:50:37.0902 0x0dd8 usbcir - ok
18:50:37.0917 0x0dd8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:50:37.0917 0x0dd8 usbehci - ok
18:50:37.0949 0x0dd8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:50:37.0964 0x0dd8 usbhub - ok
18:50:37.0980 0x0dd8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:50:37.0980 0x0dd8 usbohci - ok
18:50:37.0995 0x0dd8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:50:37.0995 0x0dd8 usbprint - ok
18:50:38.0011 0x0dd8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:50:38.0027 0x0dd8 USBSTOR - ok
18:50:38.0042 0x0dd8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:50:38.0042 0x0dd8 usbuhci - ok
18:50:38.0058 0x0dd8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
18:50:38.0058 0x0dd8 UxSms - ok
18:50:38.0058 0x0dd8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
18:50:38.0058 0x0dd8 VaultSvc - ok
18:50:38.0073 0x0dd8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:50:38.0073 0x0dd8 vdrvroot - ok
18:50:38.0120 0x0dd8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
18:50:38.0136 0x0dd8 vds - ok
18:50:38.0151 0x0dd8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:50:38.0151 0x0dd8 vga - ok
18:50:38.0167 0x0dd8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:50:38.0167 0x0dd8 VgaSave - ok
18:50:38.0198 0x0dd8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:50:38.0198 0x0dd8 vhdmp - ok
18:50:38.0229 0x0dd8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
18:50:38.0229 0x0dd8 viaide - ok
18:50:38.0261 0x0dd8 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:50:38.0261 0x0dd8 vmbus - ok
18:50:38.0276 0x0dd8 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:50:38.0276 0x0dd8 VMBusHID - ok
18:50:38.0292 0x0dd8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:50:38.0292 0x0dd8 volmgr - ok
18:50:38.0323 0x0dd8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:50:38.0339 0x0dd8 volmgrx - ok
18:50:38.0354 0x0dd8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:50:38.0370 0x0dd8 volsnap - ok
18:50:38.0401 0x0dd8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:50:38.0401 0x0dd8 vsmraid - ok
18:50:38.0463 0x0dd8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
18:50:38.0526 0x0dd8 VSS - ok
18:50:38.0588 0x0dd8 [ 93132C69394A99D992095D8CFE464801, A76C0371E9E18B038B0745C3F38AC4E958D43CB87EAB358EB88F431A33EE1F6E ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
18:50:38.0588 0x0dd8 VST64HWBS2 - ok
18:50:38.0682 0x0dd8 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:50:38.0729 0x0dd8 VST64_DPV - ok
18:50:38.0744 0x0dd8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:50:38.0744 0x0dd8 vwifibus - ok
18:50:38.0775 0x0dd8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
18:50:38.0775 0x0dd8 W32Time - ok
18:50:38.0791 0x0dd8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:50:38.0807 0x0dd8 WacomPen - ok
18:50:38.0822 0x0dd8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:50:38.0822 0x0dd8 WANARP - ok
18:50:38.0853 0x0dd8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:50:38.0853 0x0dd8 Wanarpv6 - ok
18:50:38.0916 0x0dd8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:50:38.0963 0x0dd8 WatAdminSvc - ok
18:50:39.0025 0x0dd8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
18:50:39.0072 0x0dd8 wbengine - ok
18:50:39.0103 0x0dd8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:50:39.0103 0x0dd8 WbioSrvc - ok
18:50:39.0119 0x0dd8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:50:39.0134 0x0dd8 wcncsvc - ok
18:50:39.0150 0x0dd8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:50:39.0150 0x0dd8 WcsPlugInService - ok
18:50:39.0165 0x0dd8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
18:50:39.0181 0x0dd8 Wd - ok
18:50:39.0212 0x0dd8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:50:39.0243 0x0dd8 Wdf01000 - ok
18:50:39.0259 0x0dd8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:50:39.0275 0x0dd8 WdiServiceHost - ok
18:50:39.0275 0x0dd8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:50:39.0275 0x0dd8 WdiSystemHost - ok
18:50:39.0321 0x0dd8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
18:50:39.0321 0x0dd8 WebClient - ok
18:50:39.0337 0x0dd8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:50:39.0353 0x0dd8 Wecsvc - ok
18:50:39.0368 0x0dd8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:50:39.0368 0x0dd8 wercplsupport - ok
18:50:39.0399 0x0dd8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
18:50:39.0399 0x0dd8 WerSvc - ok
18:50:39.0431 0x0dd8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:50:39.0431 0x0dd8 WfpLwf - ok
18:50:39.0446 0x0dd8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:50:39.0446 0x0dd8 WIMMount - ok
18:50:39.0493 0x0dd8 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:50:39.0509 0x0dd8 winachsf - ok
18:50:39.0524 0x0dd8 WinDefend - ok
18:50:39.0540 0x0dd8 WinHttpAutoProxySvc - ok
18:50:39.0587 0x0dd8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:50:39.0602 0x0dd8 Winmgmt - ok
18:50:39.0680 0x0dd8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
18:50:39.0758 0x0dd8 WinRM - ok
18:50:39.0805 0x0dd8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
18:50:39.0805 0x0dd8 WinUSB - ok
18:50:39.0867 0x0dd8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:50:39.0899 0x0dd8 Wlansvc - ok
18:50:39.0914 0x0dd8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:50:39.0914 0x0dd8 WmiAcpi - ok
18:50:39.0930 0x0dd8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:50:39.0945 0x0dd8 wmiApSrv - ok
18:50:39.0945 0x0dd8 WMPNetworkSvc - ok
18:50:39.0977 0x0dd8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:50:39.0977 0x0dd8 WPCSvc - ok
18:50:39.0992 0x0dd8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:50:39.0992 0x0dd8 WPDBusEnum - ok
18:50:40.0008 0x0dd8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:50:40.0023 0x0dd8 ws2ifsl - ok
18:50:40.0039 0x0dd8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
18:50:40.0039 0x0dd8 wscsvc - ok
18:50:40.0039 0x0dd8 WSearch - ok
18:50:40.0164 0x0dd8 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
18:50:40.0273 0x0dd8 wuauserv - ok
18:50:40.0320 0x0dd8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:50:40.0320 0x0dd8 WudfPf - ok
18:50:40.0335 0x0dd8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:50:40.0335 0x0dd8 WUDFRd - ok
18:50:40.0351 0x0dd8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:50:40.0351 0x0dd8 wudfsvc - ok
18:50:40.0382 0x0dd8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
18:50:40.0398 0x0dd8 WwanSvc - ok
18:50:40.0413 0x0dd8 ================ Scan global ===============================
18:50:40.0429 0x0dd8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:50:40.0460 0x0dd8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:50:40.0476 0x0dd8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:50:40.0507 0x0dd8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:50:40.0538 0x0dd8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:50:40.0538 0x0dd8 [ Global ] - ok
18:50:40.0538 0x0dd8 ================ Scan MBR ==================================
18:50:40.0554 0x0dd8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:50:41.0147 0x0dd8 \Device\Harddisk0\DR0 - ok
18:50:41.0162 0x0dd8 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:50:41.0178 0x0dd8 \Device\Harddisk1\DR1 - ok
18:50:41.0178 0x0dd8 ================ Scan VBR ==================================
18:50:41.0178 0x0dd8 [ 10DA451CEEBD20EAEEE92013709FEE75 ] \Device\Harddisk0\DR0\Partition1
18:50:41.0178 0x0dd8 \Device\Harddisk0\DR0\Partition1 - ok
18:50:41.0178 0x0dd8 [ 7158EE920C37A50814364F7512134E4B ] \Device\Harddisk0\DR0\Partition2
18:50:41.0209 0x0dd8 \Device\Harddisk0\DR0\Partition2 - ok
18:50:41.0209 0x0dd8 [ 074B8C0E27F60C8666847DB7AF6F9A1D ] \Device\Harddisk1\DR1\Partition1
18:50:41.0240 0x0dd8 \Device\Harddisk1\DR1\Partition1 - ok
18:50:41.0240 0x0dd8 ================ Scan generic autorun ======================
18:50:41.0271 0x0dd8 [ 92FDB0658CA16974B4AE80E248A5B118, 9E0CF6A9C845C5F9E4B80B9105DBECE15ACC27984FCBFD8774C00EBE20DB652F ] C:\Windows\system32\igfxtray.exe
18:50:41.0271 0x0dd8 IgfxTray - ok
18:50:41.0303 0x0dd8 [ 23A6AE66AA4BEF792649736385BB51BA, FC85E38B2F5F52E970EAE5DAFC3B738BCC8BF596AF3766F0EDA03040664E1F08 ] C:\Windows\system32\hkcmd.exe
18:50:41.0318 0x0dd8 HotKeysCmds - ok
18:50:41.0334 0x0dd8 [ F6FA1865978214FB7FCD80149BBF1C13, 3CA24827982B521986DBE1E5600316155800C3777BAF415B978C7FE9F3AA3DD2 ] C:\Windows\system32\igfxpers.exe
18:50:41.0349 0x0dd8 Persistence - ok
18:50:41.0693 0x0dd8 [ BACC06B4510C27E826AB7759E82EDC54, 0118B885DB6A02B3ABF4E8E5DC8BAC057A83B89D082389F9B85EB967593D8EF4 ] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
18:50:41.0958 0x0dd8 AdAwareTray - ok
18:50:42.0067 0x0dd8 [ DA8B4836B97995D2445CF9E8ADD1E645, 022DC2CA9E70E2CB470995423BC712B4A3A94D9AE774BA458835E56237CCCC2B ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
18:50:42.0083 0x0dd8 StartCCC - ok
18:50:42.0176 0x0dd8 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:50:42.0207 0x0dd8 Adobe ARM - ok
18:50:42.0301 0x0dd8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:50:42.0363 0x0dd8 Sidebar - ok
18:50:42.0395 0x0dd8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:50:42.0395 0x0dd8 mctadmin - ok
18:50:42.0426 0x0dd8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:50:42.0441 0x0dd8 Sidebar - ok
18:50:42.0457 0x0dd8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:50:42.0457 0x0dd8 mctadmin - ok
18:50:42.0597 0x0dd8 [ 7A6A4EDC0CEF9DE9CAFFDFE36D991FD4, 29078B41C8E977E06D925936325B1BE41F478CE53B1F5D2408A7C414240DC0B2 ] C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
18:50:42.0644 0x0dd8 Spotify Web Helper - ok
18:50:42.0707 0x0dd8 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
18:50:42.0753 0x0dd8 Sidebar - ok
18:50:42.0753 0x0dd8 Waiting for KSN requests completion. In queue: 331
18:50:43.0767 0x0dd8 Waiting for KSN requests completion. In queue: 19
18:50:44.0781 0x0dd8 Waiting for KSN requests completion. In queue: 19
18:50:45.0795 0x0dd8 Waiting for KSN requests completion. In queue: 19
18:50:46.0841 0x0dd8 AV detected via SS2: Ad-Aware Antivirus, C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareSecurityCenter.exe ( 11.3.6321.0 ), 0x40010 ( disabled : outofdate )
18:50:46.0841 0x0dd8 FW detected via SS2: Ad-Aware Firewall, C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareSecurityCenter.exe ( 11.3.6321.0 ), 0x40010 ( disabled )
18:50:46.0872 0x0dd8 Win FW state via NFP2: enabled
18:50:50.0413 0x0dd8 ============================================================
18:50:50.0413 0x0dd8 Scan finished
18:50:50.0413 0x0dd8 ============================================================
18:50:50.0429 0x057c Detected object count: 0
18:50:50.0429 0x057c Actual detected object count: 0
20:59:37.0514 0x10fc ============================================================
20:59:37.0514 0x10fc Scan started
20:59:37.0514 0x10fc Mode: Manual; SigCheck;
20:59:37.0514 0x10fc ============================================================
20:59:37.0514 0x10fc KSN ping started
20:59:40.0772 0x10fc KSN ping finished: true
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 15th, 2014, 9:42 pm

