Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirecting to iLivid and other websites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirecting to iLivid and other websites

Unread postby goalie79 » March 22nd, 2015, 11:20 am

Thank you for your assistance!
I've attempted all I know to do, and research through PCPitstop led me to your forum. Thanks for being here.

Here is a brief description of the issue:

On this desktop computer I have installed Malwarebytes Anti-Malware, Avast Free Antivirus, CCleaner, and Microsoft Security Defender. We keep up with the updates and run the utilities on a regular basis in an attempt to keep the unit clean.

Also on this machine there are Internet Explorer, Firefox and Chrome browsers. Primary use is through the Chrome browser. The Chrome browser has an Java for WebPages, Ebates, Avast and Ghostery add-in installed.

This machine is on a home network with another desktop computer, and shares WiFi with cell phones, iPad and a laptop. None of the other machines are exhibiting this symptom.

Over the last few days, visits to a known legimate real estate website have begun to generate browser redirects to several unrequested site.

one is: lp.lividnewtab.com/?lpid=4067@appid=257&subid=wSKLH8RABJLFTVTI0U0EPFJ4

Another is: onlineschlampen.com/discovery/?voluumdata=vid..00000000-7a2e-42e4-8000-000000000000__vpid..12514800-cf44....

The utilities to eradicate the issue were run, then a short time later the redirects occur again. I even received a redirect when attempting to update the description of this post.

Thanks for your assistance with this challenge!
--------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 11.40.2
Run by Dawn at 11:10:52 on 2015-03-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4029.2108 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.loudoun.k12.va.us/mses
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DataMigrationSoftwareMonitor.exe] "C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACROBA~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/nirvana/controls/pcmatic.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D74DAE36-9A2F-49AB-8F5D-4C7AC6128AFE} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [Intel Scheduler2 Service] "C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\4nkuiskk.default-1426366701779\
FF - prefs.js: browser.startup.homepage - hxxp://www.loudoun.k12.va.us/mses
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-2-22 65736]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-2-22 268640]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2015-2-21 155272]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2015-2-22 1047320]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-2-22 441728]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-2-22 29168]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2015-2-22 88408]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-2-22 136752]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-3-18 343336]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-5-19 1436192]
R2 IntSch2Svc;Intel Scheduler2 Service;C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe [2013-3-11 1127944]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 124560]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-3-18 273824]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-3-18 4030800]
R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2012-11-12 95344]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2012-11-12 21872]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-15 410008]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-15 102808]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-4-6 48488]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-10 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-4-12 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-12 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-16 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-03-22 04:51:14 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{167B160B-734B-42FD-80C1-2EBEA89F57B1}\offreg.dll
2015-03-22 04:47:50 11910896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{167B160B-734B-42FD-80C1-2EBEA89F57B1}\mpengine.dll
2015-03-21 18:12:05 11910896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-20 17:12:49 315904 ----a-w- C:\Windows\SysWow64\Difx2fa8.rra
2015-03-18 10:47:50 43112 ----a-w- C:\Windows\avastSS.scr
2015-03-15 19:24:45 -------- d-----w- C:\Users\Dawn\AppData\Local\Logitech
2015-03-15 19:17:49 -------- d-----w- C:\Program Files\Logitech Gaming Software
2015-03-15 19:15:24 -------- d-----w- C:\Users\Dawn\AppData\Roaming\Logishrd
2015-03-14 21:03:13 -------- d-----w- C:\AdwCleaner
2015-03-10 20:49:59 82432 ----a-w- C:\Windows\System32\cryptsp.dll
2015-03-10 20:48:07 215552 ----a-w- C:\Windows\System32\ubpm.dll
2015-03-10 20:48:06 171520 ----a-w- C:\Windows\SysWow64\ubpm.dll
2015-03-10 20:46:45 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-03-10 20:46:41 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-03-07 18:16:57 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-06 19:52:59 1079920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2015-03-06 19:52:59 10397296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2015-03-06 19:52:58 376944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2015-03-06 19:52:58 3466856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_47.dll
2015-03-06 19:52:58 330864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2015-03-06 19:52:58 169584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-03-06 19:52:57 282224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2015-03-06 19:52:57 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2015-03-06 19:52:45 50288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2015-03-06 19:52:45 20592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2015-03-06 19:52:45 109680 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2015-03-03 22:40:35 -------- d-----w- C:\ProgramData\Oracle
2015-02-22 09:27:30 -------- d-----w- C:\Windows\SysWow64\vbox
2015-02-22 09:27:30 -------- d-----w- C:\Windows\System32\vbox
2015-02-22 09:15:53 -------- d-----w- C:\Users\Dawn\AppData\Roaming\AVAST Software
2015-02-22 09:13:46 136752 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-02-22 09:13:45 65736 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-02-22 09:13:45 268640 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-02-22 09:13:44 88408 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-02-22 09:13:43 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-02-22 09:13:43 29168 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-02-22 09:13:40 1047320 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2015-02-22 09:10:05 -------- d-----w- C:\Program Files\AVAST Software
2015-02-22 09:08:49 -------- d-----w- C:\ProgramData\AVAST Software
2015-02-22 09:01:24 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-22 09:00:52 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-02-22 09:00:52 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-02-22 09:00:52 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-02-22 09:00:52 -------- d-----w- C:\ProgramData\Malwarebytes
2015-02-22 09:00:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-22 08:52:00 -------- d-----w- C:\Program Files\CCleaner
2015-02-22 07:36:53 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2015-02-22 07:36:52 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-02-21 20:36:22 -------- d-sh--r- C:\acroldr
2015-02-21 17:15:35 -------- d-----w- C:\Program Files (x86)\SyncToy 2.1
2015-02-21 16:35:44 -------- d-----w- C:\Users\Dawn\AppData\Roaming\Intel
2015-02-21 16:33:57 340104 ----a-w- C:\Windows\System32\drivers\snapman.sys
2015-02-21 16:33:55 155272 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2015-02-21 16:33:40 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2015-02-21 14:43:49 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
2015-02-21 14:43:04 -------- d--h--w- C:\Users\Dawn\InstallAnywhere
2015-02-21 13:17:05 -------- d-----w- C:\Program Files (x86)\iTunes
2015-02-21 13:17:04 -------- d-----w- C:\Program Files\iPod
2015-02-21 13:17:03 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-21 13:17:03 -------- d-----w- C:\Program Files\iTunes
2015-02-21 13:08:21 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-02-21 13:08:21 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-02-21 13:08:21 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-02-21 13:08:21 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-02-21 13:08:14 894976 ----a-w- C:\Windows\System32\appraiser.dll
2015-02-21 13:08:14 609280 ----a-w- C:\Windows\System32\generaltel.dll
2015-02-21 13:08:14 1098752 ----a-w- C:\Windows\System32\aeinv.dll
2015-02-21 13:08:13 762368 ----a-w- C:\Windows\System32\invagent.dll
2015-02-21 13:08:13 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-02-21 13:08:13 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-02-21 13:08:13 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-02-21 13:08:13 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-02-21 13:07:37 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2015-02-21 13:07:37 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2015-02-21 13:07:19 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-02-21 13:07:19 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-02-21 12:56:37 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0844B998-F80F-4A13-B55B-92E30BB3F1DC}\gapaengine.dll
.
==================== Find3M ====================
.
2015-03-14 21:18:38 778928 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-03-14 21:18:38 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-03-03 13:17:35 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-26 03:25:44 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-02-20 04:40:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-02-20 04:13:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-02-20 04:12:51 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-02-20 03:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-02-20 03:09:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-02-20 03:06:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-20 03:05:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-20 02:49:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-20 02:47:56 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-02-20 02:35:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-02-20 02:35:05 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-02-20 02:34:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-20 02:32:34 6035456 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-20 02:26:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-20 02:08:59 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-20 02:08:13 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-20 01:41:52 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39 4300288 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-20 01:28:25 2358784 ----a-w- C:\Windows\System32\wininet.dll
2015-02-20 01:24:21 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-17 19:26:28 1217184 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-02-03 03:34:39 693176 ----a-w- C:\Windows\System32\winload.efi
2015-02-03 03:34:38 5554104 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-02-03 03:28:14 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31 3973048 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-01-31 03:48:54 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-01-31 03:48:54 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-30 23:56:52 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-01-30 23:56:51 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-17 02:48:38 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-01-17 02:30:42 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
.
============= FINISH: 11:12:14.54 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/5/2014 8:11:34 AM
System Uptime: 3/20/2015 1:59:26 PM (46 hours ago)
.
Motherboard: ECS | | CHICAGO2
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 72.538 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 133.891 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP103: 3/7/2015 12:00:01 AM - Scheduled Checkpoint
RP107: 3/13/2015 2:32:40 PM - Windows Update
RP108: 3/14/2015 3:45:30 PM - Removed Canon Cover Sheet Editor
RP109: 3/15/2015 3:16:23 PM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
RP110: 3/15/2015 3:26:38 PM - Windows Update
RP111: 3/18/2015 6:45:09 AM - avast! antivirus system restore point
RP112: 3/18/2015 5:27:05 PM - Windows Update
RP113: 3/20/2015 1:08:09 PM - Removed Windows 7 USB/DVD Download Tool
RP114: 3/20/2015 1:09:51 PM - Removed InstallShield Restore Point
RP115: 3/20/2015 1:12:25 PM - Removed JMicron JMB36X Driver
RP116: 3/22/2015 12:47:08 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 6.0 Professional
Adobe Flash Player 17 ActiveX
Adobe Reader XI (11.0.10)
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Avast Free Antivirus
Bonjour
Brother MFL-Pro Suite MFC-9325CW
CCleaner
Definition Update for Microsoft Office 2010 (KB2956207) 32-Bit Edition
Fitbit Connect
Google Chrome
Google Update Helper
iCloud
Intel® Data Migration Software
Intel® SSD Toolbox
iTunes
Java 8 Update 40
Java Auto Updater
Logitech Gaming Software
Logitech Gaming Software 8.58
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 4.5.2
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
MozBackup 1.5.1
Mozilla Firefox 36.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 31.5.0 (x86 en-US)
QuickTime 7
Security Update for Microsoft Excel 2010 (KB2956142) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2883100) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2889839) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2956139) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SyncToy 2.1 (x86)
Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB2920813) 32-Bit Edition
Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956203) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2878283) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Windows Live ID Sign-in Assistant
Windows Live Remote Service
.
==== Event Viewer Messages From Past Week ========
.
3/22/2015 12:51:33 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.
3/19/2015 9:56:50 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureCommand with the following error: Access is denied.
3/19/2015 9:50:15 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
3/19/2015 9:40:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070005 Error description: Access is denied. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
3/19/2015 9:35:14 PM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
goalie79
Regular Member
 
Posts: 36
Joined: March 22nd, 2015, 10:39 am
Advertisement
Register to Remove

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » March 22nd, 2015, 12:58 pm

Hello goalie79,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » March 22nd, 2015, 1:43 pm

Hello goalie79,

WARNING!
Multiple Anti Virus programs detected
  1. It looks like you are operating your computer with multiple Anti Virus programs installed at once:
    Microsoft Security Essentials
    avast! Antivirus
  2. Running - more than one - antivirus program is not recommended because:
    1. They can conflict with each other.
    2. Report the other antivirus software as malicious.
    3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
    4. Can cause your computer to run slowly, become unstable and crash.
  3. I strongly suggest you uninstall one of them. Which one is your decision, but if you asked me, I would recommend you to uninstall Microsoft Security Essentials.

Then please do the following:

Step 1.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 2.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 3.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Sn].txt log file
  3. Contents of the JRT.txt log file
  4. Contents of a OTL.txt log file
  5. Contents of a Extras.txt log file
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Redirecting to iLivid and other websites

Unread postby goalie79 » March 22nd, 2015, 3:33 pm

1 - I had no challenges executing any of the steps :)
2 - Microsoft Security Essentials has been uninstalled. The only AV program now in place is Avast Free Antivirus 2015, with virus definitions current version 150322-0, latest update received 3/22/15, 1:48:03 pm.
3 - Avast AV was disabled for all of the following steps
4 - AdwCleaner verison 4.112 executed, logs follow. Note; this program was found and executed in the days prior to requesting assistance from the forum, and I have those logs as well if there is interest.
------------
# AdwCleaner v4.112 - Logfile created 22/03/2015 at 14:05:39
# Updated 09/03/2015 by Xplode
# Database : 2015-03-22.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Dawn - DAWNDESKTOP
# Running from : C:\Users\Dawn\Desktop\032215_malware_Issue\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
File Deleted : C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


-\\ Google Chrome v41.0.2272.101

[C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... 000YYUS&q={searchTerms}
[C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... 000YYUS&q={searchTerms}
[C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1985 bytes] - [14/03/2015 17:03:21]
AdwCleaner[R1].txt - [919 bytes] - [15/03/2015 14:30:36]
AdwCleaner[R2].txt - [2293 bytes] - [22/03/2015 14:03:00]
AdwCleaner[S0].txt - [2067 bytes] - [14/03/2015 17:10:27]
AdwCleaner[S1].txt - [2234 bytes] - [22/03/2015 14:05:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2293 bytes] ##########
goalie79
Regular Member
 
Posts: 36
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites - JRT Reply

Unread postby goalie79 » March 22nd, 2015, 3:36 pm

Junkware Removal Tool V 6.4.5 executed. A redirected popup occurred when first attempting to download JRT. Closing and reopening the redirected browser tabs allowed the program to eventually be obtained.
-----
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Professional x64
Ran by Dawn on Sun 03/22/2015 at 14:14:16.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Dawn\AppData\Roaming\mozilla\firefox\profiles\4nkuiskk.default-1426366701779\prefs.js

user_pref("services.sync.passwords.syncID", "EtKD_V9-3iOL");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/22/2015 at 14:21:06.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
goalie79
Regular Member
 
Posts: 36
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites - OTL Reply

Unread postby goalie79 » March 22nd, 2015, 3:38 pm

OTL Version 3.2.69.0 executed. OTL log file follows.
---------
OTL logfile created on: 3/22/2015 3:13:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawn\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17691)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 69.68% Memory free
7.87 Gb Paging File | 6.42 Gb Available in Paging File | 81.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 73.25 Gb Free Space | 49.18% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 133.89 Gb Free Space | 57.49% Space Free | Partition Type: NTFS