20:59:47.0989 0x10fc ================ Scan system memory ========================
20:59:47.0989 0x10fc System memory - ok
20:59:47.0990 0x10fc ================ Scan services =============================
20:59:48.0117 0x10fc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:59:48.0339 0x10fc 1394ohci - ok
20:59:48.0367 0x10fc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:59:48.0392 0x10fc ACPI - ok
20:59:48.0403 0x10fc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:59:48.0436 0x10fc AcpiPmi - ok
20:59:48.0472 0x10fc AdobeARMservice - ok
20:59:48.0545 0x10fc [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:59:48.0565 0x10fc AdobeFlashPlayerUpdateSvc - ok
20:59:48.0597 0x10fc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:59:48.0625 0x10fc adp94xx - ok
20:59:48.0648 0x10fc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:59:48.0672 0x10fc adpahci - ok
20:59:48.0691 0x10fc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:59:48.0711 0x10fc adpu320 - ok
20:59:48.0735 0x10fc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:59:48.0780 0x10fc AeLookupSvc - ok
20:59:48.0798 0x10fc AFD - ok
20:59:48.0820 0x10fc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
20:59:48.0837 0x10fc agp440 - ok
20:59:48.0854 0x10fc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
20:59:48.0906 0x10fc ALG - ok
20:59:48.0926 0x10fc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
20:59:48.0942 0x10fc aliide - ok
20:59:48.0982 0x10fc [ D45D3540C5AE2A48C6112DF03F06F374, FEEA22BC629D2F25321293763BBB690959B7DFA2573B922C9D7F462DFEE52647 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:59:49.0069 0x10fc AMD External Events Utility - ok
20:59:49.0090 0x10fc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
20:59:49.0106 0x10fc amdide - ok
20:59:49.0120 0x10fc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:59:49.0146 0x10fc AmdK8 - ok
20:59:49.0604 0x10fc [ 5B871F3E4A4A6C4693A413E3138B51D0, 3A1C4595F72DA0A852043624E52B3BE87BBC4D1AFDD09624E3EAD328D0B78310 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:59:49.0960 0x10fc amdkmdag - ok
20:59:50.0036 0x10fc [ 9BE1140CE8D2C5E878F136A7B85D41B3, DF3CABB90CC36ADCB71BF85CFE23BCD315D7DC301773E9856A6854B95740B2E2 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:59:50.0083 0x10fc amdkmdap - ok
20:59:50.0104 0x10fc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:59:50.0132 0x10fc AmdPPM - ok
20:59:50.0162 0x10fc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:59:50.0182 0x10fc amdsata - ok
20:59:50.0201 0x10fc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:59:50.0221 0x10fc amdsbs - ok
20:59:50.0235 0x10fc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:59:50.0252 0x10fc amdxata - ok
20:59:50.0269 0x10fc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
20:59:50.0315 0x10fc AppID - ok
20:59:50.0335 0x10fc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:59:50.0385 0x10fc AppIDSvc - ok
20:59:50.0412 0x10fc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
20:59:50.0444 0x10fc Appinfo - ok
20:59:50.0473 0x10fc [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
20:59:50.0513 0x10fc AppMgmt - ok
20:59:50.0540 0x10fc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
20:59:50.0558 0x10fc arc - ok
20:59:50.0574 0x10fc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:59:50.0592 0x10fc arcsas - ok
20:59:50.0664 0x10fc [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:59:50.0691 0x10fc aspnet_state - ok
20:59:50.0707 0x10fc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:59:50.0754 0x10fc AsyncMac - ok
20:59:50.0771 0x10fc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
20:59:50.0787 0x10fc atapi - ok
20:59:50.0816 0x10fc [ B0790FF0E25B7A2674296052F2162C1A, 930D1A09E93117E081C532D6EDB1E870736AE3806D13AE7F0C7748FD4EAB3D89 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:59:50.0831 0x10fc AtiHDAudioService - ok
20:59:51.0227 0x10fc [ 5B871F3E4A4A6C4693A413E3138B51D0, 3A1C4595F72DA0A852043624E52B3BE87BBC4D1AFDD09624E3EAD328D0B78310 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:59:51.0581 0x10fc atikmdag - ok
20:59:51.0676 0x10fc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:59:51.0738 0x10fc AudioEndpointBuilder - ok
20:59:51.0776 0x10fc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:59:51.0834 0x10fc AudioSrv - ok
20:59:51.0857 0x10fc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:59:51.0923 0x10fc AxInstSV - ok
20:59:51.0955 0x10fc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:59:51.0995 0x10fc b06bdrv - ok
20:59:52.0016 0x10fc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:59:52.0061 0x10fc b57nd60a - ok
20:59:52.0083 0x10fc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
20:59:52.0123 0x10fc BDESVC - ok
20:59:52.0138 0x10fc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
20:59:52.0200 0x10fc Beep - ok
20:59:52.0235 0x10fc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
20:59:52.0295 0x10fc BFE - ok
20:59:52.0343 0x10fc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
20:59:52.0417 0x10fc BITS - ok
20:59:52.0435 0x10fc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:59:52.0467 0x10fc blbdrive - ok
20:59:52.0488 0x10fc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:59:52.0521 0x10fc bowser - ok
20:59:52.0538 0x10fc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:59:52.0560 0x10fc BrFiltLo - ok
20:59:52.0572 0x10fc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:59:52.0593 0x10fc BrFiltUp - ok
20:59:52.0610 0x10fc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
20:59:52.0640 0x10fc Browser - ok
20:59:52.0662 0x10fc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:59:52.0701 0x10fc Brserid - ok
20:59:52.0718 0x10fc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:59:52.0753 0x10fc BrSerWdm - ok
20:59:52.0768 0x10fc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:59:52.0790 0x10fc BrUsbMdm - ok
20:59:52.0805 0x10fc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:59:52.0826 0x10fc BrUsbSer - ok
20:59:52.0838 0x10fc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:59:52.0861 0x10fc BTHMODEM - ok
20:59:52.0884 0x10fc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
20:59:52.0936 0x10fc bthserv - ok
20:59:52.0956 0x10fc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:59:52.0999 0x10fc cdfs - ok
20:59:53.0017 0x10fc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:59:53.0057 0x10fc cdrom - ok
20:59:53.0069 0x10fc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
20:59:53.0111 0x10fc CertPropSvc - ok
20:59:53.0130 0x10fc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
20:59:53.0153 0x10fc circlass - ok
20:59:53.0176 0x10fc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
20:59:53.0201 0x10fc CLFS - ok
20:59:53.0237 0x10fc clr_optimization_v2.0.50727_32 - ok
20:59:53.0252 0x10fc clr_optimization_v2.0.50727_64 - ok
20:59:53.0302 0x10fc [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:59:53.0322 0x10fc clr_optimization_v4.0.30319_32 - ok
20:59:53.0334 0x10fc [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:59:53.0355 0x10fc clr_optimization_v4.0.30319_64 - ok
20:59:53.0373 0x10fc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
20:59:53.0404 0x10fc CmBatt - ok
20:59:53.0420 0x10fc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:59:53.0437 0x10fc cmdide - ok
20:59:53.0478 0x10fc [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
20:59:53.0519 0x10fc CNG - ok
20:59:53.0535 0x10fc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:59:53.0552 0x10fc Compbatt - ok
20:59:53.0564 0x10fc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:59:53.0615 0x10fc CompositeBus - ok
20:59:53.0629 0x10fc COMSysApp - ok
20:59:53.0661 0x10fc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:59:53.0677 0x10fc crcdisk - ok
20:59:53.0699 0x10fc [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:59:53.0744 0x10fc CryptSvc - ok
20:59:53.0783 0x10fc [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
20:59:53.0828 0x10fc CSC - ok
20:59:53.0870 0x10fc [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
20:59:53.0911 0x10fc CscService - ok
20:59:53.0949 0x10fc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:59:54.0016 0x10fc DcomLaunch - ok
20:59:54.0040 0x10fc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
20:59:54.0090 0x10fc defragsvc - ok
20:59:54.0104 0x10fc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:59:54.0156 0x10fc DfsC - ok
20:59:54.0180 0x10fc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:59:54.0222 0x10fc Dhcp - ok
20:59:54.0236 0x10fc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
20:59:54.0278 0x10fc discache - ok
20:59:54.0305 0x10fc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
20:59:54.0323 0x10fc Disk - ok
20:59:54.0346 0x10fc [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
20:59:54.0383 0x10fc dmvsc - ok
20:59:54.0413 0x10fc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:59:54.0451 0x10fc Dnscache - ok
20:59:54.0469 0x10fc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
20:59:54.0527 0x10fc dot3svc - ok
20:59:54.0549 0x10fc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
20:59:54.0602 0x10fc DPS - ok
20:59:54.0624 0x10fc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:59:54.0654 0x10fc drmkaud - ok
20:59:54.0671 0x10fc DXGKrnl - ok
20:59:54.0707 0x10fc [ 9F52D149EF61F90E0C901A86C2BCE447, 128A542DEA6D7D07B705E4E81CF401D2C359834E1940AA67197EC9AC7130EEB6 ] E100B C:\Windows\system32\DRIVERS\efe5b32e.sys
20:59:54.0724 0x10fc E100B - ok
20:59:54.0747 0x10fc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
20:59:54.0801 0x10fc EapHost - ok
20:59:54.0946 0x10fc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:59:55.0057 0x10fc ebdrv - ok
20:59:55.0087 0x10fc EFS - ok
20:59:55.0145 0x10fc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:59:55.0209 0x10fc ehRecvr - ok
20:59:55.0228 0x10fc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
20:59:55.0250 0x10fc ehSched - ok
20:59:55.0284 0x10fc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:59:55.0315 0x10fc elxstor - ok
20:59:55.0357 0x10fc EraserUtilRebootDrv - ok
20:59:55.0371 0x10fc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:59:55.0398 0x10fc ErrDev - ok
20:59:55.0427 0x10fc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
20:59:55.0545 0x10fc EventSystem - ok
20:59:55.0606 0x10fc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:59:55.0675 0x10fc exfat - ok
20:59:55.0692 0x10fc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:59:55.0743 0x10fc fastfat - ok
20:59:55.0777 0x10fc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
20:59:55.0840 0x10fc Fax - ok
20:59:55.0857 0x10fc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
20:59:55.0891 0x10fc fdc - ok
20:59:55.0903 0x10fc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
20:59:55.0950 0x10fc fdPHost - ok
20:59:55.0961 0x10fc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
20:59:56.0003 0x10fc FDResPub - ok
20:59:56.0020 0x10fc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:59:56.0037 0x10fc FileInfo - ok
20:59:56.0061 0x10fc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:59:56.0103 0x10fc Filetrace - ok
20:59:56.0115 0x10fc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:59:56.0136 0x10fc flpydisk - ok
20:59:56.0161 0x10fc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:59:56.0186 0x10fc FltMgr - ok
20:59:56.0244 0x10fc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
20:59:56.0310 0x10fc FontCache - ok
20:59:56.0358 0x10fc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:59:56.0373 0x10fc FontCache3.0.0.0 - ok
20:59:56.0388 0x10fc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:59:56.0406 0x10fc FsDepends - ok
20:59:56.0428 0x10fc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:59:56.0445 0x10fc Fs_Rec - ok
20:59:56.0474 0x10fc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:59:56.0500 0x10fc fvevol - ok
20:59:56.0515 0x10fc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:59:56.0532 0x10fc gagp30kx - ok
20:59:56.0578 0x10fc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
20:59:56.0642 0x10fc gpsvc - ok
20:59:56.0679 0x10fc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:59:56.0694 0x10fc gupdate - ok
20:59:56.0701 0x10fc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:59:56.0715 0x10fc gupdatem - ok
20:59:56.0747 0x10fc gzflt - ok
20:59:56.0770 0x10fc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:59:56.0812 0x10fc hcw85cir - ok
20:59:56.0849 0x10fc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:59:56.0889 0x10fc HdAudAddService - ok
20:59:56.0907 0x10fc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:59:56.0938 0x10fc HDAudBus - ok
20:59:56.0949 0x10fc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:59:56.0976 0x10fc HidBatt - ok
20:59:56.0985 0x10fc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:59:57.0019 0x10fc HidBth - ok
20:59:57.0038 0x10fc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
20:59:57.0063 0x10fc HidIr - ok
20:59:57.0082 0x10fc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
20:59:57.0169 0x10fc hidserv - ok
20:59:57.0206 0x10fc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:59:57.0225 0x10fc HidUsb - ok
20:59:57.0248 0x10fc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:59:57.0300 0x10fc hkmsvc - ok
20:59:57.0323 0x10fc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:59:57.0365 0x10fc HomeGroupListener - ok
20:59:57.0384 0x10fc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:59:57.0411 0x10fc HomeGroupProvider - ok
20:59:57.0426 0x10fc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:59:57.0446 0x10fc HpSAMD - ok
20:59:57.0483 0x10fc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:59:57.0557 0x10fc HTTP - ok
20:59:57.0573 0x10fc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:59:57.0589 0x10fc hwpolicy - ok
20:59:57.0604 0x10fc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:59:57.0627 0x10fc i8042prt - ok
20:59:57.0680 0x10fc [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:59:57.0708 0x10fc iaStor - ok
20:59:57.0733 0x10fc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:59:57.0760 0x10fc iaStorV - ok
20:59:57.0787 0x10fc idsvc - ok
20:59:57.0792 0x10fc IEEtwCollectorService - ok
20:59:58.0014 0x10fc [ 24CC43ECDEEFD4C19FBBEE4951B647F1, 416799965E6602F8F03E2A92E8BB42B1D5643C65EF09815FC5A56A2FA73E6773 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:59:58.0289 0x10fc igfx - ok
20:59:58.0328 0x10fc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:59:58.0346 0x10fc iirsp - ok
20:59:58.0393 0x10fc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
20:59:58.0457 0x10fc IKEEXT - ok
20:59:58.0480 0x10fc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:59:58.0497 0x10fc intelide - ok
20:59:58.0512 0x10fc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:59:58.0533 0x10fc intelppm - ok
20:59:58.0563 0x10fc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:59:58.0616 0x10fc IPBusEnum - ok
20:59:58.0634 0x10fc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:59:58.0675 0x10fc IpFilterDriver - ok
20:59:58.0714 0x10fc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:59:58.0760 0x10fc iphlpsvc - ok
20:59:58.0781 0x10fc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:59:58.0815 0x10fc IPMIDRV - ok
20:59:58.0838 0x10fc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:59:58.0888 0x10fc IPNAT - ok
20:59:58.0899 0x10fc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:59:58.0923 0x10fc IRENUM - ok
20:59:58.0934 0x10fc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:59:58.0951 0x10fc isapnp - ok
20:59:58.0980 0x10fc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:59:59.0004 0x10fc iScsiPrt - ok
20:59:59.0022 0x10fc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:59:59.0039 0x10fc kbdclass - ok
20:59:59.0051 0x10fc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:59:59.0081 0x10fc kbdhid - ok
20:59:59.0090 0x10fc KeyIso - ok
20:59:59.0112 0x10fc KSecDD - ok
20:59:59.0119 0x10fc KSecPkg - ok
20:59:59.0126 0x10fc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:59:59.0182 0x10fc ksthunk - ok
20:59:59.0212 0x10fc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
20:59:59.0269 0x10fc KtmRm - ok
20:59:59.0292 0x10fc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:59:59.0343 0x10fc LanmanServer - ok
20:59:59.0366 0x10fc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:59:59.0412 0x10fc LanmanWorkstation - ok
20:59:59.0423 0x10fc LavasoftAdAwareService11 - ok
20:59:59.0442 0x10fc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:59:59.0493 0x10fc lltdio - ok
20:59:59.0517 0x10fc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:59:59.0568 0x10fc lltdsvc - ok
20:59:59.0575 0x10fc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:59:59.0623 0x10fc lmhosts - ok
20:59:59.0644 0x10fc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:59:59.0663 0x10fc LSI_FC - ok
20:59:59.0681 0x10fc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:59:59.0700 0x10fc LSI_SAS - ok
20:59:59.0714 0x10fc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:59:59.0732 0x10fc LSI_SAS2 - ok
20:59:59.0748 0x10fc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:59:59.0768 0x10fc LSI_SCSI - ok
20:59:59.0788 0x10fc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
20:59:59.0832 0x10fc luafv - ok
20:59:59.0859 0x10fc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:59:59.0882 0x10fc Mcx2Svc - ok
20:59:59.0889 0x10fc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
20:59:59.0907 0x10fc megasas - ok
20:59:59.0928 0x10fc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:59:59.0952 0x10fc MegaSR - ok
20:59:59.0978 0x10fc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
21:00:00.0027 0x10fc MMCSS - ok
21:00:00.0043 0x10fc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
21:00:00.0090 0x10fc Modem - ok
21:00:00.0097 0x10fc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:00:00.0126 0x10fc monitor - ok
21:00:00.0137 0x10fc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:00:00.0155 0x10fc mouclass - ok
21:00:00.0168 0x10fc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:00:00.0210 0x10fc mouhid - ok
21:00:00.0224 0x10fc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:00:00.0242 0x10fc mountmgr - ok
21:00:00.0262 0x10fc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
21:00:00.0283 0x10fc mpio - ok
21:00:00.0302 0x10fc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:00:00.0354 0x10fc mpsdrv - ok
21:00:00.0399 0x10fc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:00:00.0478 0x10fc MpsSvc - ok
21:00:00.0503 0x10fc [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:00:00.0529 0x10fc MRxDAV - ok
21:00:00.0547 0x10fc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:00:00.0581 0x10fc mrxsmb - ok
21:00:00.0614 0x10fc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:00:00.0643 0x10fc mrxsmb10 - ok
21:00:00.0659 0x10fc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:00:00.0709 0x10fc mrxsmb20 - ok
21:00:00.0725 0x10fc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
21:00:00.0742 0x10fc msahci - ok
21:00:00.0768 0x10fc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:00:00.0789 0x10fc msdsm - ok
21:00:00.0804 0x10fc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
21:00:00.0840 0x10fc MSDTC - ok
21:00:00.0867 0x10fc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:00:00.0910 0x10fc Msfs - ok
21:00:00.0922 0x10fc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:00:00.0968 0x10fc mshidkmdf - ok
21:00:00.0987 0x10fc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:00:01.0004 0x10fc msisadrv - ok
21:00:01.0028 0x10fc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:00:01.0077 0x10fc MSiSCSI - ok
21:00:01.0082 0x10fc msiserver - ok
21:00:01.0094 0x10fc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:00:01.0152 0x10fc MSKSSRV - ok
21:00:01.0166 0x10fc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:00:01.0209 0x10fc MSPCLOCK - ok
21:00:01.0221 0x10fc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:00:01.0267 0x10fc MSPQM - ok
21:00:01.0297 0x10fc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:00:01.0325 0x10fc MsRPC - ok
21:00:01.0340 0x10fc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:00:01.0357 0x10fc mssmbios - ok
21:00:01.0374 0x10fc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:00:01.0423 0x10fc MSTEE - ok
21:00:01.0440 0x10fc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:00:01.0460 0x10fc MTConfig - ok
21:00:01.0476 0x10fc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
21:00:01.0494 0x10fc Mup - ok
21:00:01.0537 0x10fc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
21:00:01.0621 0x10fc napagent - ok
21:00:01.0648 0x10fc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:00:01.0695 0x10fc NativeWifiP - ok
21:00:01.0746 0x10fc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
21:00:01.0796 0x10fc NDIS - ok
21:00:01.0818 0x10fc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:00:01.0865 0x10fc NdisCap - ok
21:00:01.0873 0x10fc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:00:01.0921 0x10fc NdisTapi - ok
21:00:01.0937 0x10fc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:00:01.0979 0x10fc Ndisuio - ok
21:00:01.0997 0x10fc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:00:02.0066 0x10fc NdisWan - ok
21:00:02.0083 0x10fc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:00:02.0127 0x10fc NDProxy - ok
21:00:02.0140 0x10fc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:00:02.0227 0x10fc NetBIOS - ok
21:00:02.0257 0x10fc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:00:02.0311 0x10fc NetBT - ok
21:00:02.0321 0x10fc Netlogon - ok
21:00:02.0358 0x10fc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
21:00:02.0445 0x10fc Netman - ok
21:00:02.0478 0x10fc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:00:02.0500 0x10fc NetMsmqActivator - ok
21:00:02.0520 0x10fc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:00:02.0541 0x10fc NetPipeActivator - ok
21:00:02.0563 0x10fc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
21:00:02.0726 0x10fc netprofm - ok
21:00:02.0739 0x10fc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:00:02.0763 0x10fc NetTcpActivator - ok
21:00:02.0774 0x10fc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:00:02.0800 0x10fc NetTcpPortSharing - ok
21:00:02.0820 0x10fc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:00:02.0838 0x10fc nfrd960 - ok
21:00:02.0896 0x10fc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:00:02.0954 0x10fc NlaSvc - ok
21:00:02.0979 0x10fc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:00:03.0048 0x10fc Npfs - ok
21:00:03.0064 0x10fc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
21:00:03.0121 0x10fc nsi - ok
21:00:03.0165 0x10fc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:00:03.0225 0x10fc nsiproxy - ok
21:00:03.0311 0x10fc [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:00:03.0399 0x10fc Ntfs - ok
21:00:03.0426 0x10fc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
21:00:03.0479 0x10fc Null - ok
21:00:03.0510 0x10fc [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
21:00:03.0551 0x10fc nusb3hub - ok