Computer Name: DAWNDESKTOP | User Name: Dawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/03/22 12:11:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
PRC - [2015/03/18 18:48:47 | 005,511,352 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/03/18 06:47:45 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/12/03 02:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/05/19 16:05:10 | 003,414,560 | R--- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
PRC - [2014/05/19 16:05:10 | 001,436,192 | R--- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
PRC - [2013/03/11 16:44:38 | 000,404,384 | ---- | M] (Intel) -- C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe
PRC - [2013/03/11 16:43:58 | 003,209,184 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe
PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2015/03/18 06:47:54 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/03/18 06:47:52 | 001,359,872 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libGLESv2.dll
MOD - [2015/03/18 06:47:52 | 000,212,992 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libEGL.dll
MOD - [2015/03/18 06:47:50 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/03/18 06:47:45 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2013/03/11 15:52:14 | 001,526,080 | ---- | M] () -- C:\Program Files (x86)\Common Files\Intel\Home\icudt38.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015/03/18 06:47:45 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/03/18 06:47:10 | 004,030,800 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2015/02/19 22:35:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/03/21 21:24:38 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/03/14 17:18:38 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 02:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/05/19 16:05:10 | 001,436,192 | R--- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)
SRV - [2014/04/12 00:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/03/11 16:46:52 | 001,127,944 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe -- (IntSch2Svc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/03/18 06:48:02 | 000,441,728 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/03/18 06:48:02 | 000,268,640 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/03/18 06:48:02 | 000,136,752 | ---- | M] (Avast Software s.r.o.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/03/18 06:48:02 | 000,088,408 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015/03/18 06:48:02 | 000,065,736 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/03/18 06:48:01 | 000,093,528 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/03/18 06:48:01 | 000,029,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/03/18 06:47:28 | 001,047,320 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2015/03/18 06:47:10 | 000,273,824 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2015/02/21 12:33:57 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2015/02/21 12:33:55 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2014/08/16 00:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/04/15 15:51:58 | 000,102,808 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2013/04/15 15:51:52 | 000,410,008 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2012/11/12 08:55:50 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2012/11/12 08:55:50 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/11/23 21:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 21:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-961907201-2733856658-2972413326-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-961907201-2733856658-2972413326-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.loudoun.k12.va.us/mses
IE - HKU\S-1-5-21-961907201-2733856658-2972413326-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-961907201-2733856658-2972413326-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-961907201-2733856658-2972413326-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 3E DC E4 98 5E D0 01 [binary data]
IE - HKU\S-1-5-21-961907201-2733856658-2972413326-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-961907201-2733856658-2972413326-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-961907201-2733856658-2972413326-1001\..\SearchScopes\{0E11A243-082B-4A31-8BC3-CEDD8C6231E0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.highlightCount: 2
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "http://www.loudoun.k12.va.us/mses"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.2.0.187
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/03/18 06:48:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2014/04/05 08:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Extensions
[2015/03/20 13:01:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\4nkuiskk.default-1426366701779\extensions
[2015/03/15 15:31:03 | 001,444,177 | ---- | M] () (No name found) -- C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\4nkuiskk.default-1426366701779\extensions\firefox@ghostery.com.xpi
[2015/03/21 21:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/03/21 21:24:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/03/18 06:48:05 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi\3.0.4.2_0\
CHR - Extension: No name found = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\
CHR - Extension: No name found = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpomcmpdonjdffeabllcklpbnfdknnko\1.2.1_0\
CHR - Extension: No name found = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_1\
CHR - Extension: No name found = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.3_0\
CHR - Extension: No name found = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
CHR - Extension: No name found = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (Avast Software s.r.o.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-961907201-2733856658-2972413326-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Intel Scheduler2 Service] C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe (Intel)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DataMigrationSoftwareMonitor.exe] C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe (Intel)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKU\.DEFAULT..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" File not found
O4 - HKU\S-1-5-18..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-961907201-2733856658-2972413326-1001..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-961907201-2733856658-2972413326-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-961907201-2733856658-2972413326-1001..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKU\S-1-5-21-961907201-2733856658-2972413326-1001..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/nirvana/controls/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D74DAE36-9A2F-49AB-8F5D-4C7AC6128AFE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/03/22 12:10:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
[2015/03/22 11:11:25 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Desktop\032215_malware_Issue
[2015/03/21 21:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/03/20 13:12:49 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Difx2fa8.rra
[2015/03/18 06:48:06 | 000,364,472 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\aswBoot.exe
[2015/03/18 06:47:50 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr
[2015/03/15 15:43:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/03/15 15:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2015/03/15 15:24:45 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Local\Logitech
[2015/03/15 15:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2015/03/15 15:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2015/03/15 15:15:24 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Logitech
[2015/03/15 15:15:24 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Logishrd
[2015/03/14 17:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2015/03/14 17:03:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/03/14 16:58:29 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Desktop\Old Firefox Data
[2015/03/10 16:50:57 | 000,372,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015/03/10 16:50:57 | 000,299,008 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015/03/10 16:50:57 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015/03/10 16:50:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2015/03/10 16:50:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015/03/10 16:50:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2015/03/10 16:50:56 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2015/03/10 16:50:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2015/03/10 16:50:27 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2015/03/10 16:50:26 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2015/03/10 16:50:26 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2015/03/10 16:50:22 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2015/03/10 16:50:20 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2015/03/10 16:50:18 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2015/03/10 16:50:18 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2015/03/10 16:50:18 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2015/03/10 16:50:17 | 005,554,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/03/10 16:50:15 | 011,411,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2015/03/10 16:50:12 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2015/03/10 16:50:11 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2015/03/10 16:50:10 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2015/03/10 16:50:08 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2015/03/10 16:50:07 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2015/03/10 16:50:06 | 003,973,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/03/10 16:50:05 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/03/10 16:50:04 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2015/03/10 16:50:03 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2015/03/10 16:50:02 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2015/03/10 16:50:02 | 000,616,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2015/03/10 16:50:02 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2015/03/10 16:50:01 | 000,532,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2015/03/10 16:50:00 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2015/03/10 16:50:00 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2015/03/10 16:49:59 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2015/03/10 16:49:59 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2015/03/10 16:49:58 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2015/03/10 16:49:56 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2015/03/10 16:49:55 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2015/03/10 16:49:55 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2015/03/10 16:49:55 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2015/03/10 16:49:54 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/03/10 16:49:54 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2015/03/10 16:49:54 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2015/03/10 16:49:54 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2015/03/10 16:49:53 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2015/03/10 16:49:53 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2015/03/10 16:49:53 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/03/10 16:49:53 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2015/03/10 16:49:52 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2015/03/10 16:49:52 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2015/03/10 16:49:52 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2015/03/10 16:49:50 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2015/03/10 16:49:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2015/03/10 16:49:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2015/03/10 16:49:49 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2015/03/10 16:49:48 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2015/03/10 16:49:48 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2015/03/10 16:49:48 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2015/03/10 16:49:48 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2015/03/10 16:49:47 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2015/03/10 16:49:47 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2015/03/10 16:49:47 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2015/03/10 16:49:47 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2015/03/10 16:49:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2015/03/10 16:49:47 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/03/10 16:49:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2015/03/10 16:49:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2015/03/10 16:49:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2015/03/10 16:49:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcawrk.exe
[2015/03/10 16:49:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmmsp.dll
[2015/03/10 16:49:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2015/03/10 16:49:46 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2015/03/10 16:49:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2015/03/10 16:49:43 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2015/03/10 16:49:43 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2015/03/10 16:49:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2015/03/10 16:49:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2015/03/10 16:49:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2015/03/10 16:49:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2015/03/10 16:49:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2015/03/10 16:49:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2015/03/10 16:49:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2015/03/10 16:49:42 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2015/03/10 16:49:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2015/03/10 16:49:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2015/03/10 16:49:11 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2015/03/10 16:49:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2015/03/10 16:49:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2015/03/10 16:48:07 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2015/03/10 16:48:06 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2015/03/10 16:47:56 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/03/10 16:47:53 | 001,067,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2015/03/10 16:47:46 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/03/10 16:47:45 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/03/10 16:47:45 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/03/10 16:47:44 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/03/10 16:47:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/03/10 16:47:44 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/03/10 16:47:44 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/03/10 16:47:43 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/03/10 16:47:43 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/03/10 16:47:43 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/03/10 16:47:43 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/03/10 16:47:43 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/03/10 16:47:43 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/03/10 16:47:30 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/03/10 16:47:30 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/03/10 16:47:30 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/03/10 16:47:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/03/10 16:47:25 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/03/10 16:47:25 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/03/10 16:47:24 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/03/10 16:47:24 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/03/10 16:47:24 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/03/10 16:47:24 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/03/10 16:47:21 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/03/10 16:47:21 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/03/10 16:47:21 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/03/10 16:47:20 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/03/10 16:47:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/03/10 16:47:19 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/03/10 16:47:18 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/03/10 16:47:18 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/03/10 16:47:18 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/03/10 16:47:18 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/03/10 16:47:17 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/03/10 16:47:17 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/03/10 16:47:16 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/03/10 16:47:15 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/03/10 16:47:12 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/03/10 16:47:11 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/03/10 16:47:08 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/03/10 16:47:08 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/03/10 16:47:07 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/03/10 16:47:07 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/03/10 16:47:07 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/03/10 16:47:06 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/03/10 16:47:06 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/03/10 16:47:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/03/10 16:47:03 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/03/10 16:46:45 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2015/03/10 16:46:41 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2015/03/07 14:29:47 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Oracle
[2015/03/07 14:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/03/07 14:16:57 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015/03/07 14:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015/03/07 14:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2015/03/03 18:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2015/03/03 18:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2015/02/25 17:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2015/02/22 13:58:21 | 000,000,000 | ---D | C] -- C:\Users\Dawn\Documents\My eBooks
[2015/02/22 05:27:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vbox
[2015/02/22 05:27:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vbox
[2015/02/22 05:15:53 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\AVAST Software
[2015/02/22 05:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/02/22 05:13:46 | 000,136,752 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/02/22 05:13:45 | 000,441,728 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswSP.sys
[2015/02/22 05:13:44 | 000,088,408 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2015/02/22 05:13:43 | 000,093,528 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/02/22 05:13:40 | 001,047,320 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2015/02/22 05:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/02/22 05:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/02/22 05:01:24 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/22 05:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/02/22 05:00:52 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/02/22 05:00:52 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/02/22 05:00:52 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/02/22 05:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/02/22 05:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/02/22 04:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/02/22 04:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/02/22 03:36:53 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015/02/21 16:36:22 | 000,000,000 | RHSD | C] -- C:\acroldr
[2015/02/21 13:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SyncToy 2.1
[2015/02/21 12:35:44 | 000,000,000 | ---D | C] -- C:\Users\Dawn\AppData\Roaming\Intel
[2015/02/21 12:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2015/02/21 12:33:57 | 000,340,104 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2015/02/21 12:33:55 | 000,155,272 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\fltsrv.sys
[2015/02/21 12:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2015/02/21 12:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2015/02/21 12:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2015/02/21 11:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2015/02/21 10:43:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2015/02/21 10:43:04 | 000,000,000 | -H-D | C] -- C:\Users\Dawn\InstallAnywhere
[2015/02/21 09:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2015/02/21 09:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2015/02/21 09:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2015/02/21 09:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2015/02/21 09:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2015/02/21 09:08:21 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perftrack.dll
[2015/02/21 09:08:21 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powertracker.dll
[2015/02/21 09:08:14 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/02/21 09:08:14 | 000,894,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015/02/21 09:08:14 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/02/21 09:08:13 | 001,239,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2015/02/21 09:08:13 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/02/21 09:08:13 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/02/21 09:08:13 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015/02/21 09:08:13 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2015/02/21 09:07:37 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2015/02/21 09:07:19 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2015/02/21 09:07:19 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll

========== Files - Modified Within 30 Days ==========

[2015/03/22 14:55:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/03/22 14:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/03/22 14:14:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/03/22 14:14:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/03/22 14:07:28 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/03/22 14:06:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/03/22 14:06:37 | 3168,706,560 | -HS- | M] () -- C:\hiberfil.sys
[2015/03/22 13:57:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2015/03/22 12:11:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dawn\Desktop\OTL.exe
[2015/03/20 16:57:34 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/03/20 15:51:07 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/03/19 21:47:14 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/03/19 21:47:14 | 000,662,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/03/19 21:47:14 | 000,121,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/03/19 21:37:02 | 000,411,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/03/18 06:48:02 | 000,441,728 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswSP.sys
[2015/03/18 06:48:02 | 000,268,640 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/03/18 06:48:02 | 000,136,752 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/03/18 06:48:02 | 000,088,408 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2015/03/18 06:48:02 | 000,065,736 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/03/18 06:48:01 | 000,364,472 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\aswBoot.exe
[2015/03/18 06:48:01 | 000,093,528 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/03/18 06:48:01 | 000,029,168 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2015/03/18 06:47:50 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr
[2015/03/18 06:47:28 | 001,047,320 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2015/03/14 17:18:38 | 000,778,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/03/14 17:18:38 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/03/09 19:37:20 | 000,069,477 | ---- | M] () -- C:\Users\Dawn\Desktop\2015 caremark RX card.pdf
[2015/03/07 14:16:21 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015/03/07 14:14:22 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2015/03/06 01:42:35 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/03/06 01:42:35 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/03/06 01:42:33 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/03/06 01:42:29 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/03/06 01:42:27 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/03/06 01:41:31 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/03/06 01:39:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/03/06 01:38:57 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/03/06 01:36:56 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/03/06 01:09:31 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/03/06 01:07:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/03/06 01:07:43 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/03/06 01:06:20 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/02/28 15:58:58 | 000,018,902 | ---- | M] () -- C:\Users\Dawn\Documents\state farm letter.pdf
[2015/02/28 11:34:01 | 000,128,813 | ---- | M] () -- C:\Users\Dawn\Documents\windows not genuine.pdf
[2015/02/26 01:33:19 | 000,002,110 | ---- | M] () -- C:\Users\Dawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2015/02/25 17:35:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2015/02/23 11:44:48 | 000,375,674 | ---- | M] () -- C:\Users\Dawn\Documents\jeff back ssn.pdf
[2015/02/23 11:43:36 | 000,276,455 | ---- | M] () -- C:\Users\Dawn\Documents\jeff ssn.pdf
[2015/02/23 11:42:50 | 000,280,250 | ---- | M] () -- C:\Users\Dawn\Documents\jeff passport.pdf
[2015/02/23 00:37:14 | 000,000,754 | ---- | M] () -- C:\Users\Dawn\Desktop\2015.lnk
[2015/02/22 05:15:17 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/02/22 05:01:04 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/22 04:52:14 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/02/21 13:15:36 | 000,002,597 | ---- | M] () -- C:\Users\Dawn\Desktop\SyncToy 2.1.lnk
[2015/02/21 12:33:57 | 000,340,104 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2015/02/21 12:33:55 | 000,155,272 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\fltsrv.sys
[2015/02/21 12:33:53 | 000,001,239 | ---- | M] () -- C:\Users\Public\Desktop\Intel® Data Migration Software.lnk
[2015/02/21 11:00:48 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\Intel SSD Toolbox.lnk
[2015/02/21 09:17:56 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/02/20 19:58:53 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/02/20 19:32:48 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

========== Files Created - No Company Name ==========

[2015/03/09 19:37:19 | 000,069,477 | ---- | C] () -- C:\Users\Dawn\Desktop\2015 caremark RX card.pdf
[2015/02/28 15:58:58 | 000,018,902 | ---- | C] () -- C:\Users\Dawn\Documents\state farm letter.pdf
[2015/02/28 11:34:00 | 000,128,813 | ---- | C] () -- C:\Users\Dawn\Documents\windows not genuine.pdf
[2015/02/25 17:35:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2015/02/23 11:44:48 | 000,375,674 | ---- | C] () -- C:\Users\Dawn\Documents\jeff back ssn.pdf
[2015/02/23 11:43:36 | 000,276,455 | ---- | C] () -- C:\Users\Dawn\Documents\jeff ssn.pdf
[2015/02/23 11:40:22 | 000,280,250 | ---- | C] () -- C:\Users\Dawn\Documents\jeff passport.pdf
[2015/02/23 00:36:55 | 000,000,754 | ---- | C] () -- C:\Users\Dawn\Desktop\2015.lnk
[2015/02/22 05:15:17 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/02/22 05:13:45 | 000,268,640 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/02/22 05:13:45 | 000,065,736 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/02/22 05:13:43 | 000,029,168 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2015/02/22 05:01:04 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/22 04:52:14 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/02/21 13:15:36 | 000,002,597 | ---- | C] () -- C:\Users\Dawn\Desktop\SyncToy 2.1.lnk
[2015/02/21 12:33:53 | 000,001,239 | ---- | C] () -- C:\Users\Public\Desktop\Intel® Data Migration Software.lnk
[2015/02/21 10:44:18 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\Intel SSD Toolbox.lnk
[2015/02/21 09:17:56 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/05/21 19:55:31 | 000,773,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/11 07:40:26 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2014/04/11 07:40:21 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2014/04/05 22:13:25 | 000,000,257 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2014/04/05 22:13:25 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2014/04/05 20:07:24 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2014/04/05 20:07:23 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2014/04/05 20:07:23 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2014/04/05 18:18:24 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2014/04/05 08:49:54 | 000,007,607 | ---- | C] () -- C:\Users\Dawn\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 01:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 01:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/02/22 05:15:53 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\AVAST Software
[2015/02/21 09:44:39 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Garmin
[2014/04/11 08:25:37 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\NewSoft
[2015/03/07 14:29:47 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Oracle
[2015/02/22 10:37:38 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\rmi
[2014/04/05 09:14:30 | 000,000,000 | ---D | M] -- C:\Users\Dawn\AppData\Roaming\Thunderbird
[2014/06/12 04:46:06 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Garmin
[2014/06/12 04:46:06 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Garmin

========== Purity Check ==========

< End of report >
goalie79
Regular Member
 
Posts: 36
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites - OTL_Extras Re

Unread postby goalie79 » March 22nd, 2015, 3:39 pm

OTL Extras logfile created on: 3/22/2015 3:13:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dawn\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17691)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 69.68% Memory free
7.87 Gb Paging File | 6.42 Gb Available in Paging File | 81.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 73.25 Gb Free Space | 49.18% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 133.89 Gb Free Space | 57.49% Space Free | Partition Type: NTFS

Computer Name: DAWNDESKTOP | User Name: Dawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-961907201-2733856658-2972413326-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00320B96-0519-4C6E-A22B-D2D92BD123CB}" = lport=137 | protocol=17 | dir=in | app=system |
"{04B9A4F1-1221-4831-B5FD-004B51ECB257}" = rport=139 | protocol=6 | dir=out | app=system |
"{11C1E916-FC0B-4EBB-8B78-27C3261CA528}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D021AB1-1D45-4DFD-9095-CA199EC1ED65}" = rport=138 | protocol=17 | dir=out | app=system |
"{2799FB87-64F0-45CA-874B-709E59273345}" = lport=54045 | protocol=17 | dir=in | app=c:\program files\logitech gaming software\lcore.exe |
"{3CBA7F55-1539-4906-ABB8-6D8137A1D437}" = rport=10243 | protocol=6 | dir=out | app=system |
"{42EC2F1D-3D30-46ED-9D53-FDF5A5FF07F6}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{48D6AD1D-4958-46B2-8910-621102DE1784}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54DFF752-2349-48EF-AFEB-879168C55CB1}" = lport=139 | protocol=6 | dir=in | app=system |
"{6BD8542E-440E-43E0-8CC6-0D947EEA6727}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AB42872-036E-45C3-8B46-278FDB8F04A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80D64BCC-668B-4ED9-8E62-499248D9D4C7}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{8F659F5A-9CCA-4ADE-8363-FBC9F354F01A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{919B110E-BE50-4574-B873-5E334B7AE026}" = lport=3389 | protocol=6 | dir=in | app=system |
"{92AF054D-8507-4E7B-9E39-873B54019EFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B42CE8D-34D5-4493-B242-B356276F724E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F2CFCCF-063B-4699-8436-2B2EBEDD89A0}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD366864-E193-4299-93A8-8046C8E86223}" = rport=137 | protocol=17 | dir=out | app=system |
"{BD837005-4697-4AE6-973A-41DEAA3258F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BED99A4B-6109-4E9C-AC39-E0CF20662C45}" = lport=445 | protocol=6 | dir=in | app=system |
"{C450D6A8-00D7-4BDC-B7CB-D4973ECAD663}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{CADC077B-4E68-4324-AFBA-F20065E7733C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF90A00D-8762-4CA5-87B4-D97417628CF8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D1B4F2B4-B846-4B78-8121-C196E471CAAD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D8590A32-0EDA-4B6F-97AF-6EC9C4018132}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DE07133A-6DB1-46E0-B382-28B8F3CC3D92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4B412B3-4E7D-4AD1-A27C-75940E441A4F}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{E59DB706-DF4C-43D0-8A31-88BAC92E4DC8}" = rport=445 | protocol=6 | dir=out | app=system |
"{EBF04FB2-568A-4918-9F2B-239E82358DB7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01697D92-E27E-4B8D-9CC2-5F4362D3A425}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{131011E8-9506-49C6-993B-9C866AF3AADB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{18093388-2360-4277-879C-0E380348B52F}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08j\faxrx.exe |
"{1DA8E6DD-0B77-4D97-8379-0723CDED8297}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2183B9EC-51F0-4ABE-BAF1-37E31CA2D318}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{23889834-5521-4E15-85F7-15872AA7769F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{280A83CD-A118-4B12-8872-72A319618EBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2AC80790-B57B-4A9B-B6C8-50DC581ECF05}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D9E32C9-FBBD-4F54-87FE-89535ED5DA9E}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{3A7D16FB-B2D8-444F-84A6-B19138B9E453}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C0D5D44-1D2B-481B-88C0-C712F719F918}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{416EAF27-0717-491A-8BD2-F085525AC823}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{524E5B48-A681-4CFA-9195-544EF2731E1D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{52E4883A-8BD8-407F-BD8D-B8C30FADAC20}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{55D1E07A-8DDC-47C1-B244-1601CE5F0523}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{5DD11886-1393-4BF2-A37B-8CE94EE5D7C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{60DCAEFF-D8E6-44E9-93E8-3C29EFF961A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D9AAD19-B5DE-4388-99F7-341A48F1D81B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6DDB68C3-AF0A-4C9B-865E-DA5F2000F9C6}" = protocol=6 | dir=in | app=c:\program files\logitech gaming software\lcore.exe |
"{78CC84AA-8018-45AF-90DC-311407F4E679}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{809548FF-DF8D-4250-BABF-A14AD5A3E935}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{89ADA23F-4AA5-401C-92B7-6BA67FAC8FE3}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{935D73E0-6C06-4169-A326-58868B3781E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95779EBC-1F29-4BA1-ACE6-5C427CD98725}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A1112076-4E3B-4939-839F-69C858186DB2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A4A17B9A-55DD-45EE-9FB2-20E9F7EAC15E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B5787283-33E9-4135-8008-EF8844FC349F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BF212AF8-4CCE-47EF-9581-F8A1F64AA6FF}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08j\faxrx.exe |
"{C9262826-E7FE-4248-97E1-B4378F8F4A65}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CC6CAF2F-665A-42F7-91A6-6F1BA798E608}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D64CB4F5-3BEE-4315-BA71-2C726F6C5AFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB3F0813-10E2-4389-AF06-833000291FB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC56D7A8-408B-4992-A4E8-B9C6748A6F0F}" = protocol=6 | dir=out | app=system |
"{E54E4AD1-0492-4E96-85BC-9D2859212A75}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA55498D-04A7-4422-BFED-B6C2ACDC93A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DF7096B-715A-4233-8633-C7A16ED6D616}" = Apple Application Support (64-bit)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{309768A4-A2BB-4930-A5A2-8169678C9B4C}" = iCloud
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C4123106-B685-48E6-B9BD-E4F911841EB4}" = Apple Mobile Device Support
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D227565A-0033-40AD-89BA-653A205CDC11}" = iTunes
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.58
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06D085C8-1F00-11B2-96A7-8f0CE39193ED}" = Intel® SSD Toolbox
"{06F7C876-844A-49C0-A595-9844B2B8CDE9}" = Intel® Data Migration Software
"{06F7C876-844A-49C0-A595-9844B2B8CDE9}Visible" = Intel® Data Migration Software
"{26A24AE4-039D-4CA4-87B4-2F83218040F0}" = Java 8 Update 40
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{447CDCE5-F555-429B-BFA6-642C3C6D684F}" = Apple Application Support (32-bit)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}" = Brother MFL-Pro Suite MFC-9325CW
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}" = Fitbit Connect
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 17 ActiveX
"Avast" = Avast Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 36.0.4 (x86 en-US)" = Mozilla Firefox 36.0.4 (x86 en-US)
"Mozilla Thunderbird 31.5.0 (x86 en-US)" = Mozilla Thunderbird 31.5.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 3/22/2015 3:01:17 PM | Computer Name = DawnDesktop | Source = DCOM | ID = 10010
Description =