21:00:03.0589 0x10fc [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
21:00:03.0630 0x10fc nusb3xhc - ok
21:00:03.0655 0x10fc [ 7FD5C060CB907489A5702F628226F54A, 56101B878DCBFDEF4D5C8BBC6BE0D7710108E651809812BAB876A2E1D4ACB256 ] nvamacpi C:\Windows\system32\DRIVERS\NVAMACPI.sys
21:00:03.0673 0x10fc nvamacpi - ok
21:00:03.0701 0x10fc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:00:03.0722 0x10fc nvraid - ok
21:00:03.0764 0x10fc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:00:03.0786 0x10fc nvstor - ok
21:00:03.0815 0x10fc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:00:03.0837 0x10fc nv_agp - ok
21:00:03.0889 0x10fc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:00:03.0913 0x10fc ohci1394 - ok
21:00:03.0969 0x10fc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:00:04.0012 0x10fc p2pimsvc - ok
21:00:04.0042 0x10fc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
21:00:04.0077 0x10fc p2psvc - ok
21:00:04.0106 0x10fc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:00:04.0135 0x10fc Parport - ok
21:00:04.0181 0x10fc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:00:04.0200 0x10fc partmgr - ok
21:00:04.0215 0x10fc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
21:00:04.0272 0x10fc PcaSvc - ok
21:00:04.0294 0x10fc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
21:00:04.0315 0x10fc pci - ok
21:00:04.0351 0x10fc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
21:00:04.0368 0x10fc pciide - ok
21:00:04.0387 0x10fc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:00:04.0410 0x10fc pcmcia - ok
21:00:04.0426 0x10fc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
21:00:04.0443 0x10fc pcw - ok
21:00:04.0475 0x10fc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:00:04.0565 0x10fc PEAUTH - ok
21:00:04.0642 0x10fc [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:00:04.0744 0x10fc PeerDistSvc - ok
21:00:04.0811 0x10fc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:00:04.0867 0x10fc PerfHost - ok
21:00:04.0953 0x10fc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
21:00:05.0054 0x10fc pla - ok
21:00:05.0091 0x10fc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:00:05.0149 0x10fc PlugPlay - ok
21:00:05.0170 0x10fc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:00:05.0197 0x10fc PNRPAutoReg - ok
21:00:05.0219 0x10fc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:00:05.0247 0x10fc PNRPsvc - ok
21:00:05.0286 0x10fc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:00:05.0344 0x10fc PolicyAgent - ok
21:00:05.0372 0x10fc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
21:00:05.0426 0x10fc Power - ok
21:00:05.0449 0x10fc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:00:05.0497 0x10fc PptpMiniport - ok
21:00:05.0513 0x10fc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
21:00:05.0540 0x10fc Processor - ok
21:00:05.0570 0x10fc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
21:00:05.0613 0x10fc ProfSvc - ok
21:00:05.0619 0x10fc ProtectedStorage - ok
21:00:05.0641 0x10fc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:00:05.0684 0x10fc Psched - ok
21:00:05.0812 0x10fc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:00:05.0891 0x10fc ql2300 - ok
21:00:05.0913 0x10fc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:00:05.0933 0x10fc ql40xx - ok
21:00:05.0966 0x10fc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
21:00:05.0999 0x10fc QWAVE - ok
21:00:06.0015 0x10fc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:00:06.0040 0x10fc QWAVEdrv - ok
21:00:06.0058 0x10fc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:00:06.0109 0x10fc RasAcd - ok
21:00:06.0139 0x10fc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:00:06.0195 0x10fc RasAgileVpn - ok
21:00:06.0262 0x10fc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
21:00:06.0458 0x10fc RasAuto - ok
21:00:06.0508 0x10fc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:00:06.0592 0x10fc Rasl2tp - ok
21:00:06.0606 0x10fc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
21:00:06.0658 0x10fc RasMan - ok
21:00:06.0674 0x10fc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:00:06.0726 0x10fc RasPppoe - ok
21:00:06.0744 0x10fc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:00:06.0799 0x10fc RasSstp - ok
21:00:06.0817 0x10fc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:00:06.0866 0x10fc rdbss - ok
21:00:06.0884 0x10fc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:00:06.0906 0x10fc rdpbus - ok
21:00:06.0916 0x10fc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:00:06.0957 0x10fc RDPCDD - ok
21:00:07.0001 0x10fc [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:00:07.0036 0x10fc RDPDR - ok
21:00:07.0050 0x10fc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:00:07.0100 0x10fc RDPENCDD - ok
21:00:07.0114 0x10fc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:00:07.0155 0x10fc RDPREFMP - ok
21:00:07.0180 0x10fc [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:00:07.0211 0x10fc RdpVideoMiniport - ok
21:00:07.0236 0x10fc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:00:07.0270 0x10fc RDPWD - ok
21:00:07.0294 0x10fc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:00:07.0316 0x10fc rdyboost - ok
21:00:07.0337 0x10fc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:00:07.0382 0x10fc RemoteAccess - ok
21:00:07.0409 0x10fc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:00:07.0456 0x10fc RemoteRegistry - ok
21:00:07.0477 0x10fc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:00:07.0522 0x10fc RpcEptMapper - ok
21:00:07.0543 0x10fc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
21:00:07.0572 0x10fc RpcLocator - ok
21:00:07.0607 0x10fc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
21:00:07.0662 0x10fc RpcSs - ok
21:00:07.0681 0x10fc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:00:07.0724 0x10fc rspndr - ok
21:00:07.0741 0x10fc [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:00:07.0768 0x10fc s3cap - ok
21:00:07.0773 0x10fc SamSs - ok
21:00:07.0797 0x10fc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:00:07.0816 0x10fc sbp2port - ok
21:00:07.0835 0x10fc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:00:07.0883 0x10fc SCardSvr - ok
21:00:07.0892 0x10fc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:00:07.0941 0x10fc scfilter - ok
21:00:07.0993 0x10fc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
21:00:08.0093 0x10fc Schedule - ok
21:00:08.0111 0x10fc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:00:08.0153 0x10fc SCPolicySvc - ok
21:00:08.0170 0x10fc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:00:08.0205 0x10fc SDRSVC - ok
21:00:08.0223 0x10fc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:00:08.0268 0x10fc secdrv - ok
21:00:08.0278 0x10fc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
21:00:08.0320 0x10fc seclogon - ok
21:00:08.0333 0x10fc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
21:00:08.0386 0x10fc SENS - ok
21:00:08.0396 0x10fc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:00:08.0428 0x10fc SensrSvc - ok
21:00:08.0435 0x10fc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:00:08.0465 0x10fc Serenum - ok
21:00:08.0483 0x10fc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:00:08.0505 0x10fc Serial - ok
21:00:08.0525 0x10fc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:00:08.0556 0x10fc sermouse - ok
21:00:08.0586 0x10fc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
21:00:08.0641 0x10fc SessionEnv - ok
21:00:08.0659 0x10fc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:00:08.0686 0x10fc sffdisk - ok
21:00:08.0699 0x10fc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:00:08.0721 0x10fc sffp_mmc - ok
21:00:08.0731 0x10fc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:00:08.0753 0x10fc sffp_sd - ok
21:00:08.0768 0x10fc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:00:08.0792 0x10fc sfloppy - ok
21:00:08.0836 0x10fc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:00:08.0893 0x10fc SharedAccess - ok
21:00:08.0931 0x10fc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:00:08.0985 0x10fc ShellHWDetection - ok
21:00:09.0008 0x10fc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:00:09.0025 0x10fc SiSRaid2 - ok
21:00:09.0048 0x10fc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:00:09.0066 0x10fc SiSRaid4 - ok
21:00:09.0086 0x10fc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:00:09.0130 0x10fc Smb - ok
21:00:09.0155 0x10fc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:00:09.0182 0x10fc SNMPTRAP - ok
21:00:09.0193 0x10fc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
21:00:09.0211 0x10fc spldr - ok
21:00:09.0248 0x10fc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
21:00:09.0318 0x10fc Spooler - ok
21:00:09.0528 0x10fc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
21:00:09.0723 0x10fc sppsvc - ok
21:00:09.0757 0x10fc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:00:09.0801 0x10fc sppuinotify - ok
21:00:09.0837 0x10fc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:00:09.0879 0x10fc srv - ok
21:00:09.0911 0x10fc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:00:09.0952 0x10fc srv2 - ok
21:00:09.0972 0x10fc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:00:09.0995 0x10fc srvnet - ok
21:00:10.0014 0x10fc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:00:10.0071 0x10fc SSDPSRV - ok
21:00:10.0087 0x10fc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:00:10.0134 0x10fc SstpSvc - ok
21:00:10.0156 0x10fc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:00:10.0174 0x10fc stexstor - ok
21:00:10.0212 0x10fc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
21:00:10.0264 0x10fc stisvc - ok
21:00:10.0295 0x10fc [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:00:10.0313 0x10fc storflt - ok
21:00:10.0337 0x10fc [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
21:00:10.0365 0x10fc StorSvc - ok
21:00:10.0386 0x10fc [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:00:10.0403 0x10fc storvsc - ok
21:00:10.0421 0x10fc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:00:10.0442 0x10fc swenum - ok
21:00:10.0469 0x10fc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
21:00:10.0539 0x10fc swprv - ok
21:00:10.0643 0x10fc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
21:00:10.0755 0x10fc SysMain - ok
21:00:10.0773 0x10fc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:00:10.0803 0x10fc TabletInputService - ok
21:00:10.0827 0x10fc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
21:00:10.0886 0x10fc TapiSrv - ok
21:00:10.0900 0x10fc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
21:00:10.0944 0x10fc TBS - ok
21:00:10.0960 0x10fc Tcpip - ok
21:00:10.0966 0x10fc TCPIP6 - ok
21:00:10.0992 0x10fc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:00:11.0012 0x10fc tcpipreg - ok
21:00:11.0028 0x10fc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:00:11.0062 0x10fc TDPIPE - ok
21:00:11.0081 0x10fc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:00:11.0101 0x10fc TDTCP - ok
21:00:11.0120 0x10fc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:00:11.0163 0x10fc tdx - ok
21:00:11.0173 0x10fc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:00:11.0192 0x10fc TermDD - ok
21:00:11.0220 0x10fc [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
21:00:11.0284 0x10fc TermService - ok
21:00:11.0299 0x10fc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
21:00:11.0326 0x10fc Themes - ok
21:00:11.0337 0x10fc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
21:00:11.0379 0x10fc THREADORDER - ok
21:00:11.0392 0x10fc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
21:00:11.0452 0x10fc TrkWks - ok
21:00:11.0473 0x10fc Trufos - ok
21:00:11.0510 0x10fc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:00:11.0554 0x10fc TrustedInstaller - ok
21:00:11.0592 0x10fc [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:00:11.0621 0x10fc tssecsrv - ok
21:00:11.0646 0x10fc [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:00:11.0681 0x10fc TsUsbFlt - ok
21:00:11.0706 0x10fc [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:00:11.0726 0x10fc TsUsbGD - ok
21:00:11.0744 0x10fc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:00:11.0795 0x10fc tunnel - ok
21:00:11.0808 0x10fc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:00:11.0827 0x10fc uagp35 - ok
21:00:11.0853 0x10fc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:00:11.0913 0x10fc udfs - ok
21:00:11.0937 0x10fc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:00:11.0960 0x10fc UI0Detect - ok
21:00:11.0980 0x10fc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:00:11.0998 0x10fc uliagpkx - ok
21:00:12.0015 0x10fc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:00:12.0044 0x10fc umbus - ok
21:00:12.0059 0x10fc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
21:00:12.0083 0x10fc UmPass - ok
21:00:12.0118 0x10fc [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
21:00:12.0154 0x10fc UmRdpService - ok
21:00:12.0175 0x10fc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
21:00:12.0240 0x10fc upnphost - ok
21:00:12.0267 0x10fc [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:00:12.0296 0x10fc usbccgp - ok
21:00:12.0316 0x10fc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:00:12.0350 0x10fc usbcir - ok
21:00:12.0360 0x10fc [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:00:12.0383 0x10fc usbehci - ok
21:00:12.0413 0x10fc [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:00:12.0448 0x10fc usbhub - ok
21:00:12.0472 0x10fc [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:00:12.0498 0x10fc usbohci - ok
21:00:12.0521 0x10fc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:00:12.0554 0x10fc usbprint - ok
21:00:12.0573 0x10fc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:00:12.0608 0x10fc USBSTOR - ok
21:00:12.0625 0x10fc [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:00:12.0644 0x10fc usbuhci - ok
21:00:12.0658 0x10fc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
21:00:12.0707 0x10fc UxSms - ok
21:00:12.0713 0x10fc VaultSvc - ok
21:00:12.0723 0x10fc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:00:12.0740 0x10fc vdrvroot - ok
21:00:12.0773 0x10fc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
21:00:12.0831 0x10fc vds - ok
21:00:12.0851 0x10fc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:00:12.0874 0x10fc vga - ok
21:00:12.0890 0x10fc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:00:12.0931 0x10fc VgaSave - ok
21:00:12.0956 0x10fc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:00:12.0979 0x10fc vhdmp - ok
21:00:13.0004 0x10fc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
21:00:13.0021 0x10fc viaide - ok
21:00:13.0046 0x10fc [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:00:13.0068 0x10fc vmbus - ok
21:00:13.0086 0x10fc [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:00:13.0106 0x10fc VMBusHID - ok
21:00:13.0120 0x10fc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:00:13.0138 0x10fc volmgr - ok
21:00:13.0173 0x10fc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:00:13.0200 0x10fc volmgrx - ok
21:00:13.0236 0x10fc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:00:13.0261 0x10fc volsnap - ok
21:00:13.0285 0x10fc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:00:13.0305 0x10fc vsmraid - ok
21:00:13.0372 0x10fc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
21:00:13.0492 0x10fc VSS - ok
21:00:13.0539 0x10fc [ 93132C69394A99D992095D8CFE464801, A76C0371E9E18B038B0745C3F38AC4E958D43CB87EAB358EB88F431A33EE1F6E ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
21:00:13.0571 0x10fc VST64HWBS2 - ok
21:00:13.0627 0x10fc [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:00:13.0722 0x10fc VST64_DPV - ok
21:00:13.0743 0x10fc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:00:13.0772 0x10fc vwifibus - ok
21:00:13.0794 0x10fc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
21:00:13.0851 0x10fc W32Time - ok
21:00:13.0871 0x10fc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:00:13.0892 0x10fc WacomPen - ok
21:00:13.0908 0x10fc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:00:13.0958 0x10fc WANARP - ok
21:00:13.0965 0x10fc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:00:14.0008 0x10fc Wanarpv6 - ok
21:00:14.0079 0x10fc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:00:14.0146 0x10fc WatAdminSvc - ok
21:00:14.0230 0x10fc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
21:00:14.0330 0x10fc wbengine - ok
21:00:14.0361 0x10fc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:00:14.0394 0x10fc WbioSrvc - ok
21:00:14.0431 0x10fc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:00:14.0477 0x10fc wcncsvc - ok
21:00:14.0492 0x10fc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:00:14.0529 0x10fc WcsPlugInService - ok
21:00:14.0545 0x10fc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
21:00:14.0562 0x10fc Wd - ok
21:00:14.0609 0x10fc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:00:14.0649 0x10fc Wdf01000 - ok
21:00:14.0663 0x10fc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:00:14.0743 0x10fc WdiServiceHost - ok
21:00:14.0752 0x10fc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:00:14.0783 0x10fc WdiSystemHost - ok
21:00:14.0813 0x10fc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
21:00:14.0842 0x10fc WebClient - ok
21:00:14.0868 0x10fc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:00:14.0928 0x10fc Wecsvc - ok
21:00:14.0941 0x10fc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:00:14.0988 0x10fc wercplsupport - ok
21:00:15.0002 0x10fc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
21:00:15.0049 0x10fc WerSvc - ok
21:00:15.0058 0x10fc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:00:15.0100 0x10fc WfpLwf - ok
21:00:15.0112 0x10fc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:00:15.0129 0x10fc WIMMount - ok
21:00:15.0168 0x10fc [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:00:15.0211 0x10fc winachsf - ok
21:00:15.0244 0x10fc WinDefend - ok
21:00:15.0254 0x10fc WinHttpAutoProxySvc - ok
21:00:15.0308 0x10fc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:00:15.0368 0x10fc Winmgmt - ok
21:00:15.0451 0x10fc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
21:00:15.0585 0x10fc WinRM - ok
21:00:15.0617 0x10fc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
21:00:15.0640 0x10fc WinUSB - ok
21:00:15.0684 0x10fc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:00:15.0751 0x10fc Wlansvc - ok
21:00:15.0765 0x10fc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:00:15.0793 0x10fc WmiAcpi - ok
21:00:15.0814 0x10fc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:00:15.0845 0x10fc wmiApSrv - ok
21:00:15.0856 0x10fc WMPNetworkSvc - ok
21:00:15.0870 0x10fc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:00:15.0898 0x10fc WPCSvc - ok
21:00:15.0913 0x10fc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:00:15.0939 0x10fc WPDBusEnum - ok
21:00:15.0964 0x10fc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:00:16.0016 0x10fc ws2ifsl - ok
21:00:16.0040 0x10fc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
21:00:16.0077 0x10fc wscsvc - ok
21:00:16.0083 0x10fc WSearch - ok
21:00:16.0103 0x10fc wuauserv - ok
21:00:16.0136 0x10fc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:00:16.0160 0x10fc WudfPf - ok
21:00:16.0174 0x10fc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:00:16.0213 0x10fc WUDFRd - ok
21:00:16.0243 0x10fc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:00:16.0277 0x10fc wudfsvc - ok
21:00:16.0299 0x10fc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
21:00:16.0336 0x10fc WwanSvc - ok
21:00:16.0349 0x10fc ================ Scan global ===============================
21:00:16.0372 0x10fc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:00:16.0402 0x10fc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:00:16.0419 0x10fc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:00:16.0450 0x10fc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:00:16.0479 0x10fc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:00:16.0488 0x10fc [ Global ] - ok
21:00:16.0489 0x10fc ================ Scan MBR ==================================
21:00:16.0508 0x10fc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:00:17.0134 0x10fc \Device\Harddisk0\DR0 - ok
21:00:17.0152 0x10fc [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
21:00:17.0159 0x10fc \Device\Harddisk1\DR1 - ok
21:00:17.0161 0x10fc ================ Scan VBR ==================================
21:00:17.0165 0x10fc [ 10DA451CEEBD20EAEEE92013709FEE75 ] \Device\Harddisk0\DR0\Partition1
21:00:17.0167 0x10fc \Device\Harddisk0\DR0\Partition1 - ok
21:00:17.0176 0x10fc [ 7158EE920C37A50814364F7512134E4B ] \Device\Harddisk0\DR0\Partition2
21:00:17.0198 0x10fc \Device\Harddisk0\DR0\Partition2 - ok
21:00:17.0202 0x10fc [ 074B8C0E27F60C8666847DB7AF6F9A1D ] \Device\Harddisk1\DR1\Partition1
21:00:17.0229 0x10fc \Device\Harddisk1\DR1\Partition1 - ok
21:00:17.0230 0x10fc ================ Scan generic autorun ======================
21:00:17.0257 0x10fc [ 92FDB0658CA16974B4AE80E248A5B118, 9E0CF6A9C845C5F9E4B80B9105DBECE15ACC27984FCBFD8774C00EBE20DB652F ] C:\Windows\system32\igfxtray.exe
21:00:17.0276 0x10fc IgfxTray - ok
21:00:17.0304 0x10fc [ 23A6AE66AA4BEF792649736385BB51BA, FC85E38B2F5F52E970EAE5DAFC3B738BCC8BF596AF3766F0EDA03040664E1F08 ] C:\Windows\system32\hkcmd.exe
21:00:17.0328 0x10fc HotKeysCmds - ok
21:00:17.0352 0x10fc [ F6FA1865978214FB7FCD80149BBF1C13, 3CA24827982B521986DBE1E5600316155800C3777BAF415B978C7FE9F3AA3DD2 ] C:\Windows\system32\igfxpers.exe
21:00:17.0375 0x10fc Persistence - ok
21:00:17.0397 0x10fc AdAwareTray - ok
21:00:17.0483 0x10fc [ DA8B4836B97995D2445CF9E8ADD1E645, 022DC2CA9E70E2CB470995423BC712B4A3A94D9AE774BA458835E56237CCCC2B ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
21:00:17.0528 0x10fc StartCCC - ok
21:00:17.0548 0x10fc Adobe ARM - ok
21:00:17.0614 0x10fc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:00:17.0692 0x10fc Sidebar - ok
21:00:17.0710 0x10fc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:00:17.0747 0x10fc mctadmin - ok
21:00:17.0784 0x10fc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:00:17.0836 0x10fc Sidebar - ok
21:00:17.0853 0x10fc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:00:17.0882 0x10fc mctadmin - ok
21:00:17.0936 0x10fc Spotify Web Helper - ok
21:00:18.0027 0x10fc [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
21:00:18.0097 0x10fc Sidebar - ok
21:00:18.0113 0x10fc AV detected via SS2: Ad-Aware Antivirus, C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareSecurityCenter.exe ( 11.3.6321.0 ), 0x40010 ( disabled : outofdate )
21:00:18.0115 0x10fc FW detected via SS2: Ad-Aware Firewall, C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareSecurityCenter.exe ( 11.3.6321.0 ), 0x40010 ( disabled )
21:00:18.0119 0x10fc Win FW state via NFP2: enabled
21:00:20.0854 0x10fc ============================================================
21:00:20.0854 0x10fc Scan finished
21:00:20.0854 0x10fc ============================================================
21:00:20.0869 0x1390 Detected object count: 0
21:00:20.0869 0x1390 Actual detected object count: 0
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 15th, 2014, 9:42 pm