< End of report >
goalie79
Regular Member
 
Posts: 36
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites-ADWCleaner

Unread postby goalie79 » March 22nd, 2015, 3:40 pm

# AdwCleaner v4.112 - Logfile created 22/03/2015 at 14:05:39
# Updated 09/03/2015 by Xplode
# Database : 2015-03-22.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Dawn - DAWNDESKTOP
# Running from : C:\Users\Dawn\Desktop\032215_malware_Issue\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
File Deleted : C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


-\\ Google Chrome v41.0.2272.101

[C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... 000YYUS&q={searchTerms}
[C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... 000YYUS&q={searchTerms}
[C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1985 bytes] - [14/03/2015 17:03:21]
AdwCleaner[R1].txt - [919 bytes] - [15/03/2015 14:30:36]
AdwCleaner[R2].txt - [2293 bytes] - [22/03/2015 14:03:00]
AdwCleaner[S0].txt - [2067 bytes] - [14/03/2015 17:10:27]
AdwCleaner[S1].txt - [2234 bytes] - [22/03/2015 14:05:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2293 bytes] ##########
goalie79
Regular Member
 
Posts: 36
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites-AdwCleaner Log

Unread postby goalie79 » March 22nd, 2015, 4:09 pm

# AdwCleaner v4.112 - Logfile created 22/03/2015 at 14:05:39
# Updated 09/03/2015 by Xplode
# Database : 2015-03-22.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Dawn - DAWNDESKTOP
# Running from : C:\Users\Dawn\Desktop\032215_malware_Issue\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
File Deleted : C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


-\\ Google Chrome v41.0.2272.101

[C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... 000YYUS&q={searchTerms}
[C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... 000YYUS&q={searchTerms}
[C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1985 bytes] - [14/03/2015 17:03:21]
AdwCleaner[R1].txt - [919 bytes] - [15/03/2015 14:30:36]
AdwCleaner[R2].txt - [2293 bytes] - [22/03/2015 14:03:00]
AdwCleaner[S0].txt - [2067 bytes] - [14/03/2015 17:10:27]
AdwCleaner[S1].txt - [2234 bytes] - [22/03/2015 14:05:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2293 bytes] ##########
goalie79
Regular Member
 
Posts: 36
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites - computer beha

Unread postby goalie79 » March 22nd, 2015, 11:04 pm

Upon returning to check the status of your data review, I received a redirect to a date chat website. The redirect situation remains. Shall I re-execute the steps again ?
goalie79
Regular Member
 
Posts: 36
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » March 23rd, 2015, 1:08 am

Hello goalie79,

Shall I re-execute the steps again ?
No. You don't need to do anything that I don't ask you to do. The same situation occurred when you come to any medical doctor - he should find the diagnosis firstly and then to select the right treatment.
I try to do the same - I ask you to run different scanners, analyze the logs and then when I will be sure that I understand your problems completely, I will try to remove infection...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    CHR - Extension: No name found = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
    CHR - Extension: No name found = C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
TDSSKiller - Rootkit Removal Tool Image
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator...".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. Click Change parameters
  4. Under Additional Options CHECK Verify file digital signatures
  5. IMPORTANT: Ensure Detect TDLFS file system remains UNCHECKED.
  6. Click OK if changes were made.
  7. Click Start scan and allow it to scan for Malicious objects.
    • If Malicious objects are detected, the default action will be Cure, ensure SKIP is selected... then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected... then click Continue
    DO NOT change the default actions, other than CURE to SKIP.
  8. You may be asked to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  9. A log will be created on your root drive (usually C:) drive. The log will have a name like Name.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  10. If no reboot is required, click on Report. A log file should appear.
  11. Please post the contents of the log file in your next reply

Step 4.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *istart123*
    *MyWay*
    *pricegong*
    *SafeGuard*
    *Searchqu*
    *Searchnu*
    *smartbar*
    *searchab*
    *sprotector*
    *superfish*
    *Tarma*
    *trolltech*
    *Vosteran*
    *Vafmusic2*
    *vshare*
    *wajam*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *istart123*
    *MyWay*
    *pricegong*
    *SafeGuard*
    *Searchqu*
    *Searchnu*
    *searchab*
    *sprotector*
    *superfish*
    *Tarma*
    *trolltech*
    *Vafmusic2*
    *Vosteran*
    *vshare*
    *wajam*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Conduit
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    istart123
    MyWay
    pricegong
    SafeGuard
    Searchqu
    Searchnu
    searchab
    smartbar
    sprotector
    superfish
    Tarma
    trolltech
    Vafmusic2
    Vosteran
    vshare
    whitesmoke
    wajam
    Yontoo
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  4. Contents of the SystemLook.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Redirecting to iLivid and other websites-OTL Run Fix Scr

Unread postby goalie79 » March 23rd, 2015, 7:58 am

- No challenge running the fix script, and executed OTl from Desktop.
- viewed a message at bottom of screen - Killing Processes - DO NOT INTERRUPT
- received a popup on step 6 - Windows encountered a critical problem and will restart automatically. Clicked Close, then after a few more seconds received a 'Requires a Reboot'. Clicked OK.
- During Step 7 upon reboot received an OTL 'Run" request, clicked Run.
- contents of results provided below.
----------------
All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_metadata folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\zh_TW folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\zh_CN folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\vi folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\uk folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\tr folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\th folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\sv folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\sr folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\sl folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\sk folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ru folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ro folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\pt_PT folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\pt_BR folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\pl folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\no folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\nl folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\lv folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\lt folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ko folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ja folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\it folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\id folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\hu folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\hr folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\hi folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\he folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\fr folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\fil folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\fi folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\es folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\en folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\el folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\de folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\da folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\cs folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ca folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\bg folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales\ar folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\_locales folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0 folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_metadata folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_TW folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_CN folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\vi folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\uk folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\tr folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\th folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sv folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sr folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sl folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sk folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ru folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ro folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_PT folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_BR folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pl folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nl folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nb folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lv folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lt folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ko folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ja folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\it folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\id folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hu folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hr folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hi folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fr folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fil folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fi folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\et folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es_419 folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en_GB folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\el folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\de folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\da folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\cs folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ca folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\bg folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\html folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\css folder moved successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0 folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dawn\Desktop\cmd.bat deleted successfully.
C:\Users\Dawn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Dawn
->Flash cache emptied: 602 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Dawn
->Java cache emptied: 980511 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 1.00 mb


[EMPTYTEMP]

User: All Users

User: Dawn
->Temp folder emptied: 73976547 bytes
->Temporary Internet Files folder emptied: 6442867 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28955215 bytes
->Google Chrome cache emptied: 276505004 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54716 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43291969 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 409.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03232015_074739

Files\Folders moved on Reboot...
C:\Users\Dawn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dawn\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\avast_ash\Mozilla Firefox\update.xml.part not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
goalie79
Regular Member
 
Posts: 36
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites-SystemLook log

Unread postby goalie79 » March 23rd, 2015, 8:49 am

- No challenge runnning SystemLook
- redirect occurred when attempting to reply to this thread
- copy of SystemLook log follows
----
SystemLook 30.07.11 by jpshortstuff
Log created at 08:13 on 23/03/2015 by Dawn
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z --a---- 2501248 bytes [22:45 03/03/2015] [22:45 03/03/2015] F6F143D2FFE54207BC697BBBA36F399A

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1339720 bytes [16:43 08/01/2015] [16:43 08/01/2015] DB8067D875E6A9BC14C32B18E42969D5

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*istart123*"
No files found.

Searching for "*MyWay*"
No files found.

Searching for "*pricegong*"
No files found.

Searching for "*SafeGuard*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*sprotector*"
No files found.

Searching for "*superfish*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*Vosteran*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*wajam*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
C:\Users\Dawn\Desktop\032215_malware_Issue\Old Firefox Data\0f00p9he.default\extensions\toolbar@ask.com d------ [20:58 14/03/2015]

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*istart123*"
No folders found.

Searching for "*MyWay*"
No folders found.

Searching for "*pricegong*"
No folders found.

Searching for "*SafeGuard*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*sprotector*"
No folders found.

Searching for "*superfish*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*Vosteran*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*wajam*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"6013214C586B6E849BDB4E9F1148E14B"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\6013214C586B6E849BDB4E9F1148E14B]
"File"="iSyncConduit.dll"

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "istart123"
No data found.

Searching for "MyWay"
No data found.

Searching for "pricegong"
No data found.

Searching for "SafeGuard"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "searchab"
No data found.

Searching for "smartbar"
No data found.

Searching for "sprotector"
No data found.

Searching for "superfish"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
"DllName"="SuperfishIEAddon.dll;SuperfishIEAddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
"DllName"="SuperfishIEAddon.dll;SuperfishIEAddon.dll"

Searching for "Tarma"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_USERS\S-1-5-21-961907201-2733856658-2972413326-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "Vafmusic2"
No data found.

Searching for "Vosteran"
No data found.

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "wajam"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
goalie79
Regular Member
 
Posts: 36
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » March 23rd, 2015, 2:28 pm

Hello goalie79,

Good job :D , but not complete :( !

I am still waiting for TDSSKiller log...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Redirecting to iLivid-TDSSKiller Report p1 of 2