Zoek.exe v5.0.0.0 Updated 14-September-2014
Tool run by Joshua on Mon 09/15/2014 at 21:04:57.14.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Joshua\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

9/15/2014 9:05:48 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Joshua\AppData\LocalLow\Protect deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Windows\Installer\1646a5.msi" deleted
"C:\Users\Joshua\AppData\Roaming\TOSRNFR" deleted

==== Chromium Look ======================

Google Voice Search Hotword (Beta) - Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

==== Chromium Fix ======================

C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Joshua\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Joshua\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istart123.com_0.localstorage deleted successfully
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istart123.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EA08A93E0CC0EE34BAB6EB11CDF469F9 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EA08A93E0CC0EE34BAB6EB11CDF469F9 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Joshua\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=20 folders=4 15129368 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Joshua\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Joshua\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied

==== EOF on Mon 09/15/2014 at 21:20:52.07 ======================
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 15th, 2014, 9:59 pm

No problem executing the instructions.

Still getting popups like mad.

amongst the numerous popups i got just using this forum and executing the instructions got two notable popups off this thread.

hxxp://4343d83bf38ebcec5d64-90e492ccad1e6835a708df980f059ec0.r72.cf5.rackcdn.com/us/8naww/index.html?voluumdata=vid..00000000-5421-44d1-8000-000000000000__vpid..a3403000-3d23-11e4-8b70-a501345907c1__caid..814c276f-2547-4011-9587-585e88b4eb31__lid..7348b4a4-3fc6-4fea-a0d7-ee1e7c35c55c__rt..R__oid1..c66fe8d1-05b6-4347-af0a-8c96dded0b3a__var1..click%5C.%5Cdealshark%5C.%5Ccom__var2..614036&c1=click.dealshark.com&c2=614036


hxxp://adultfriendfinder.com/go/page/landing_page_73?pid=p2003007.sub(affID)&ip=auto&no_click=1&alpo_redirect=1&nid=94&nats=NjI1NTE4fGNsaWNrLmRlYWxzaGFyay5jb218VVNBfHw5MjA3NzE0fGFkdmVydGlzZWNvbXwzMTA2MzR8MTAxNDAzNHwyNC4xODAuMTc1LjUxfDJ8MzF8fDQxfDJ8M3x8MHwzfHwxfDdhODhjN2FlMDQxMTMxNTdlMTFkNTQ5OGUzMTkyZWRl#/regpage/1

both popups from clicking on this thread.

am i gonna have to remove Opera? is that whats diseased? I was watching one of those tools you asked me to use today run, and it checked IE, and i think it even checked Chrome, but I dont know if it checked Opera files for whatever is causing this.

Again, Thank you.


Edit: I came back and edited this to say, Feel free to break those links so someone else isnt surprised by a porn type ad. and when i again clicked on this thread i got an add for

hxxp://www.watchmygf.net/tt1/?nats=MjA4MTI6NDA6MTU&tracker=exo_39d352b0395ba768e18f042c6e2a8621_MzQzOTYzfGNsaWNrLmRlYWxzaGFyay5jb218VVNBfHw2M2MzR8MTAxNDAzNHwyNC4xODAuMTc1LjUxfDJ8MzF8fDQxfDJ8M3x8MHwzfHwxfGNiYWE1NGY0MDI1ZDBiZWFlOTVmYzM3MTY1YjNjNWQ1

again feel free to edit and break these links. or request me to do it with a cease and desist. I'm not a shill for these, they are the pop ups my browser is giving me. I'd like it to stop lol, I never know when the kids are gonna be in the office! >_<
Last edited by NonSuch on September 16th, 2014, 3:30 pm, edited 2 times in total.
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 16th, 2014, 2:18 pm

Hello misfit21ca,

Still getting popups like mad.
amongst the numerous popups i got just using this forum and executing the instructions got two notable popups off this thread.
hxxp://4343d83bf38ebcec5d64-90e492ccad1 ... &c2=614036
Firstly, may I draw your attention to the fact that posting of the malicious links like you did is dangerous because somebody can click on it and infect his computer.
Our forum admins were needed to edit such links for disabling.
Please don't do it again!

am i gonna have to remove Opera?
Yes, please do it and don't install the fresh copy of the Opera until I will allow it later after I finish with cleanup.

Step 1.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *cheapinsurance*
    *coreclickhoo*
    *crossrider*
    *datamngr*
    *dealshark*
    *filescout*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *istart123*
    *MyWay*
    *pricegong*
    *SafeGuard*
    *smartbar*
    *searchab*
    *sprotector*
    *superfish*
    *Tarma*
    *trolltech*
    *vshare*
    *wajam*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *cheapinsurance*
    *coreclickhoo*
    *crossrider*
    *dealshark*
    *datamngr*
    *smartbar*
    *filescout*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *istart123*
    *MyWay*
    *pricegong*
    *SafeGuard*
    *searchab*
    *sprotector*
    *superfish*
    *Tarma*
    *trolltech*
    *vshare*
    *wajam*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    cheapinsurance
    coreclickhoo
    crossrider
    Conduit
    datamngr
    dealshark
    filescout
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    istart123
    MyWay
    pricegong
    SafeGuard
    searchab
    smartbar
    sprotector
    superfish
    Tarma
    trolltech
    vshare
    whitesmoke
    wajam
    Yontoo
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 2.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Step 3.
ZOEK Scan
You should still have zoek.exe on your desktop.
  1. Please temporarily disable your AntiVirus program as shown in This topic now to avoid potential conflicts during both download and run.
  2. Close any open browsers.
  3. Right click on zoek.exe and select "Run as administrator..." to run it. If prompted by UAC, please allow it.
  4. Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  5. Click the More Options button below the large panel and check the box:
    • Do a Deep Scan
    • Silent Runners
    • Chrome Lookup
    • System Specs
    • Startup Information
    • Installed Programs
    • Uninstall List
    • Recently Created
  6. Click on Run script button
  7. Please wait patiently (it may take a while) until a log report will open (this may be after reboot, if required)
  8. Copy and paste the contents of the opened entire report into your next reply.
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the SystemLook.txt log file
  3. Contents of a OTL.txt log file after OTL fresh scan
  4. Contents of the zoek-results.log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 16th, 2014, 8:47 pm

Did not have any problems executing the directions. For Opera I used control panel, add remove programs, uninstalled Opera. Then did a file and folder search for anything with Opera in it. There was none, then restarted the computer and moved on with your prescribed tools.

SystemLook 30.07.11 by jpshortstuff
Log created at 19:55 on 16/09/2014 by Joshua
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
C:\Users\Joshua\Music\Incomplete\T-4098048-Bob Marley - Rivers of Babylon.mp3 --a---- 1249408 bytes [02:34 28/09/2013] [16:53 09/05/2010] C7922197B02FC5B577DFDDB0696EDBD3

Searching for "*Conduit*"
No files found.

Searching for "*cheapinsurance*"
No files found.

Searching for "*coreclickhoo*"
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_coreclickhoo.com_0.localstorage --a---- 3072 bytes [23:30 08/09/2014] [23:30 08/09/2014] 8CDB13AFF8BB48837342AAAAA6713F8D
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_coreclickhoo.com_0.localstorage-journal --a---- 3608 bytes [23:30 08/09/2014] [23:30 08/09/2014] 209F81D3F6E71C2756179345DA306CE2

Searching for "*crossrider*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*dealshark*"
No files found.

Searching for "*filescout*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*istart123*"
C:\zoek_backup\C_Users_Joshua_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_www.istart123.com_0.localstorage-journal.vir --a---- 3608 bytes [01:16 16/09/2014] [23:28 08/09/2014] 9103F91A7F7DA97830A3EF865ACA648E
C:\zoek_backup\C_Users_Joshua_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_www.istart123.com_0.localstorage.vir --a---- 3072 bytes [01:16 16/09/2014] [23:28 08/09/2014] AD2F43FE455BBFAF004C46728DA4E650

Searching for "*MyWay*"
No files found.

Searching for "*pricegong*"
No files found.

Searching for "*SafeGuard*"
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Kingsoft Safeguard.xml --a---- 5025 bytes [18:09 10/07/2014] [18:09 10/07/2014] 58306A1A337AAA327ECC8E336AA506AC

Searching for "*smartbar*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*sprotector*"
No files found.

Searching for "*superfish*"
C:\AdwCleaner\Quarantine\C\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal.vir --a---- 3608 bytes [01:53 09/08/2014] [01:53 09/08/2014] 9361F0B7F97C793EC7F1AE7BDF42A432
C:\AdwCleaner\Quarantine\C\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage.vir --a---- 3072 bytes [01:53 09/08/2014] [01:53 09/08/2014] 1B0C88693AD1A35C04B3A44B0D89081E
C:\Users\Joshua\AppData\Local\Microsoft\Internet Explorer\DOMStore\0GQUGEDO\www.superfish[1].xml --a---- 13 bytes [23:39 16/09/2014] [23:39 16/09/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Joshua\AppData\Local\Microsoft\Internet Explorer\DOMStore\TC0F03C7\www.superfish[1].xml --a---- 668 bytes [23:39 16/09/2014] [23:39 16/09/2014] 53B293166416475C2DFA48AB42E2781B
C:\Users\Joshua\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CL5WGAIO\www.superfish[1].xml --a---- 668 bytes [23:49 16/09/2014] [23:49 16/09/2014] 25DFCC42F9BEDC6B7CD66AADCF572988
C:\Users\Joshua\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UP78MJC9\www.superfish[1].xml --a---- 13 bytes [23:49 16/09/2014] [23:49 16/09/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\zoek_backup\C_Users_Joshua_AppData_Local_Google_Chrome_User Data_Default_Local Storage_https_www.superfish.com_0.localstorage-journal.vir --a---- 3608 bytes [01:16 16/09/2014] [03:02 20/07/2014] E8E4FA75EC52375EA9198E6E6F3A7DA2
C:\zoek_backup\C_Users_Joshua_AppData_Local_Google_Chrome_User Data_Default_Local Storage_https_www.superfish.com_0.localstorage.vir --a---- 3072 bytes [01:16 16/09/2014] [03:02 20/07/2014] 59F038189BCA96FA92B473428D3B521A
C:\zoek_backup\C_Users_Joshua_AppData_Roaming_Opera Software_Opera Stable_Local Storage_http_www.superfish.com_0.localstorage-journal.vir --a---- 3608 bytes [01:16 16/09/2014] [00:53 15/09/2014] 992BFE5F2768A26452FB1ACD95604F7C
C:\zoek_backup\C_Users_Joshua_AppData_Roaming_Opera Software_Opera Stable_Local Storage_http_www.superfish.com_0.localstorage.vir --a---- 5120 bytes [01:16 16/09/2014] [00:53 15/09/2014] 3C6FC6E7EB63DDA56EA6D4655F565B7C

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*wajam*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*cheapinsurance*"
No folders found.

Searching for "*coreclickhoo*"
No folders found.

Searching for "*crossrider*"
No folders found.

Searching for "*dealshark*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*filescout*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*istart123*"
No folders found.

Searching for "*MyWay*"
No folders found.

Searching for "*pricegong*"
No folders found.

Searching for "*SafeGuard*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*sprotector*"
No folders found.

Searching for "*superfish*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*wajam*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "cheapinsurance"
No data found.

Searching for "coreclickhoo"
No data found.

Searching for "crossrider"
No data found.

Searching for "Conduit"
No data found.

Searching for "datamngr"
No data found.

Searching for "dealshark"
No data found.

Searching for "filescout"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "istart123"
No data found.