Unread postby goalie79 » March 23rd, 2015, 2:42 pm

UGH...It WAS submitted :shock: (but I was redirected first, so I wonder (and sorry) it did not go through! :oops:
--------------
log split at scan-global...log too long for one submission
08:00:05.0078 0x17f8 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
08:01:07.0166 0x17f8 ============================================================
08:01:07.0166 0x17f8 Current date / time: 2015/03/23 08:01:07.0166
08:01:07.0166 0x17f8 SystemInfo:
08:01:07.0166 0x17f8
08:01:07.0166 0x17f8 OS Version: 6.1.7601 ServicePack: 1.0
08:01:07.0166 0x17f8 Product type: Workstation
08:01:07.0166 0x17f8 ComputerName: DAWNDESKTOP
08:01:07.0166 0x17f8 UserName: Dawn
08:01:07.0166 0x17f8 Windows directory: C:\Windows
08:01:07.0166 0x17f8 System windows directory: C:\Windows
08:01:07.0166 0x17f8 Running under WOW64
08:01:07.0166 0x17f8 Processor architecture: Intel x64
08:01:07.0166 0x17f8 Number of processors: 2
08:01:07.0166 0x17f8 Page size: 0x1000
08:01:07.0166 0x17f8 Boot type: Normal boot
08:01:07.0166 0x17f8 ============================================================
08:01:08.0976 0x17f8 KLMD registered as C:\Windows\system32\drivers\43499181.sys
08:01:09.0288 0x17f8 System UUID: {8352BEEA-0AA2-B82E-6DB3-3833610A4B37}
08:01:09.0959 0x17f8 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:01:09.0974 0x17f8 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:01:09.0990 0x17f8 ============================================================
08:01:09.0990 0x17f8 \Device\Harddisk0\DR0:
08:01:10.0006 0x17f8 MBR partitions:
08:01:10.0006 0x17f8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:01:10.0006 0x17f8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
08:01:10.0006 0x17f8 \Device\Harddisk1\DR1:
08:01:10.0006 0x17f8 MBR partitions:
08:01:10.0006 0x17f8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
08:01:10.0006 0x17f8 ============================================================
08:01:10.0084 0x17f8 C: <-> \Device\Harddisk0\DR0\Partition2
08:01:10.0099 0x17f8 E: <-> \Device\Harddisk1\DR1\Partition1
08:01:10.0099 0x17f8 ============================================================
08:01:10.0099 0x17f8 Initialize success
08:01:10.0099 0x17f8 ============================================================
08:01:38.0148 0x07e0 ============================================================
08:01:38.0148 0x07e0 Scan started
08:01:38.0148 0x07e0 Mode: Manual;
08:01:38.0148 0x07e0 ============================================================
08:01:38.0148 0x07e0 KSN ping started
08:01:51.0923 0x07e0 KSN ping finished: true
08:01:53.0171 0x07e0 ================ Scan system memory ========================
08:01:53.0171 0x07e0 System memory - ok
08:01:53.0171 0x07e0 ================ Scan services =============================
08:01:53.0514 0x07e0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:01:53.0530 0x07e0 1394ohci - ok
08:01:53.0577 0x07e0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:01:53.0592 0x07e0 ACPI - ok
08:01:53.0623 0x07e0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:01:53.0623 0x07e0 AcpiPmi - ok
08:01:53.0779 0x07e0 [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:01:53.0779 0x07e0 AdobeARMservice - ok
08:01:54.0201 0x07e0 [ B0FE8D243A4EC6727D7EC5019C4B26B1, 6A319A77E19937208237BDBD2A545367EEC7B4B7ED732E0BAF616070C2FD88A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:01:54.0201 0x07e0 AdobeFlashPlayerUpdateSvc - ok
08:01:54.0279 0x07e0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:01:54.0294 0x07e0 adp94xx - ok
08:01:54.0325 0x07e0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:01:54.0325 0x07e0 adpahci - ok
08:01:54.0357 0x07e0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:01:54.0357 0x07e0 adpu320 - ok
08:01:54.0388 0x07e0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:01:54.0388 0x07e0 AeLookupSvc - ok
08:01:54.0528 0x07e0 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
08:01:54.0528 0x07e0 AFD - ok
08:01:54.0575 0x07e0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
08:01:54.0575 0x07e0 agp440 - ok
08:01:54.0622 0x07e0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
08:01:54.0637 0x07e0 ALG - ok
08:01:54.0684 0x07e0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
08:01:54.0700 0x07e0 aliide - ok
08:01:54.0715 0x07e0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
08:01:54.0715 0x07e0 amdide - ok
08:01:54.0762 0x07e0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:01:54.0762 0x07e0 AmdK8 - ok
08:01:54.0778 0x07e0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:01:54.0778 0x07e0 AmdPPM - ok
08:01:54.0825 0x07e0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:01:54.0825 0x07e0 amdsata - ok
08:01:54.0856 0x07e0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:01:54.0856 0x07e0 amdsbs - ok
08:01:54.0871 0x07e0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:01:54.0871 0x07e0 amdxata - ok
08:01:54.0934 0x07e0 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
08:01:54.0934 0x07e0 AppID - ok
08:01:54.0949 0x07e0 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:01:54.0949 0x07e0 AppIDSvc - ok
08:01:54.0996 0x07e0 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
08:01:54.0996 0x07e0 Appinfo - ok
08:01:55.0137 0x07e0 [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:01:55.0137 0x07e0 Apple Mobile Device Service - ok
08:01:55.0230 0x07e0 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
08:01:55.0230 0x07e0 AppMgmt - ok
08:01:55.0277 0x07e0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
08:01:55.0277 0x07e0 arc - ok
08:01:55.0308 0x07e0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:01:55.0324 0x07e0 arcsas - ok
08:01:55.0527 0x07e0 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:01:55.0542 0x07e0 aspnet_state - ok
08:01:55.0573 0x07e0 [ BA4B999D245287608A79C92CDAE6F3C1, 799CC0FB185FDF3438687184944E6F6AB6EE73B3B542542D3C13C0FF1A8C0276 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
08:01:55.0573 0x07e0 aswHwid - ok
08:01:55.0589 0x07e0 [ 245D3A0670491E1F88759EC45C9F7314, 1FFBDDDC6FCD29770B439933EEB8BE1ABA9149193932B2481720E8E9F265A797 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
08:01:55.0589 0x07e0 aswMonFlt - ok
08:01:55.0620 0x07e0 [ BC18D5B42B19564BA09156410E1FB9BE, 0DA9636632462208AE4D360BFE5A8187644B036A0D43E981665D888A5363B953 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
08:01:55.0636 0x07e0 aswRdr - ok
08:01:55.0651 0x07e0 [ 713AFFD4E38553AEF04617C985B4030B, A09FBE4D49390024E8CF93352EACEB5AC53BEE5A4E5A76F5BE0341F8A002C4DD ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
08:01:55.0651 0x07e0 aswRvrt - ok
08:01:55.0761 0x07e0 [ 669F6B37965756E407B447272B5EE39F, FE2C0A8F96415191650485AED637A45B26E7B9A25A4BFB5D809844BD24FD6BA9 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
08:01:55.0776 0x07e0 aswSnx - ok
08:01:55.0870 0x07e0 [ 3A145C94A519E52FE7E99460DD0DF53C, 91E9544B1B72FCC32463BF34838DAA9F14DCABF3BE9FE9382087ACDB3B4FC598 ] aswSP C:\Windows\system32\drivers\aswSP.sys
08:01:55.0885 0x07e0 aswSP - ok
08:01:55.0948 0x07e0 [ 8CDA894FA86D03FB43063D5FD85EFCAE, 20D110ACC84300514557AB6E565CFA0101DA749559B52877A41A509E79314AF6 ] aswStm C:\Windows\system32\drivers\aswStm.sys
08:01:55.0963 0x07e0 aswStm - ok
08:01:56.0010 0x07e0 [ 11644D8399F4AC8BB12C2364DCB87CB4, 828C3A03AB9D5F0650C7B90B7479CCAAD586B22BB7AC6DB7C91E8D9D80427DFB ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
08:01:56.0026 0x07e0 aswVmm - ok
08:01:56.0041 0x07e0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:01:56.0041 0x07e0 AsyncMac - ok
08:01:56.0088 0x07e0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
08:01:56.0104 0x07e0 atapi - ok
08:01:56.0275 0x07e0 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:01:56.0291 0x07e0 AudioEndpointBuilder - ok
08:01:56.0307 0x07e0 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:01:56.0322 0x07e0 AudioSrv - ok
08:01:56.0494 0x07e0 [ 35714DC1ADD995681D890D4382C75721, C1D10F2D47D348DCEA363B676E35A363FE8FA0E24295C4AD90F7EA37826A822D ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:01:56.0509 0x07e0 avast! Antivirus - ok
08:01:56.0931 0x07e0 [ 986B03BCC7679B181EC540249956B080, 35FD1229DD016B0837A2879E685A830034DD36D5F52ECBAFA358299DCB126989 ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
08:01:57.0087 0x07e0 AvastVBoxSvc - ok
08:01:57.0180 0x07e0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:01:57.0180 0x07e0 AxInstSV - ok
08:01:57.0243 0x07e0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:01:57.0243 0x07e0 b06bdrv - ok
08:01:57.0305 0x07e0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:01:57.0305 0x07e0 b57nd60a - ok
08:01:57.0336 0x07e0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
08:01:57.0336 0x07e0 BDESVC - ok
08:01:57.0367 0x07e0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
08:01:57.0383 0x07e0 Beep - ok
08:01:57.0508 0x07e0 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
08:01:57.0523 0x07e0 BFE - ok
08:01:57.0617 0x07e0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
08:01:57.0648 0x07e0 BITS - ok
08:01:57.0679 0x07e0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:01:57.0679 0x07e0 blbdrive - ok
08:01:57.0726 0x07e0 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:01:57.0742 0x07e0 Bonjour Service - ok
08:01:57.0773 0x07e0 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:01:57.0773 0x07e0 bowser - ok
08:01:57.0789 0x07e0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:01:57.0789 0x07e0 BrFiltLo - ok
08:01:57.0804 0x07e0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:01:57.0804 0x07e0 BrFiltUp - ok
08:01:57.0851 0x07e0 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
08:01:57.0851 0x07e0 Browser - ok
08:01:57.0898 0x07e0 [ 63A00CDBEB300522C49EC7CA77324060, 99CB6D37C7D898982A192AAA8DE5CE255E6FA482E19FE9032BAA7069E652F6F5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
08:01:57.0898 0x07e0 BrSerIb - ok
08:01:57.0991 0x07e0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:01:58.0038 0x07e0 Brserid - ok
08:01:58.0069 0x07e0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:01:58.0069 0x07e0 BrSerWdm - ok
08:01:58.0085 0x07e0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:01:58.0085 0x07e0 BrUsbMdm - ok
08:01:58.0101 0x07e0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:01:58.0101 0x07e0 BrUsbSer - ok
08:01:58.0132 0x07e0 [ BBCFD6C6EF66449F55AF1BFDB08C9B12, D6D5D408FCFFF9ED69D095948E786C08EEECD5F55905A3D8FE2BB08944C5E1F2 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
08:01:58.0132 0x07e0 BrUsbSIb - ok
08:01:58.0163 0x07e0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:01:58.0163 0x07e0 BTHMODEM - ok
08:01:58.0210 0x07e0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
08:01:58.0210 0x07e0 bthserv - ok
08:01:58.0225 0x07e0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:01:58.0225 0x07e0 cdfs - ok
08:01:58.0288 0x07e0 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:01:58.0303 0x07e0 cdrom - ok
08:01:58.0335 0x07e0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
08:01:58.0335 0x07e0 CertPropSvc - ok
08:01:58.0413 0x07e0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:01:58.0428 0x07e0 circlass - ok
08:01:58.0475 0x07e0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
08:01:58.0491 0x07e0 CLFS - ok
08:01:58.0818 0x07e0 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:01:58.0834 0x07e0 clr_optimization_v2.0.50727_32 - ok
08:01:58.0927 0x07e0 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:01:58.0927 0x07e0 clr_optimization_v2.0.50727_64 - ok
08:01:59.0021 0x07e0 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:01:59.0146 0x07e0 clr_optimization_v4.0.30319_32 - ok
08:01:59.0177 0x07e0 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:01:59.0193 0x07e0 clr_optimization_v4.0.30319_64 - ok
08:01:59.0239 0x07e0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:01:59.0255 0x07e0 CmBatt - ok
08:01:59.0286 0x07e0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:01:59.0286 0x07e0 cmdide - ok
08:01:59.0333 0x07e0 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
08:01:59.0333 0x07e0 CNG - ok
08:01:59.0380 0x07e0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:01:59.0395 0x07e0 Compbatt - ok
08:01:59.0427 0x07e0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:01:59.0427 0x07e0 CompositeBus - ok
08:01:59.0442 0x07e0 COMSysApp - ok