Searching for "MyWay"
No data found.

Searching for "pricegong"
No data found.

Searching for "SafeGuard"
No data found.

Searching for "searchab"
No data found.

Searching for "smartbar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"Path"="C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Users\Joshua\AppData\Local\Smartbar\Application\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Environment]
"Path"="C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Users\Joshua\AppData\Local\Smartbar\Application\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"Path"="C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Users\Joshua\AppData\Local\Smartbar\Application\"

Searching for "sprotector"
No data found.

Searching for "superfish"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
"DllName"="SuperfishIEAddon.dll;SuperfishIEAddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
"DllName"="SuperfishIEAddon.dll;SuperfishIEAddon.dll"
[HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com]
[HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com]
[HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com]
[HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com]

Searching for "Tarma"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "wajam"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 16th, 2014, 8:51 pm

+OTL logfile created on: 9/16/2014 8:14:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joshua\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 78.71% Memory free
6.49 Gb Paging File | 5.07 Gb Available in Paging File | 78.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 345.76 Gb Total Space | 182.89 Gb Free Space | 52.89% Space Free | Partition Type: NTFS
Drive D: | 120.00 Gb Total Space | 114.94 Gb Free Space | 95.78% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 232.76 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

Computer Name: 700GR | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/14 14:03:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua\Downloads\OTL (1).exe
PRC - [2014/09/04 08:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/24 22:40:44 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/06/20 23:44:14 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2014/08/27 12:32:26 | 000,706,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/16 16:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/09/09 23:11:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 08:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/10 14:09:30 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2014/07/10 14:09:30 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys -- (gzflt)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/11/16 15:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/26 06:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 15:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 15:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/16 19:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 17:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/16 05:59:42 | 000,199,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\efe5b32e.sys -- (E100B)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: 681749B486A67289911A682D301A4BDB897CEC80DF0BB4613678EED13F993FFA ()
CHR - default_search_provider: search_url = C28BE4738F70A608EEFE08459836A4665BAD4D17BE7516317CE156B25BB73204
CHR - default_search_provider: suggest_url =
CHR - homepage: C83883EF74E640D2288FD0BDFD1DFAF3DAD2CF646741AC1433BF9E1061131F18
CHR - homepage:
CHR - Extension: Google Docs = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Google Search = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/07/21 21:29:05 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000..\Run: [Spotify Web Helper] C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99CE28D5-4235-4B99-8D50-EA7CF33AB921}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99CE28D5-4235-4B99-8D50-EA7CF33AB921}: NameServer = 81.218.119.15,199.203.35.75
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/27 14:17:54 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/15 21:20:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/09/15 21:18:41 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/09/15 21:18:41 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\Temp
[2014/09/15 21:04:52 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/09/15 18:48:07 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joshua\Desktop\tdsskiller.exe
[2014/09/14 18:36:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/14 14:07:09 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/14 14:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/14 14:06:43 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/14 14:06:43 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/14 14:06:43 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/14 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/14 14:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/12 20:09:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/09/12 19:40:30 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/09/12 19:39:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/11 18:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Techsnab
[2014/09/10 03:07:10 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/10 03:07:10 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/10 03:07:08 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/10 03:07:07 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/10 03:07:07 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/10 03:07:07 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/10 03:07:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/10 03:07:07 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/10 03:07:07 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/10 03:07:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/10 03:07:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/10 03:07:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/10 03:07:06 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/10 03:07:06 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/10 03:07:06 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/10 03:07:05 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/10 03:07:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/10 03:07:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/10 03:07:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/10 03:07:04 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/10 03:07:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/10 03:07:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/10 03:07:03 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/10 03:07:03 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/10 03:07:01 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/10 03:07:01 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/10 03:07:01 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/10 03:07:01 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/10 03:07:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/10 03:07:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/10 03:07:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/10 03:07:00 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/10 03:06:56 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/10 03:06:55 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/10 03:06:55 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/10 03:00:57 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/10 03:00:57 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/09 23:10:19 | 010,036,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/09/09 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Lavasoft
[2014/09/09 21:47:23 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\LavasoftStatistics
[2014/09/09 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2014/09/09 21:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/09/09 21:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/09/09 21:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/09/09 21:35:43 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/09 21:35:43 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/09 21:34:52 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/09 21:33:38 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/09 21:33:36 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/09 21:33:35 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/08/28 20:32:17 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\Adobe
[2014/08/27 20:46:51 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll

========== Files - Modified Within 30 Days ==========

[2014/09/16 20:09:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/16 19:50:10 | 000,033,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/16 19:50:10 | 000,033,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/16 19:49:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/16 19:43:35 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/09/16 19:43:08 | 000,001,688 | ---- | M] () -- C:\Windows\tasks\TOSRNFR.job
[2014/09/16 19:43:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/16 19:43:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/16 19:42:53 | 2615,365,632 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/15 21:57:42 | 000,001,887 | ---- | M] () -- C:\Users\Joshua\Desktop\New Rich Text Document.rtf
[2014/09/15 21:04:52 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/09/15 21:04:06 | 001,290,240 | ---- | M] () -- C:\Users\Joshua\Desktop\zoek.exe
[2014/09/15 18:48:25 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joshua\Desktop\tdsskiller.exe
[2014/09/14 20:23:37 | 000,007,601 | ---- | M] () -- C:\Users\Joshua\AppData\Local\Resmon.ResmonCfg
[2014/09/14 19:46:27 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/14 18:35:43 | 000,001,474 | ---- | M] () -- C:\Users\Joshua\Desktop\OTL (1).exe - Shortcut.lnk
[2014/09/14 14:06:46 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/12 20:24:52 | 000,001,114 | ---- | M] () -- C:\Users\Joshua\Desktop\SystemLook_x64 - Shortcut.lnk
[2014/09/12 20:08:38 | 000,001,432 | ---- | M] () -- C:\Users\Joshua\Desktop\JRT - Shortcut.lnk
[2014/09/12 19:38:41 | 000,001,559 | ---- | M] () -- C:\Users\Joshua\Desktop\adwcleaner_3.310 - Shortcut.lnk
[2014/09/11 19:42:10 | 000,001,492 | ---- | M] () -- C:\Users\Joshua\Desktop\CKScanner.exe - Shortcut.lnk
[2014/09/10 03:38:36 | 000,782,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/10 03:38:36 | 000,662,158 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/10 03:38:36 | 000,122,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/10 03:05:33 | 000,774,132 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/09 23:10:29 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/09 23:10:29 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/09 23:10:19 | 010,036,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/09/08 21:20:43 | 000,000,534 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/09/08 19:47:45 | 000,002,273 | ---- | M] () -- C:\Users\Joshua\Desktop\Google Chrome.lnk
[2014/09/08 19:47:17 | 000,002,297 | ---- | M] () -- C:\Users\Joshua\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/08 19:47:17 | 000,001,455 | ---- | M] () -- C:\Users\Joshua\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/08 19:35:12 | 000,000,679 | ---- | M] () -- C:\Windows\PCHealthFix.INI
[2014/09/04 22:10:43 | 000,578,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/04 22:05:42 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/08/28 18:12:19 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/22 22:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/18 18:29:35 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/18 18:19:53 | 005,833,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/18 18:15:34 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/18 18:15:09 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/18 18:14:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/18 18:14:10 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/18 18:08:08 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/18 18:05:01 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/18 18:03:47 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/18 18:03:01 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/18 17:56:17 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/18 17:51:29 | 000,446,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/18 17:45:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/18 17:45:12 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/18 17:44:44 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/18 17:44:09 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/18 17:40:29 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/18 17:39:19 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/18 17:39:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/18 17:38:12 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/18 17:37:17 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/18 17:36:07 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/18 17:35:24 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/18 17:25:40 | 000,727,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/18 17:25:16 | 000,707,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/18 17:23:17 | 002,104,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/18 17:23:16 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/18 17:22:48 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/18 17:19:16 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/18 17:17:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/18 17:08:54 | 002,014,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/18 17:07:44 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/18 16:38:41 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/18 16:36:30 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

========== Files Created - No Company Name ==========

[2014/09/15 21:18:42 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/09/15 21:04:00 | 001,290,240 | ---- | C] () -- C:\Users\Joshua\Desktop\zoek.exe
[2014/09/14 20:23:37 | 000,007,601 | ---- | C] () -- C:\Users\Joshua\AppData\Local\Resmon.ResmonCfg
[2014/09/14 18:34:41 | 000,001,474 | ---- | C] () -- C:\Users\Joshua\Desktop\OTL (1).exe - Shortcut.lnk
[2014/09/14 14:06:46 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/12 20:24:24 | 000,001,114 | ---- | C] () -- C:\Users\Joshua\Desktop\SystemLook_x64 - Shortcut.lnk
[2014/09/12 19:59:53 | 000,001,432 | ---- | C] () -- C:\Users\Joshua\Desktop\JRT - Shortcut.lnk
[2014/09/12 19:38:33 | 000,001,559 | ---- | C] () -- C:\Users\Joshua\Desktop\adwcleaner_3.310 - Shortcut.lnk
[2014/09/11 19:40:00 | 000,001,492 | ---- | C] () -- C:\Users\Joshua\Desktop\CKScanner.exe - Shortcut.lnk
[2014/09/09 21:47:15 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/09/08 19:35:47 | 000,001,688 | ---- | C] () -- C:\Windows\tasks\TOSRNFR.job
[2014/09/08 19:33:18 | 000,000,679 | ---- | C] () -- C:\Windows\PCHealthFix.INI
[2014/06/03 22:29:31 | 000,000,534 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/02/25 04:03:36 | 000,774,132 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/28 21:03:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/11/16 16:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/11/16 16:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 16th, 2014, 9:00 pm

Zoek.exe v5.0.0.0 Updated 14-September-2014
Tool run by Joshua on Tue 09/16/2014 at 20:30:32.61.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Joshua\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-09-16-012052.log 6050 bytes

==== Installed Programs ======================

Ad-Aware Antivirus
AdAwareInstaller
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader X (10.1.12)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AntimalwareEngine
Battle.net
Catalyst Control Center - Branding
Catalyst Control Center
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Diablo III
EQ2MAP Updater 1.2.10
EverQuest
EverQuest II
GamParse
Google Chrome
Google Earth
Guild Wars 2
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
Legends of Norrath
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
NVIDIA Drivers
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Spotify
World of Warcraft

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Joshua\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3326 MB
CPU Info: Intel(R) Pentium(R) D CPU 3.40GHz
CPU Speed: 3464.3 MHz
Sound Card: Speakers (High Definition Audio |
Display Adapters: ATI Radeon HD 4650 | ATI Radeon HD 4650 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; Generic Non-PnP Monitor | Generic PnP Monitor |
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Intel(R) PRO/100 VE Network Connection
CD / DVD Drives: 2x (G: | H: | ) G: _NEC DVD_RW ND-2510A | H: CD-ROM F565E
Ports: COM3 | COM1 LPT1
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 345.8GB | D: 120.0GB | F: 232.9GB
Hard Disks - Free: C: 182.9GB | D: 114.9GB | F: 232.8GB
Manufacturer *: Intel Corp.
BIOS Info: AT/AT COMPATIBLE | 05/01/06 | ACRSYS - 6d
Time Zone: Eastern Standard Time
Motherboard *: Intel Corporation D945GCZ
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Ad-Aware Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Ad-Aware Antivirus disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Ad-Aware Firewall disabled
Internet Explorer Version: 11.0.9600.17280
Google Chrome version: 37.0.2062.120
Adobe Reader version: 10.1.12.15
Flash Player version: 15.0.0.152

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-09-08 23:33:18 12C0F7BB320E9B0BD65DCC036A01FB88 679 ----a-w- C:\Windows\PCHealthFix.INI
====== C:\Users\Joshua\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-09-12 23:40:30 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-09-10 07:07:10 297EF1AB73B8FCE76BCA1365C2E49AFC 440320 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-09-10 07:07:09 E3D7B3F64C30994409BDF8E48048A854 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 07:07:08 6DD476318F524D2DCB73AFEB2EE27B4A 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 07:07:07 84E96F4AF8A7748A3DE7C3EBBC6768E5 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 07:07:07 42F6F28D4885505F687CAF0459FF9F90 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 07:07:06 CC8F34B345DA638D77BB48C035DA628D 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-09-10 07:07:06 4F2EDC301EC63F803C0FDB6CC87EDA24 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-09-10 07:07:06 010DFAF3EF93994B805BAA1493D47973 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 07:07:05 D603AC77E17E5B9583E382F2EE0381A7 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 07:07:05 7C3D593AB1E2F5E5687D97772EF99AC7 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-09-10 07:07:05 13C2C87C35E52AAB1B439FB2E26DF2DE 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 07:07:05 074646C5A979DE79133DE4A8530A9C5D 603136 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 07:07:04 AA595171932ACC79DA9851067DCBDABF 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-09-10 07:07:04 8D4FCAB2643DFEF68040B70F1EDCCBC5 327872 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 07:07:03 77F79126444896B5867E6761490735B8 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 07:07:03 2E2E40E5D92EEA979548E307C5781038 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 07:07:01 88EBB8526981D03C5777AB0A4AEBA8B4 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 07:07:01 5074835337862817DB3726558D0908DE 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 07:07:01 1D8C086A39B9794D7131384586811B25 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 07:06:58 FD96C05DE700F5FD26273D6DDB6495A7 2185728 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-09-10 07:06:57 D58988722C72D265B51A54103DFC2C6F 1812992 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-09-10 07:06:56 77B7DDF91F3ED2CDB6CF60224EE13433 4232704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-09-10 07:06:56 41010A88B70A2168F801DC19EBD4CB4F 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-09-10 07:06:55 6A3A809CA7A8F40C89E6F1D301898A66 2014208 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 07:06:52 7BF1CE9240CB9DD27C3E30733176EB8E 17455104 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-09-10 07:06:51 A3560FAFC1686D5EE9830B33B5C74B66 11769856 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-09-10 07:00:57 2413D2216D08FAF7D7178D9E0B481AEB 2285056 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 03:10:19 A6293CD660C1CA2A42EF001B0A0D2B11 10036224 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 01:35:43 A8DDB7ACB122FC36FF0D7C9B3099A380 793600 ----a-w- C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 01:34:53 1B85FA0D0A93C011B76678733F39DB6C 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2014-09-10 01:34:51 B094390B6B2D0456821384771020870B 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2014-09-10 01:34:51 10826DA2FC073702AEAB93AF3D73B066 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2014-09-10 01:33:38 79896A78039C9A63C56197843CFBAD0B 1987584 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-09-10 07:07:10 9EFF09364ABDC86770FA0B1BCC9CA3C3 596480 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-09-10 07:07:09 1BE1D1942825BE2146941DA274D2B92F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-09-10 07:07:07 EF79F0B9E0F277F5797C475DF4248B97 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-09-10 07:07:07 EE6B22396FA99639A163B1B7E9736669 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-09-10 07:07:07 A0600300428AB73664050659E738F11F 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-09-10 07:07:07 786ECD92C9D77F571134283E0FABAF1A 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-09-10 07:07:07 4CF33E458BAEDA917CAE9F2E8338479C 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-09-10 07:07:07 305D5395A65D00C74A94AEA40E9909E9 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-09-10 07:07:07 2D95BDB699FA1D531B642EA18464FE05 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-09-10 07:07:07 0113777A28BEC88A50C2566F346E4B58 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-09-10 07:07:06 E76C23C71345ACBC65ED8F6E87AD01D1 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-09-10 07:07:06 641068C626DE3AD348871D0D7931A3FA 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-09-10 07:07:05 C07D636B0237172345E68AE8B70A2984 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-09-10 07:07:05 C067D863FCD53B91A5BF78AE1CE88E54 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-09-10 07:07:05 2AEFBA4339A34C8EF021B49D23D1F1DF 727040 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-09-10 07:07:04 A1BB4CFB25F7CE1D4F67DD71111823AA 374968 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-09-10 07:07:04 68B0077C0D09D1B669A260F2921FD6B9 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-09-10 07:07:04 33BAC6F66DB5FE5F7E20D41B025F490E 707072 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-09-10 07:07:02 920BD93A0B64657A20CA66C2EBB167EA 23591424 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-09-10 07:07:01 698C19E198F832E071778A1427E942C8 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-09-10 07:07:01 4C8838D7C13E9080AF4B548CA791896B 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-09-10 07:07:01 227303FC6E95547EA274F4337BBC7278 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-09-10 07:07:01 1439630B47D717960D59423958754394 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-09-10 07:07:00 5A0C72B9D3CCA42D8AB74890C19443B2 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-09-10 07:06:58 75498A52C2AE248DEE5BDF5209768963 2793984 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-09-10 07:06:57 39EBB9708453036A74C30C9A294023FF 2310656 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-09-10 07:06:56 F6304AACC5744016770C8C797CAA2AF7 5833728 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-09-10 07:06:55 FECA80905D551074E1A9298BD98103B7 1447424 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-09-10 07:06:55 97752927B6E2401011A96E0D6082E403 2104832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-09-10 07:06:51 BA56C68CCB912C4C08C97DD32C47AD31 13588480 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-09-10 07:00:57 3469B9FAE899139FEE7356E91693376A 2777088 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll
2014-09-10 01:35:43 EFF3FF9D9E5BFD2A05390D959A1C3AD0 1031168 ----a-w- C:\Windows\Sysnative\TSWorkspace.dll
2014-09-10 01:34:53 33EF550DCCC58C93F5B65FD75BAD9832 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll
2014-09-10 01:34:52 EE4B105F1DBE1E864AFC72E7F0315432 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2014-09-10 01:33:38 224C2EEBAAF39CD93DE5332DBE5E5A95 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll
2014-09-10 01:33:36 E2BCB58869598B392D6A78953F61A2D9 578048 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-09-10 01:33:35 88BC88D0BDFB6BBE5765D5ABB233C110 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
====== C:\Windows\Sysnative\drivers =====
2014-09-14 18:07:09 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-09-14 18:06:43 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-09-14 18:06:43 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-09-14 18:06:43 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
====== C:\Windows\Tasks ======
2014-09-11 22:43:03 B7597E9BDA3B640C2C2F16E76D5C1304 3296 ----a-w- C:\Windows\Sysnative\Tasks\Chrome Launcher
2014-09-08 23:45:58 4C5C888F49633166CDF331664D323563 3142 ----a-w- C:\Windows\Sysnative\Tasks\{5650BB43-3DB3-49D3-9CE1-B68665637D9A}
2014-09-08 23:35:47 2A2681FC5213B810851E5890339769CF 1688 ----a-w- C:\Windows\Tasks\TOSRNFR.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-10 01:46:53 -------- d-----w- C:\Program Files\Lavasoft
2014-09-10 01:45:50 -------- d-----w- C:\Program Files\Common Files\Lavasoft
======= C:\PROGRA~2 =====
2014-09-11 22:43:00 -------- d-----w- C:\PROGRA~2\Techsnab
======= C: =====
====== C:\Users\Joshua\AppData\Roaming ======
2014-09-16 01:18:42 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-09-16 01:18:41 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-09-16 01:18:41 -------- d-----w- C:\Users\Joshua\AppData\Local\Temp
2014-09-16 01:18:41 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2014-09-16 01:18:41 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2014-09-15 00:23:37 F897807C2FA9F48F56C5E62A474CCDD5 7601 ----a-w- C:\Users\Joshua\AppData\Local\Resmon.ResmonCfg
2014-09-11 00:53:21 EC5F489F856E306B9FF88BEFAC939983 1788 ----a-w- C:\Users\Joshua\AppData\Locallow\b0de3e19.0
2014-09-10 02:00:52 -------- d-----w- C:\Users\Joshua\AppData\Roaming\Lavasoft
2014-09-10 01:47:23 -------- d-----w- C:\Users\Joshua\AppData\Roaming\LavasoftStatistics
2014-09-10 01:26:39 85422D3E146778D1D65762344511D392 1349 ----a-w- C:\Users\Joshua\AppData\Locallow\69105f4f.0
2014-08-29 00:32:17 -------- d-----w- C:\Users\Joshua\AppData\Local\Adobe
====== C:\Users\Joshua ======
2014-09-15 22:48:07 D40E7B5FBB8E0EAA7C5C294389AF95AB 4181856 ----a-w- C:\Users\Joshua\Desktop\tdsskiller.exe
2014-09-14 18:04:30 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Joshua\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 18:03:25 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Joshua\Downloads\OTL (1).exe
2014-09-14 18:00:06 64036987FDD56ACBE09AEB6570B8F128 468480 ----a-w- C:\Users\Joshua\Downloads\CKScanner (1).exe
2014-09-14 17:59:06 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\Joshua\Downloads\SystemLook_x64 (2).exe
2014-09-14 17:58:10 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Joshua\Downloads\JRT (1).exe
2014-09-14 17:57:27 1B151CCE618BE06C22B55FD4B502B75E 1373475 ----a-w- C:\Users\Joshua\Downloads\adwcleaner_3.310 (1).exe
2014-09-13 03:35:09 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\Joshua\Downloads\SystemLook_x64 (1).exe
2014-09-13 00:24:02 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\Joshua\Downloads\SystemLook_x64.exe
2014-09-12 23:59:26 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Joshua\Downloads\JRT.exe
2014-09-12 23:37:19 1B151CCE618BE06C22B55FD4B502B75E 1373475 ----a-w- C:\Users\Joshua\Downloads\adwcleaner_3.310.exe
2014-09-10 01:47:44 13BBE2FF13DF8586AAEB343EF910DBAB 2806920 ----a-w- C:\Users\Joshua\Downloads\Adaware_Installer (1).exe
2014-09-10 01:47:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-09-10 01:44:44 -------- d-----w- C:\ProgramData\Lavasoft
2014-09-10 01:44:24 13BBE2FF13DF8586AAEB343EF910DBAB 2806920 ----a-w- C:\Users\Joshua\Downloads\Adaware_Installer.exe
2014-09-08 23:36:24 -------- d--h--w- C:\Users\Public\Temp

====== C: exe-files ==
2014-09-15 22:48:07 D40E7B5FBB8E0EAA7C5C294389AF95AB 4181856 ----a-w- C:\Users\Joshua\Desktop\tdsskiller.exe
2014-09-14 18:04:30 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Joshua\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 18:03:25 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Joshua\Downloads\OTL (1).exe
2014-09-14 18:00:06 64036987FDD56ACBE09AEB6570B8F128 468480 ----a-w- C:\Users\Joshua\Downloads\CKScanner (1).exe
2014-09-14 17:59:06 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\Joshua\Downloads\SystemLook_x64 (2).exe
2014-09-14 17:58:10 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Joshua\Downloads\JRT (1).exe
2014-09-14 17:57:27 1B151CCE618BE06C22B55FD4B502B75E 1373475 ----a-w- C:\Users\Joshua\Downloads\adwcleaner_3.310 (1).exe
2014-09-13 03:35:09 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\Joshua\Downloads\SystemLook_x64 (1).exe
2014-09-13 02:50:53 E8A50A9E177661FA99EE0871C3B16FDB 39982160 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.120\37.0.2062.120_chrome_installer.exe
2014-09-13 00:24:02 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\Joshua\Downloads\SystemLook_x64.exe
2014-09-12 23:59:26 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Joshua\Downloads\JRT.exe
2014-09-12 23:37:19 1B151CCE618BE06C22B55FD4B502B75E 1373475 ----a-w- C:\Users\Joshua\Downloads\adwcleaner_3.310.exe
2014-09-12 21:49:41 198DC8EE284854EBDCB0977FCEA50B18 2391632 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.120\37.0.2062.120_37.0.2062.103_chrome_updater.exe
2014-09-11 22:43:00 6F5771B53DB57E06E546EFA39CEED71C 55720 ----a-w- C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.exe
2014-09-11 22:43:00 0150918679D3501AA7C1275D500311F1 16152 ----a-w- C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe
2014-09-10 07:07:09 ED689CF5DA7A0374D2A8E3A8550522F7 483328 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-09-10 07:07:09 665256B575BF83E4B188BE73450C5C29 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-09-10 07:07:09 4DABFE3A9D3C67E9D9AD83C7F8FAD855 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-09-10 07:07:09 0D75A74E925F00D9F256F6A53733DAF8 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-09-10 07:07:07 42F6F28D4885505F687CAF0459FF9F90 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 07:07:07 2D95BDB699FA1D531B642EA18464FE05 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-10 07:07:04 33BAC6F66DB5FE5F7E20D41B025F490E 707072 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-09-10 07:07:01 698C19E198F832E071778A1427E942C8 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-10 07:07:00 5A0C72B9D3CCA42D8AB74890C19443B2 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-10 07:06:55 EEA63B8CF19E59C4A51AD2D9A59DDA25 812216 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-09-10 07:06:55 9540F3F5489747E71101E8AC9850CC79 810168 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-09-10 03:10:19 A6293CD660C1CA2A42EF001B0A0D2B11 10036224 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 01:47:44 13BBE2FF13DF8586AAEB343EF910DBAB 2806920 ----a-w- C:\Users\Joshua\Downloads\Adaware_Installer (1).exe
2014-09-10 01:44:24 13BBE2FF13DF8586AAEB343EF910DBAB 2806920 ----a-w- C:\Users\Joshua\Downloads\Adaware_Installer.exe
2014-09-10 01:33:35 1386CD9322CD4A673FF96BF136D91633 31232 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe
2014-09-10 01:33:35 0C3028324C475485D6C24D626D9149C3 176288 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
=== C: other files ==
2014-09-14 18:07:09 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-14 18:06:43 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-14 18:06:43 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-14 18:06:43 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"AdAwareTray"="C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/09/2014 11:11 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/29/2013 09:04 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/29/2013 09:04 AM]
C:\Windows\tasks\TOSRNFR.job --a------ C:\Users\Joshua\AppData\Roaming\TOSRNFR.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Chrome Launcher" [C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GPUpdateCheck" ["C:\Program Files (x86)\GetPrivate\gpup.exe"]

==== Chromium Look ======================

Google Docs - Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Google Search - Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Uninstall List x64 ======================

Ad-Aware Antivirus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}_AdAwareUpdater]
AdAwareInstaller [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0851BE65-294B-4BBA-8A0D-C1320DCBBCA3}]
Adobe Flash Player 15 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Flash Player 15 Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Adobe Reader X (10.1.12) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AA1000000001}]
AMD Accelerated Video Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{66F8CA06-DAEE-8F7B-FEF9-2A59E622BBA7}]
AMD APP SDK Runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{503F672D-6C84-448A-8F8F-4BC35AC83441}]
AMD Catalyst Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A70B905D-2E57-66A0-3BFE-66B8E71E0C70}]
AMD Drag and Drop Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D3DE00DF-4EFB-8013-3E93-D735E69CAF6A}]
AMD Media Foundation Decoders [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF1AFD96-296C-421E-FF16-16EB9350D54D}]
AntimalwareEngine [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CC347FC6-C8D7-493A-B70E-1D89E22691A7}]
Battle.net [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Battle.net]
Catalyst Control Center - Branding [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}]
Catalyst Control Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D45CCE2-F5F7-BAD9-C06E-51FC0DD6CCA2}]
Catalyst Control Center Graphics Previews Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{280A0282-7895-61C0-824F-A39AE1B71CDA}]
Catalyst Control Center InstallProxy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6113E54-9D89-18D0-5288-62D081A9A380}]
Catalyst Control Center Localization All [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9D84363-82E3-4951-DEAF-BAEB62A55195}]
ccc-utility64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C7189B8D-3861-B2D5-A948-582134C2B21E}]
CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49A2AD60-9E15-297B-B502-FE5550CB1660}]
CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20A3AAE7-B559-FBB1-92C6-AF3D5FED9E92}]
CCC Help Czech [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D4008E9D-8A0A-E3CE-F987-5EEA38A6017F}]
CCC Help Danish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{46537879-F1AB-0BFD-77F2-AD0F6719623A}]
CCC Help Dutch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F3DE7631-3D3E-4B0D-F832-5A17A8138A69}]
CCC Help English [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0AF0419B-6603-5DDC-1C12-D4CE757C8345}]
CCC Help Finnish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{989EF5D6-F20D-7D17-57CE-60ACD155CF13}]
CCC Help French [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2B2F061B-CEB6-3DF9-AA8A-9907CFED93DB}]
CCC Help German [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0CB6074C-6CD0-C3E7-0633-896B4738C0D6}]
CCC Help Greek [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1211AC7A-31C3-391D-BA7F-54C37DE0F262}]
CCC Help Hungarian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A0B5A51-282D-49EA-48DA-14B2486E5B33}]
CCC Help Italian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C226DDBF-A740-F6E2-9859-08D1581C7507}]
CCC Help Japanese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6443DF74-8F5B-4113-560F-47CD142D3916}]
CCC Help Korean [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E135A549-5A50-4EB0-05F9-C25F91485287}]
CCC Help Norwegian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C50988F-0533-D5A6-B46C-8B6BB5A92F74}]
CCC Help Polish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{182EBA66-E694-BF7F-09D7-B5433F5AA9FE}]
CCC Help Portuguese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23A999B4-2696-39CF-A587-F89E414D5519}]
CCC Help Russian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{219611BE-3B5D-33EE-F3AD-9BD7282FE795}]
CCC Help Spanish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{62A09364-9839-D02F-2565-6749CEAF08F4}]
CCC Help Swedish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77CBF305-64B5-CC66-673C-CAE5CACCA640}]
CCC Help Thai [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A5A5ADA2-A13F-BE10-A38C-A20B0BD345C9}]
CCC Help Turkish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{52E27109-C485-7E96-8B92-C7431FB9B511}]
Diablo III [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Diablo III]
EQ2MAP Updater 1.2.10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EQ2MAP Updater]
EverQuest [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\soe-EverQuest]
EverQuest II [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SOE-EverQuest II]
GamParse [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\6f16172c295f43ac]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Earth [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}]
Guild Wars 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Guild Wars 2]
Intel(R) Graphics Media Accelerator Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HDMI]
Intel(R) Network Connections Drivers [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PROSet]
Legends of Norrath [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SOE-LegendsOfNorrath]
Malwarebytes Anti-Malware version 2.0.2.1012 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}]
Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}]
NVIDIA Drivers [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers]
Spotify [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spotify]
World of Warcraft [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\World of Warcraft]

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{99CE28D5-4235-4B99-8D50-EA7CF33AB921}: NameServer = 81.218.119.15,199.203.35.75
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Spotify Web Helper = "C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [Spotify Ltd]
Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
AdAwareTray = "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe" [Lavasoft]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
-> {HKLM...CLSID} = DisplayCplExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]

{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

AdAwareContextMenu\(Default) = {5B64240D-5B36-4B9F-A75F-4925B6A53D5B}
-> {HKLM...CLSID} = AdAwareContextMenu Class
\InProcServer32\(Default) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll [Lavasoft]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM...CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]


Windows Sidebar Gadgets: {++}
------------------------

C:\Users\Joshua\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCPU.Gadget"


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
Chrome Launcher -> launches: C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe [null data]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
GPUpdateCheck -> launches: "C:\Program Files (x86)\GetPrivate\gpup.exe" [file not found]
{5650BB43-3DB3-49D3-9CE1-B68665637D9A} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Joshua\AppData\Roaming\istart123\UninstallManager.exe -c -ptid=irs [MS]
{E5D95BAA-60B9-45AE-B5FD-55A291A8B9D7} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Joshua\AppData\Local\Temp\Temp2_GamParse_1_0_3_2 (1).zip\setup.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-3345505721-2628896921-2782180944-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware Service 11, LavasoftAdAwareService11, "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe" [Lavasoft]
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD]


<<H>>: Suspicious data at a browser hijack point.


==== C:\zoek_backup content ======================

C:\zoek_backup (files=20 folders=4 15129368 bytes)

==== EOF on Tue 09/16/2014 at 20:35:55.51 ======================

pgmigg wrote: Firstly, may I draw your attention to the fact that posting of the malicious links like you did is dangerous because somebody can click on it and infect his computer.
Our forum admins were needed to edit such links for disabling.
Please don't do it again!

misfit21ca wrote:Edit: I came back and edited this to say, Feel free to break those links so someone else isnt surprised by a porn type ad. and when i again clicked on this thread i got an add for

again feel free to edit and break these links. or request me to do it with a cease and desist. I'm not a shill for these, they are the pop ups my browser is giving me. I'd like it to stop lol, I never know when the kids are gonna be in the office! >_<


Yea I was worried about that. Checked back a few times to see if there was a request for me to break the links. Sorreh!

Also, exactly 19 popups executing the instructions and putting the info in the thread, with Internet Explorer, after removing Opera.
The links were from pchealthboost . com, windows-messages .com, tuneuppro .com, bulletflix .com, Mcafee .com, Purifier .cc, yourmediahq .com, buzzplay .com, nortonspecials .com, idownloadplay .com, flix123 .com.
All the popups start with a t.cttsrv .com/texred address redirector before the ad loads.