08:01:59.0458 0x07e0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:01:59.0458 0x07e0 crcdisk - ok
08:01:59.0551 0x07e0 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:01:59.0567 0x07e0 CryptSvc - ok
08:01:59.0629 0x07e0 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
08:01:59.0645 0x07e0 CSC - ok
08:01:59.0707 0x07e0 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
08:01:59.0739 0x07e0 CscService - ok
08:01:59.0817 0x07e0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:01:59.0832 0x07e0 DcomLaunch - ok
08:01:59.0863 0x07e0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
08:01:59.0879 0x07e0 defragsvc - ok
08:01:59.0910 0x07e0 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:01:59.0926 0x07e0 DfsC - ok
08:02:00.0035 0x07e0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:02:00.0051 0x07e0 Dhcp - ok
08:02:00.0082 0x07e0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
08:02:00.0082 0x07e0 discache - ok
08:02:00.0129 0x07e0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:02:00.0129 0x07e0 Disk - ok
08:02:00.0144 0x07e0 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:02:00.0160 0x07e0 Dnscache - ok
08:02:00.0222 0x07e0 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
08:02:00.0222 0x07e0 dot3svc - ok
08:02:00.0253 0x07e0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
08:02:00.0269 0x07e0 DPS - ok
08:02:00.0316 0x07e0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:02:00.0331 0x07e0 drmkaud - ok
08:02:00.0472 0x07e0 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:02:00.0487 0x07e0 DXGKrnl - ok
08:02:00.0534 0x07e0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
08:02:00.0550 0x07e0 EapHost - ok
08:02:00.0690 0x07e0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:02:00.0831 0x07e0 ebdrv - ok
08:02:00.0862 0x07e0 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS C:\Windows\System32\lsass.exe
08:02:00.0877 0x07e0 EFS - ok
08:02:01.0033 0x07e0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:02:01.0065 0x07e0 ehRecvr - ok
08:02:01.0111 0x07e0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
08:02:01.0111 0x07e0 ehSched - ok
08:02:01.0174 0x07e0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:02:01.0189 0x07e0 elxstor - ok
08:02:01.0205 0x07e0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:02:01.0205 0x07e0 ErrDev - ok
08:02:01.0267 0x07e0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
08:02:01.0283 0x07e0 EventSystem - ok
08:02:01.0299 0x07e0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
08:02:01.0314 0x07e0 exfat - ok
08:02:01.0345 0x07e0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:02:01.0361 0x07e0 fastfat - ok
08:02:01.0470 0x07e0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
08:02:01.0486 0x07e0 Fax - ok
08:02:01.0517 0x07e0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:02:01.0517 0x07e0 fdc - ok
08:02:01.0548 0x07e0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
08:02:01.0548 0x07e0 fdPHost - ok
08:02:01.0564 0x07e0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
08:02:01.0564 0x07e0 FDResPub - ok
08:02:01.0595 0x07e0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:02:01.0611 0x07e0 FileInfo - ok
08:02:01.0642 0x07e0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:02:01.0642 0x07e0 Filetrace - ok
08:02:01.0876 0x07e0 [ 31AC02203B716CBF8829343C91C8FD75, 6231A842733887C9A0CD513E9AFEF4A35152F4BCC9706EEAB38DC898B10AF9BD ] Fitbit Connect C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
08:02:01.0923 0x07e0 Fitbit Connect - ok
08:02:01.0938 0x07e0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:02:01.0938 0x07e0 flpydisk - ok
08:02:02.0016 0x07e0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:02:02.0047 0x07e0 FltMgr - ok
08:02:02.0094 0x07e0 [ F0CC1A9106F9FB0F704F6ED95622B43E, DE09E37619B91AD4F43B473A41E6563F4FCFB891A7F9665E8631131A49FA96A1 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
08:02:02.0094 0x07e0 fltsrv - ok
08:02:02.0219 0x07e0 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
08:02:02.0250 0x07e0 FontCache - ok
08:02:02.0281 0x07e0 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:02:02.0297 0x07e0 FontCache3.0.0.0 - ok
08:02:02.0313 0x07e0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:02:02.0313 0x07e0 FsDepends - ok
08:02:02.0344 0x07e0 [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
08:02:02.0344 0x07e0 fssfltr - ok
08:02:02.0391 0x07e0 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:02:02.0391 0x07e0 Fs_Rec - ok
08:02:02.0453 0x07e0 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:02:02.0453 0x07e0 fvevol - ok
08:02:02.0469 0x07e0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:02:02.0469 0x07e0 gagp30kx - ok
08:02:02.0531 0x07e0 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:02:02.0531 0x07e0 GEARAspiWDM - ok
08:02:02.0625 0x07e0 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
08:02:02.0656 0x07e0 gpsvc - ok
08:02:02.0687 0x07e0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:02:02.0687 0x07e0 gupdate - ok
08:02:02.0703 0x07e0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:02:02.0703 0x07e0 gupdatem - ok
08:02:02.0734 0x07e0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:02:02.0734 0x07e0 hcw85cir - ok
08:02:02.0843 0x07e0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:02:02.0859 0x07e0 HdAudAddService - ok
08:02:02.0874 0x07e0 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:02:02.0890 0x07e0 HDAudBus - ok
08:02:02.0890 0x07e0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:02:02.0890 0x07e0 HidBatt - ok
08:02:02.0921 0x07e0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:02:02.0921 0x07e0 HidBth - ok
08:02:02.0937 0x07e0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:02:02.0937 0x07e0 HidIr - ok
08:02:02.0952 0x07e0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
08:02:02.0968 0x07e0 hidserv - ok
08:02:03.0030 0x07e0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:02:03.0030 0x07e0 HidUsb - ok
08:02:03.0061 0x07e0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:02:03.0077 0x07e0 hkmsvc - ok
08:02:03.0124 0x07e0 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:02:03.0139 0x07e0 HomeGroupListener - ok
08:02:03.0155 0x07e0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:02:03.0186 0x07e0 HomeGroupProvider - ok
08:02:03.0217 0x07e0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:02:03.0233 0x07e0 HpSAMD - ok
08:02:03.0311 0x07e0 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:02:03.0327 0x07e0 HTTP - ok
08:02:03.0373 0x07e0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:02:03.0373 0x07e0 hwpolicy - ok
08:02:03.0436 0x07e0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:02:03.0451 0x07e0 i8042prt - ok
08:02:03.0498 0x07e0 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:02:03.0514 0x07e0 iaStorV - ok
08:02:03.0607 0x07e0 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:02:03.0639 0x07e0 idsvc - ok
08:02:03.0654 0x07e0 IEEtwCollectorService - ok
08:02:04.0200 0x07e0 [ C6238C6ABD6AC99F5D152DA4E9439A3D, 6FC490B94CEF523C7C099AEA3D36AB75C9896B1D83D4467D237E698A8E0D9E7B ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:02:04.0559 0x07e0 igfx - ok
08:02:04.0637 0x07e0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:02:04.0637 0x07e0 iirsp - ok
08:02:04.0793 0x07e0 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
08:02:04.0809 0x07e0 IKEEXT - ok
08:02:04.0855 0x07e0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
08:02:04.0855 0x07e0 intelide - ok
08:02:04.0887 0x07e0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:02:04.0887 0x07e0 intelppm - ok
08:02:05.0058 0x07e0 [ EB48BE1B42A2D1F8884184076A8BAC1B, ECDF7468814A090C5297CF5DEB03F427E0580530F9F2DFAB1CDE7A4EEE107264 ] IntSch2Svc C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe
08:02:05.0089 0x07e0 IntSch2Svc - ok
08:02:05.0121 0x07e0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:02:05.0121 0x07e0 IPBusEnum - ok
08:02:05.0167 0x07e0 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:02:05.0183 0x07e0 IpFilterDriver - ok
08:02:05.0230 0x07e0 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:02:05.0245 0x07e0 iphlpsvc - ok
08:02:05.0277 0x07e0 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:02:05.0277 0x07e0 IPMIDRV - ok
08:02:05.0323 0x07e0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:02:05.0339 0x07e0 IPNAT - ok
08:02:05.0401 0x07e0 [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:02:05.0417 0x07e0 iPod Service - ok
08:02:05.0433 0x07e0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:02:05.0433 0x07e0 IRENUM - ok
08:02:05.0479 0x07e0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:02:05.0479 0x07e0 isapnp - ok
08:02:05.0511 0x07e0 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:02:05.0526 0x07e0 iScsiPrt - ok
08:02:05.0542 0x07e0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:02:05.0542 0x07e0 kbdclass - ok
08:02:05.0573 0x07e0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:02:05.0573 0x07e0 kbdhid - ok
08:02:05.0589 0x07e0 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso C:\Windows\system32\lsass.exe
08:02:05.0589 0x07e0 KeyIso - ok
08:02:05.0635 0x07e0 [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:02:05.0651 0x07e0 KSecDD - ok
08:02:05.0667 0x07e0 [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:02:05.0682 0x07e0 KSecPkg - ok
08:02:05.0713 0x07e0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:02:05.0713 0x07e0 ksthunk - ok
08:02:05.0807 0x07e0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
08:02:05.0823 0x07e0 KtmRm - ok
08:02:05.0885 0x07e0 [ 305BB2AC00D46542E0A653AB63F4ABB1, E3BE57A0EBB1194656D20C11688863A7864B06223419F688D82881F9F49604B6 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
08:02:05.0885 0x07e0 LADF_CaptureOnly - ok
08:02:05.0932 0x07e0 [ 28CDDC7D478A6313F55077416DCBD0DE, EE4174FC9444856DF0693D1A5F16EB88352A3B012AA82D49C462980703981A7A ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
08:02:05.0932 0x07e0 LADF_RenderOnly - ok
08:02:06.0041 0x07e0 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:02:06.0057 0x07e0 LanmanServer - ok
08:02:06.0119 0x07e0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:02:06.0135 0x07e0 LanmanWorkstation - ok
08:02:06.0197 0x07e0 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
08:02:06.0197 0x07e0 LGBusEnum - ok
08:02:06.0228 0x07e0 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
08:02:06.0228 0x07e0 LGVirHid - ok
08:02:06.0259 0x07e0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:02:06.0259 0x07e0 lltdio - ok
08:02:06.0337 0x07e0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:02:06.0369 0x07e0 lltdsvc - ok
08:02:06.0384 0x07e0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:02:06.0400 0x07e0 lmhosts - ok
08:02:06.0447 0x07e0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:02:06.0447 0x07e0 LSI_FC - ok
08:02:06.0493 0x07e0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:02:06.0493 0x07e0 LSI_SAS - ok
08:02:06.0525 0x07e0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:02:06.0525 0x07e0 LSI_SAS2 - ok
08:02:06.0540 0x07e0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:02:06.0540 0x07e0 LSI_SCSI - ok
08:02:06.0587 0x07e0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
08:02:06.0587 0x07e0 luafv - ok
08:02:06.0618 0x07e0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:02:06.0618 0x07e0 Mcx2Svc - ok
08:02:06.0634 0x07e0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:02:06.0634 0x07e0 megasas - ok
08:02:06.0696 0x07e0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:02:06.0727 0x07e0 MegaSR - ok
08:02:06.0821 0x07e0 Microsoft SharePoint Workspace Audit Service - ok
08:02:06.0868 0x07e0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
08:02:06.0868 0x07e0 MMCSS - ok
08:02:06.0899 0x07e0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
08:02:06.0899 0x07e0 Modem - ok
08:02:06.0930 0x07e0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:02:06.0930 0x07e0 monitor - ok
08:02:06.0961 0x07e0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:02:06.0961 0x07e0 mouclass - ok
08:02:07.0024 0x07e0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:02:07.0039 0x07e0 mouhid - ok
08:02:07.0055 0x07e0 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:02:07.0071 0x07e0 mountmgr - ok
08:02:07.0133 0x07e0 [ 0