Again, thank you for your time and efforts and I'm sorry about the links. I was just trying to be thorough.
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby pgmigg » September 16th, 2014, 11:51 pm

Hello misfit21ca,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    CHR - default_search_provider: 681749B486A67289911A682D301A4BDB897CEC80DF0BB4613678EED13F993FFA ()
    CHR - default_search_provider: search_url = C28BE4738F70A608EEFE08459836A4665BAD4D17BE7516317CE156B25BB73204
    CHR - homepage: C83883EF74E640D2288FD0BDFD1DFAF3DAD2CF646741AC1433BF9E1061131F18
    CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    
    :Files
    C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_coreclickhoo.com_0.localstorage
    C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_coreclickhoo.com_0.localstorage-journal
    C:\Users\Joshua\AppData\Local\Microsoft\Internet Explorer\DOMStore\0GQUGEDO\www.superfish[1].xml
    C:\Users\Joshua\AppData\Local\Microsoft\Internet Explorer\DOMStore\TC0F03C7\www.superfish[1].xml
    C:\Users\Joshua\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CL5WGAIO\www.superfish[1].xml
    C:\Users\Joshua\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UP78MJC9\www.superfish[1].xml
    C:\Users\Joshua\AppData\Roaming\TOSRNFR.exe
    C:\Users\Joshua\AppData\Local\Smartbar
    C:\Windows\PCHealthFix.INI
    C:\Windows\ativpsrm.bin
    C:\Windows\tasks\TOSRNFR.job
    ipconfig /flushdns /c
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
    "DllName"=-
    [-HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com]
    [-HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com]
    [-HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com]
    [-HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Trolltech]
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Scan with FRST
  1. Please download FRST ... by Farbar, from the link For 64-bit Systems and save it to your Desktop.
  2. Right-click FRST.exe and select "Run as administrator..." to run it.
  3. When the tool opens click Yes to the disclaimer.
  4. Check the box labeled List BCD under Optional Scan.
  5. Press Scan button. ... When finished a log file FRST.txt will be created .
  6. The first time the tool is run, it will create another log... Addition.txt.
  7. Please post the content of both FRST.txt and Addition.txt in your next reply.

Then:
Please tell me is this computer used for any kind of business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the FRST.txt file
  4. Contents of the Addition.txt file
  5. Answers to my question related to type of using of your computer
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 17th, 2014, 10:17 pm

No problems executing the instructions.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific\x86-64_ folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_platform_specific folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\_metadata folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\images folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\audio folder moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0 folder moved successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
========== FILES ==========
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_coreclickhoo.com_0.localstorage moved successfully.
C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_coreclickhoo.com_0.localstorage-journal moved successfully.
File\Folder C:\Users\Joshua\AppData\Local\Microsoft\Internet Explorer\DOMStore\0GQUGEDO\www.superfish[1].xml not found.
File\Folder C:\Users\Joshua\AppData\Local\Microsoft\Internet Explorer\DOMStore\TC0F03C7\www.superfish[1].xml not found.
File\Folder C:\Users\Joshua\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CL5WGAIO\www.superfish[1].xml not found.
File\Folder C:\Users\Joshua\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UP78MJC9\www.superfish[1].xml not found.
File\Folder C:\Users\Joshua\AppData\Roaming\TOSRNFR.exe not found.
File\Folder C:\Users\Joshua\AppData\Local\Smartbar not found.
C:\Windows\PCHealthFix.INI moved successfully.
C:\Windows\ativpsrm.bin moved successfully.
C:\Windows\tasks\TOSRNFR.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joshua\Downloads\cmd.bat deleted successfully.
C:\Users\Joshua\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\\DllName not found.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3345505721-2628896921-2782180944-1000\Software\Trolltech\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: dub_cm_auto

User: Joshua
->Flash cache emptied: 1025 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: dub_cm_auto

User: Joshua

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dub_cm_auto

User: Joshua
->Temp folder emptied: 64244 bytes
->Temporary Internet Files folder emptied: 13348666 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 6050 bytes

Total Files Cleaned = 13.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09172014_215301

Files\Folders moved on Reboot...
C:\Users\Joshua\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 17th, 2014, 10:18 pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Joshua (administrator) on 700GR on 17-09-2014 22:07:07
Running from C:\Users\Joshua\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
(Spotify Ltd) C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3345505721-2628896921-2782180944-1000\...\Run: [Spotify Web Helper] => C:\Users\Joshua\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-24] (Spotify Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{99CE28D5-4235-4B99-8D50-EA7CF33AB921}: [NameServer] 81.218.119.15,199.203.35.75

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> C83883EF74E640D2288FD0BDFD1DFAF3DAD2CF646741AC1433BF9E1061131F18
CHR DefaultSearchKeyword: Default -> C1F1B681A0295928C5EAE76BAED4BC3F261920A10FCF0720A5EC083FBF32C366
CHR DefaultSearchProvider: Default -> 681749B486A67289911A682D301A4BDB897CEC80DF0BB4613678EED13F993FFA
CHR DefaultSearchURL: Default -> C28BE4738F70A608EEFE08459836A4665BAD4D17BE7516317CE156B25BB73204
CHR Profile: C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-28]
CHR Extension: (Google Drive) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-28]
CHR Extension: (Norton Identity Safe) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-31]
CHR Extension: (Google Wallet) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-03]
CHR Extension: (Gmail) - C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [199032 2007-11-16] (Intel Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28192 2009-07-16] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 22:07 - 2014-09-17 22:08 - 00007699 _____ () C:\Users\Joshua\Desktop\FRST.txt
2014-09-17 22:06 - 2014-09-17 22:07 - 00000000 ____D () C:\FRST
2014-09-17 22:05 - 2014-09-17 22:05 - 02105856 _____ (Farbar) C:\Users\Joshua\Desktop\FRST64.exe
2014-09-17 22:03 - 2014-09-17 22:03 - 02105856 _____ (Farbar) C:\Users\Joshua\Downloads\FRST64.exe
2014-09-17 21:57 - 2014-09-17 21:57 - 00020020 _____ () C:\Users\Joshua\Desktop\09172014_215301.log
2014-09-17 21:55 - 2014-09-17 21:55 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-09-16 20:39 - 2014-09-16 20:39 - 00058969 _____ () C:\Users\Joshua\Desktop\zoek-results.txt
2014-09-16 20:32 - 2014-09-15 21:20 - 00006050 _____ () C:\zoek-results2014-09-16-012052.log
2014-09-16 20:21 - 2014-09-16 20:27 - 00075840 _____ () C:\Users\Joshua\Downloads\OTL.Txt
2014-09-16 20:21 - 2014-09-16 20:21 - 00046330 _____ () C:\Users\Joshua\Downloads\Extras.Txt
2014-09-16 20:12 - 2014-09-16 20:12 - 00012382 _____ () C:\Users\Joshua\Desktop\New Text Document (5).txt
2014-09-16 19:55 - 2014-09-16 20:08 - 00024764 _____ () C:\Users\Joshua\Downloads\SystemLook.txt
2014-09-16 19:30 - 2014-09-16 19:38 - 00000912 _____ () C:\Users\Joshua\Desktop\New Text Document (4).txt
2014-09-15 21:05 - 2014-09-16 20:35 - 00058969 _____ () C:\zoek-results.log
2014-09-15 21:04 - 2014-09-15 21:16 - 00000000 ____D () C:\zoek_backup
2014-09-15 21:04 - 2014-09-15 21:04 - 01290240 _____ () C:\Users\Joshua\Desktop\zoek.exe
2014-09-15 21:03 - 2014-09-15 21:03 - 00186001 _____ () C:\Users\Joshua\Desktop\New Text Document (2).txt
2014-09-15 18:48 - 2014-09-15 18:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joshua\Desktop\tdsskiller.exe
2014-09-14 20:23 - 2014-09-14 20:23 - 00007601 _____ () C:\Users\Joshua\AppData\Local\Resmon.ResmonCfg
2014-09-14 19:37 - 2014-09-14 19:37 - 00000731 _____ () C:\Users\Joshua\Desktop\JRT.txt
2014-09-14 19:28 - 2014-09-14 19:28 - 00001045 _____ () C:\Users\Joshua\Desktop\AdwCleaner[S1].txt
2014-09-14 18:36 - 2014-09-14 18:36 - 00000000 ____D () C:\_OTL
2014-09-14 18:34 - 2014-09-14 18:35 - 00001474 _____ () C:\Users\Joshua\Desktop\OTL (1).exe - Shortcut.lnk
2014-09-14 14:20 - 2014-09-14 14:21 - 00005701 _____ () C:\Users\Joshua\Desktop\New Text Document.txt
2014-09-14 14:07 - 2014-09-14 19:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 14:06 - 2014-09-14 14:06 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 14:06 - 2014-09-14 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 14:06 - 2014-09-14 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 14:06 - 2014-09-14 14:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-14 14:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 14:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-14 14:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-14 14:04 - 2014-09-14 14:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Joshua\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 14:03 - 2014-09-14 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Joshua\Downloads\OTL (1).exe
2014-09-14 14:00 - 2014-09-14 14:00 - 00468480 _____ () C:\Users\Joshua\Downloads\CKScanner (1).exe
2014-09-14 13:59 - 2014-09-14 13:59 - 00165376 _____ () C:\Users\Joshua\Downloads\SystemLook_x64 (2).exe
2014-09-14 13:58 - 2014-09-14 13:58 - 01016261 _____ (Thisisu) C:\Users\Joshua\Downloads\JRT (1).exe
2014-09-14 13:57 - 2014-09-14 13:57 - 01373475 _____ () C:\Users\Joshua\Downloads\adwcleaner_3.310 (1).exe
2014-09-12 23:35 - 2014-09-12 23:35 - 00165376 _____ () C:\Users\Joshua\Downloads\SystemLook_x64 (1).exe
2014-09-12 20:24 - 2014-09-12 20:24 - 00165376 _____ () C:\Users\Joshua\Downloads\SystemLook_x64.exe
2014-09-12 20:24 - 2014-09-12 20:24 - 00001114 _____ () C:\Users\Joshua\Desktop\SystemLook_x64 - Shortcut.lnk
2014-09-12 20:09 - 2014-09-12 20:09 - 00000000 ____D () C:\Windows\ERUNT
2014-09-12 19:59 - 2014-09-12 20:08 - 00001432 _____ () C:\Users\Joshua\Desktop\JRT - Shortcut.lnk
2014-09-12 19:59 - 2014-09-12 19:59 - 01016261 _____ (Thisisu) C:\Users\Joshua\Downloads\JRT.exe
2014-09-12 19:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-12 19:39 - 2014-09-14 19:26 - 00000000 ____D () C:\AdwCleaner
2014-09-12 19:38 - 2014-09-12 19:38 - 00001559 _____ () C:\Users\Joshua\Desktop\adwcleaner_3.310 - Shortcut.lnk
2014-09-12 19:37 - 2014-09-12 19:37 - 01373475 _____ () C:\Users\Joshua\Downloads\adwcleaner_3.310.exe
2014-09-11 19:40 - 2014-09-11 19:42 - 00001492 _____ () C:\Users\Joshua\Desktop\CKScanner.exe - Shortcut.lnk
2014-09-11 18:43 - 2014-09-17 20:46 - 00003296 _____ () C:\Windows\System32\Tasks\Chrome Launcher
2014-09-11 18:43 - 2014-09-11 18:43 - 00000000 ____D () C:\Program Files (x86)\Techsnab
2014-09-10 21:19 - 2014-09-10 21:19 - 00005600 _____ () C:\Users\Joshua\Desktop\attach.txt
2014-09-10 03:07 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:07 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 03:07 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:07 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:07 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 03:07 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:07 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:07 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 03:07 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 03:07 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:07 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:07 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:07 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 03:07 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:07 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 03:07 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 03:07 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 03:07 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:07 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 03:07 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 03:07 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 03:07 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 03:07 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 03:07 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:07 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:07 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 03:07 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 03:07 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:07 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 03:07 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 03:07 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 03:07 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 03:07 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:07 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:07 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 03:07 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 03:07 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 03:07 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 03:07 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 03:07 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 03:07 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 03:07 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 03:07 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 03:06 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 03:06 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:06 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:06 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 03:06 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 03:06 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:06 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:06 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 03:06 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:06 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 03:06 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:06 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 03:06 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 03:00 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 03:00 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 23:10 - 2014-09-09 23:10 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-09 22:00 - 2014-09-09 22:00 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\Lavasoft
2014-09-09 21:47 - 2014-09-17 21:55 - 00002319 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-09-09 21:47 - 2014-09-09 21:47 - 02806920 _____ () C:\Users\Joshua\Downloads\Adaware_Installer (1).exe
2014-09-09 21:47 - 2014-09-09 21:47 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\LavasoftStatistics
2014-09-09 21:47 - 2014-09-09 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-09-09 21:46 - 2014-09-09 21:46 - 00000000 ____D () C:\Program Files\Lavasoft
2014-09-09 21:45 - 2014-09-09 21:45 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-09-09 21:44 - 2014-09-09 21:44 - 02806920 _____ () C:\Users\Joshua\Downloads\Adaware_Installer.exe
2014-09-09 21:44 - 2014-09-09 21:44 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-09-09 21:35 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 21:35 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-09 21:34 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 21:34 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 21:34 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 21:34 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 21:34 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 21:33 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 21:33 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 21:33 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 21:33 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 19:45 - 2014-09-08 19:45 - 00003142 _____ () C:\Windows\System32\Tasks\{5650BB43-3DB3-49D3-9CE1-B68665637D9A}
2014-09-08 19:36 - 2014-09-10 20:31 - 00000000 ___HD () C:\Users\Public\Temp
2014-08-28 20:32 - 2014-08-28 20:32 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Adobe
2014-08-27 20:46 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:46 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:46 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 19:30 - 2014-08-20 19:31 - 10569831 _____ () C:\Users\Joshua\Downloads\ProChan-dot-com-4ed_1408496069-____es_.flv.h264_base.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 22:08 - 2014-09-17 22:07 - 00007699 _____ () C:\Users\Joshua\Desktop\FRST.txt
2014-09-17 22:07 - 2014-09-17 22:06 - 00000000 ____D () C:\FRST
2014-09-17 22:05 - 2014-09-17 22:05 - 02105856 _____ (Farbar) C:\Users\Joshua\Desktop\FRST64.exe
2014-09-17 22:03 - 2014-09-17 22:03 - 02105856 _____ (Farbar) C:\Users\Joshua\Downloads\FRST64.exe
2014-09-17 22:02 - 2009-07-14 00:45 - 00033936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 22:02 - 2009-07-14 00:45 - 00033936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 21:58 - 2013-09-27 19:59 - 01903551 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 21:57 - 2014-09-17 21:57 - 00020020 _____ () C:\Users\Joshua\Desktop\09172014_215301.log
2014-09-17 21:55 - 2014-09-17 21:55 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-09-17 21:55 - 2014-09-09 21:47 - 00002319 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-09-17 21:55 - 2013-09-29 09:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 21:55 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 21:55 - 2009-07-14 00:51 - 00054528 _____ () C:\Windows\setupact.log
2014-09-17 21:49 - 2013-09-29 09:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 21:09 - 2013-09-29 09:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 20:46 - 2014-09-11 18:43 - 00003296 _____ () C:\Windows\System32\Tasks\Chrome Launcher
2014-09-17 20:36 - 2010-11-20 23:47 - 00740922 _____ () C:\Windows\PFRO.log
2014-09-16 20:39 - 2014-09-16 20:39 - 00058969 _____ () C:\Users\Joshua\Desktop\zoek-results.txt
2014-09-16 20:35 - 2014-09-15 21:05 - 00058969 _____ () C:\zoek-results.log
2014-09-16 20:27 - 2014-09-16 20:21 - 00075840 _____ () C:\Users\Joshua\Downloads\OTL.Txt
2014-09-16 20:21 - 2014-09-16 20:21 - 00046330 _____ () C:\Users\Joshua\Downloads\Extras.Txt
2014-09-16 20:12 - 2014-09-16 20:12 - 00012382 _____ () C:\Users\Joshua\Desktop\New Text Document (5).txt
2014-09-16 20:08 - 2014-09-16 19:55 - 00024764 _____ () C:\Users\Joshua\Downloads\SystemLook.txt
2014-09-16 19:39 - 2013-09-29 08:08 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\Opera Software
2014-09-16 19:39 - 2013-09-29 08:08 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Opera Software
2014-09-16 19:39 - 2013-09-29 08:08 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-16 19:39 - 2013-09-27 20:01 - 00001431 _____ () C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-16 19:38 - 2014-09-16 19:30 - 00000912 _____ () C:\Users\Joshua\Desktop\New Text Document (4).txt
2014-09-16 17:21 - 2014-03-07 23:33 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-15 21:20 - 2014-09-16 20:32 - 00006050 _____ () C:\zoek-results2014-09-16-012052.log
2014-09-15 21:16 - 2014-09-15 21:04 - 00000000 ____D () C:\zoek_backup
2014-09-15 21:04 - 2014-09-15 21:04 - 01290240 _____ () C:\Users\Joshua\Desktop\zoek.exe
2014-09-15 21:03 - 2014-09-15 21:03 - 00186001 _____ () C:\Users\Joshua\Desktop\New Text Document (2).txt
2014-09-15 18:48 - 2014-09-15 18:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joshua\Desktop\tdsskiller.exe
2014-09-14 20:23 - 2014-09-14 20:23 - 00007601 _____ () C:\Users\Joshua\AppData\Local\Resmon.ResmonCfg
2014-09-14 19:46 - 2014-09-14 14:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 19:37 - 2014-09-14 19:37 - 00000731 _____ () C:\Users\Joshua\Desktop\JRT.txt
2014-09-14 19:28 - 2014-09-14 19:28 - 00001045 _____ () C:\Users\Joshua\Desktop\AdwCleaner[S1].txt
2014-09-14 19:26 - 2014-09-12 19:39 - 00000000 ____D () C:\AdwCleaner
2014-09-14 18:36 - 2014-09-14 18:36 - 00000000 ____D () C:\_OTL
2014-09-14 18:35 - 2014-09-14 18:34 - 00001474 _____ () C:\Users\Joshua\Desktop\OTL (1).exe - Shortcut.lnk
2014-09-14 14:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PLA
2014-09-14 14:21 - 2014-09-14 14:20 - 00005701 _____ () C:\Users\Joshua\Desktop\New Text Document.txt
2014-09-14 14:06 - 2014-09-14 14:06 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 14:06 - 2014-09-14 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 14:06 - 2014-09-14 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 14:06 - 2014-09-14 14:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-14 14:04 - 2014-09-14 14:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Joshua\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 14:03 - 2014-09-14 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Joshua\Downloads\OTL (1).exe
2014-09-14 14:00 - 2014-09-14 14:00 - 00468480 _____ () C:\Users\Joshua\Downloads\CKScanner (1).exe
2014-09-14 13:59 - 2014-09-14 13:59 - 00165376 _____ () C:\Users\Joshua\Downloads\SystemLook_x64 (2).exe
2014-09-14 13:58 - 2014-09-14 13:58 - 01016261 _____ (Thisisu) C:\Users\Joshua\Downloads\JRT (1).exe
2014-09-14 13:57 - 2014-09-14 13:57 - 01373475 _____ () C:\Users\Joshua\Downloads\adwcleaner_3.310 (1).exe
2014-09-12 23:35 - 2014-09-12 23:35 - 00165376 _____ () C:\Users\Joshua\Downloads\SystemLook_x64 (1).exe
2014-09-12 20:24 - 2014-09-12 20:24 - 00165376 _____ () C:\Users\Joshua\Downloads\SystemLook_x64.exe
2014-09-12 20:24 - 2014-09-12 20:24 - 00001114 _____ () C:\Users\Joshua\Desktop\SystemLook_x64 - Shortcut.lnk
2014-09-12 20:09 - 2014-09-12 20:09 - 00000000 ____D () C:\Windows\ERUNT
2014-09-12 20:08 - 2014-09-12 19:59 - 00001432 _____ () C:\Users\Joshua\Desktop\JRT - Shortcut.lnk
2014-09-12 19:59 - 2014-09-12 19:59 - 01016261 _____ (Thisisu) C:\Users\Joshua\Downloads\JRT.exe
2014-09-12 19:38 - 2014-09-12 19:38 - 00001559 _____ () C:\Users\Joshua\Desktop\adwcleaner_3.310 - Shortcut.lnk
2014-09-12 19:37 - 2014-09-12 19:37 - 01373475 _____ () C:\Users\Joshua\Downloads\adwcleaner_3.310.exe
2014-09-12 17:51 - 2014-06-03 21:52 - 00003474 _____ () C:\Windows\System32\Tasks\GPUpdateCheck
2014-09-11 19:42 - 2014-09-11 19:40 - 00001492 _____ () C:\Users\Joshua\Desktop\CKScanner.exe - Shortcut.lnk
2014-09-11 19:04 - 2013-09-29 14:50 - 00000000 ____D () C:\ProgramData\Norton
2014-09-11 18:43 - 2014-09-11 18:43 - 00000000 ____D () C:\Program Files (x86)\Techsnab
2014-09-10 21:19 - 2014-09-10 21:19 - 00005600 _____ () C:\Users\Joshua\Desktop\attach.txt
2014-09-10 20:31 - 2014-09-08 19:36 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-10 04:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 03:38 - 2009-07-14 01:13 - 00782010 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 03:33 - 2009-07-13 22:34 - 00000505 _____ () C:\Windows\win.ini
2014-09-10 03:05 - 2014-02-25 04:03 - 00774132 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 03:04 - 2013-09-28 10:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:01 - 2013-09-28 10:58 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 03:00 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 23:10 - 2014-09-09 23:10 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-09 23:10 - 2013-09-29 09:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 23:10 - 2013-09-29 09:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 22:00 - 2014-09-09 22:00 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\Lavasoft
2014-09-09 21:47 - 2014-09-09 21:47 - 02806920 _____ () C:\Users\Joshua\Downloads\Adaware_Installer (1).exe
2014-09-09 21:47 - 2014-09-09 21:47 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\LavasoftStatistics
2014-09-09 21:47 - 2014-09-09 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-09-09 21:46 - 2014-09-09 21:46 - 00000000 ____D () C:\Program Files\Lavasoft
2014-09-09 21:45 - 2014-09-09 21:45 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-09-09 21:44 - 2014-09-09 21:44 - 02806920 _____ () C:\Users\Joshua\Downloads\Adaware_Installer.exe
2014-09-09 21:44 - 2014-09-09 21:44 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-09-08 21:21 - 2013-10-15 23:28 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Deployment
2014-09-08 21:20 - 2014-06-03 22:29 - 00000534 __RSH () C:\ProgramData\ntuser.pol
2014-09-08 19:47 - 2013-09-29 14:07 - 00002273 _____ () C:\Users\Joshua\Desktop\Google Chrome.lnk
2014-09-08 19:45 - 2014-09-08 19:45 - 00003142 _____ () C:\Windows\System32\Tasks\{5650BB43-3DB3-49D3-9CE1-B68665637D9A}
2014-09-04 22:10 - 2014-09-09 21:33 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-09 21:33 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-31 09:35 - 2013-09-29 22:33 - 00000016 _____ () C:\Users\Joshua\Downloads\Autofire_0.4.cfg
2014-08-30 09:15 - 2013-10-01 16:36 - 00000000 ____D () C:\Users\Joshua\AppData\Local\CrashDumps
2014-08-28 20:32 - 2014-08-28 20:32 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Adobe
2014-08-28 18:12 - 2009-07-14 00:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 06:53 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-24 22:41 - 2013-12-11 20:21 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\Spotify
2014-08-23 23:25 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-23 23:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-23 12:52 - 2013-12-11 20:22 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Spotify
2014-08-22 22:07 - 2014-08-27 20:46 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 20:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 20:46 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 19:31 - 2014-08-20 19:30 - 10569831 _____ () C:\Users\Joshua\Downloads\ProChan-dot-com-4ed_1408496069-____es_.flv.h264_base.mp4
2014-08-20 18:42 - 2013-09-29 09:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-19 14:05 - 2014-09-10 03:07 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 13:39 - 2014-09-10 03:07 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 19:01 - 2014-09-10 03:07 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 18:29 - 2014-09-10 03:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 18:29 - 2014-09-10 03:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 18:26 - 2014-09-10 03:06 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 18:20 - 2014-09-10 03:06 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 18:19 - 2014-09-10 03:06 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 18:15 - 2014-09-10 03:07 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 18:15 - 2014-09-10 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 18:14 - 2014-09-10 03:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 18:14 - 2014-09-10 03:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 18:08 - 2014-09-10 03:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 18:08 - 2014-09-10 03:07 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 18:08 - 2014-09-10 03:06 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 18:05 - 2014-09-10 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 18:03 - 2014-09-10 03:07 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 18:03 - 2014-09-10 03:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 18:03 - 2014-09-10 03:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 17:57 - 2014-09-10 03:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 17:56 - 2014-09-10 03:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 17:51 - 2014-09-10 03:07 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 17:46 - 2014-09-10 03:07 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 17:45 - 2014-09-10 03:07 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 17:45 - 2014-09-10 03:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 17:44 - 2014-09-10 03:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 17:44 - 2014-09-10 03:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 17:42 - 2014-09-10 03:06 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 17:40 - 2014-09-10 03:07 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 17:39 - 2014-09-10 03:07 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 17:39 - 2014-09-10 03:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 17:39 - 2014-09-10 03:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 17:38 - 2014-09-10 03:07 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 17:37 - 2014-09-10 03:07 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 17:36 - 2014-09-10 03:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 17:35 - 2014-09-10 03:07 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 17:27 - 2014-09-10 03:07 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 17:25 - 2014-09-10 03:07 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 17:25 - 2014-09-10 03:07 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 17:23 - 2014-09-10 03:07 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 17:23 - 2014-09-10 03:06 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 17:22 - 2014-09-10 03:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 17:19 - 2014-09-10 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 17:17 - 2014-09-10 03:07 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 17:17 - 2014-09-10 03:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 17:16 - 2014-09-10 03:06 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 17:15 - 2014-09-10 03:06 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 17:15 - 2014-09-10 03:06 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 17:09 - 2014-09-10 03:07 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 17:08 - 2014-09-10 03:06 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 17:07 - 2014-09-10 03:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 16:55 - 2014-09-10 03:06 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 16:46 - 2014-09-10 03:06 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 16:38 - 2014-09-10 03:07 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 16:38 - 2014-09-10 03:06 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 16:36 - 2014-09-10 03:07 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=D:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {e52c885a-27ef-11e3-8aee-bf3e911ca83b}
displayorder {ntldr}
{current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {e52c885c-27ef-11e3-8aee-bf3e911ca83b}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {e52c885a-27ef-11e3-8aee-bf3e911ca83b}
nx OptIn

Windows Boot Loader
-------------------
identifier {e52c885c-27ef-11e3-8aee-bf3e911ca83b}
device ramdisk=[C:]\Recovery\e52c885c-27ef-11e3-8aee-bf3e911ca83b\Winre.wim,{e52c885d-27ef-11e3-8aee-bf3e911ca83b}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\e52c885c-27ef-11e3-8aee-bf3e911ca83b\Winre.wim,{e52c885d-27ef-11e3-8aee-bf3e911ca83b}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {e52c885a-27ef-11e3-8aee-bf3e911ca83b}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=D:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device partition=D:
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {e52c885d-27ef-11e3-8aee-bf3e911ca83b}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\e52c885c-27ef-11e3-8aee-bf3e911ca83b\boot.sdi



LastRegBack: 2014-09-16 17:48

==================== End Of Log ============================
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 17th, 2014, 10:19 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Joshua at 2014-09-17 22:08:32
Running from C:\Users\Joshua\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft)
AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{A70B905D-2E57-66A0-3BFE-66B8E71E0C70}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
EQ2MAP Updater 1.2.10 (HKLM-x32\...\EQ2MAP Updater) (Version: 1.2.10 - Johan Nilsson)
EverQuest (HKCU\...\soe-EverQuest) (Version: 1.0.3.183 - Sony Online Entertainment)
EverQuest II (HKCU\...\SOE-EverQuest II) (Version: - Sony Online Entertainment)
GamParse (HKCU\...\6f16172c295f43ac) (Version: 1.0.3.2 - Microsoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Legends of Norrath (HKCU\...\SOE-LegendsOfNorrath) (Version: - Sony Online Entertainment)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

08-09-2014 23:33:17 CloudScout Parental Control
08-09-2014 23:33:17 CloudScout Parental Control
08-09-2014 23:42:44 CloudScout Parental Control
10-09-2014 01:33:43 Windows Update
10-09-2014 01:44:52 AA11
10-09-2014 07:00:15 Windows Update
11-09-2014 22:53:24 pgmigg's point.
11-09-2014 23:01:39 AA11
12-09-2014 21:42:16 OTL Restore Point - 9/12/2014 5:42:11 PM
14-09-2014 22:36:57 OTL Restore Point - 9/14/2014 6:36:55 PM
16-09-2014 01:05:30 zoek.exe restore point
16-09-2014 21:23:30 Windows Update
18-09-2014 01:53:13 OTL Restore Point - 9/17/2014 9:53:11 PM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-07-21 21:29 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0814FEA6-B4C6-4FFD-B35C-049CB598AC72} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe [2014-09-12] ()
Task: {15A298ED-48CE-415F-932D-C0C0564AFCF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.)
Task: {44D26F3E-BF20-4709-87F6-7278EBFD6BE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {6BB87A4F-596D-4490-B02D-C912DD136456} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.)
Task: {B4954EF4-498F-444B-81F9-6EDCF3CFE269} - System32\Tasks\GPUpdateCheck => C:\Program Files (x86)\GetPrivate\gpup.exe
Task: {B8463F7A-1DA6-445C-AF03-6525E5547DB9} - \TOSRNFR No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-27 12:52 - 2014-08-27 12:52 - 02745168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll
2014-08-27 12:32 - 2014-08-27 12:32 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
2014-08-27 12:53 - 2014-08-27 12:53 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 11947856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareServiceKernel.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_regex-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareActivation.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 02167640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareApplicationUpdater.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareGamingMode.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareReset.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTime.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00943960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdater.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01105224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIgnoreList.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00247624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareQuarantine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00988504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiMalwareEngine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiRootkitEngine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerHistory.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01277248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScanner.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_timer-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00975192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerScheduler.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01109336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareRealTimeProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIncompatibles.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00891720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiSpam.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00843088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiPhishing.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 03090768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareParentalControl.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02624848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareWebProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareEmailProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNetworkProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePromo.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareFeedback.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareThreatWorkAlliance.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01238848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePinCode.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNotice.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00928072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAvcEngine.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\SecurityCenter.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 08886592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe
2014-08-27 12:53 - 2014-08-27 12:53 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_locale-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02101568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\HtmlFramework.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\DllStorage.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00832848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTrayDefaultSkin.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\Localization.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-11-16 16:09 - 2012-11-16 16:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2014 09:57:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 08:38:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 07:44:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 05:21:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 09:22:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 06:38:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/17/2014 09:58:00 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{99CE28D5-4235-4B99-8D50-EA7CF33AB921}.
The backup browser is stopping.

Error: (09/17/2014 09:53:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/17/2014 08:39:00 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{99CE28D5-4235-4B99-8D50-EA7CF33AB921}.
The backup browser is stopping.

Error: (09/16/2014 07:57:47 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{99CE28D5-4235-4B99-8D50-EA7CF33AB921}.
The backup browser is stopping.

Error: (09/16/2014 05:21:45 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{99CE28D5-4235-4B99-8D50-EA7CF33AB921}.
The backup browser is stopping.

Error: (09/15/2014 09:23:12 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{99CE28D5-4235-4B99-8D50-EA7CF33AB921}.
The backup browser is stopping.

Error: (09/15/2014 09:16:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/15/2014 09:16:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/15/2014 09:16:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/15/2014 09:16:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (09/17/2014 09:57:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 08:38:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 07:44:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 05:21:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 09:22:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2014 06:38:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 3.40GHz
Percentage of memory in use: 42%
Total physical RAM: 3325.61 MB
Available physical RAM: 1919.02 MB
Total Pagefile: 6649.4 MB
Available Pagefile: 4901.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (7 Professional) (Fixed) (Total:345.76 GB) (Free:182.77 GB) NTFS
Drive d: (XP Home) (Fixed) (Total:120 GB) (Free:114.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Vault 2) (Fixed) (Total:232.88 GB) (Free:232.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=120 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=345.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: B8EA731B)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm

Re: Fake player update @ Hulu got me, now I'm ridin' dirty.

Unread postby misfit21ca » September 17th, 2014, 10:28 pm

I do not use this computer for work, or any type of business. Just games, entertainment and the occasional personal interest research. I do not use this network for work or any type of business. My spouse pays bills with their laptop over this network. The kids play minecraft on their tablets over this network. That about sums it up.

I do not yet notice any change in the behavior of the computer. I've noticed I apparently no longer know how to use internet explorer at all (lol), and my desktop is filling up with tools and scan files :p

total of 15 popups reading, executing and posting the results of, the instructions given here. Mostly the same sights listed before with the addition of some popups from adultffriendfinder .com, and watchmygf .com. Half of which came after todays OTL fix.

As always, thank you bunches for your help and efforts!
misfit21ca
Regular Member
 
Posts: 36
Joined: September 10th, 2014, 8:52 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware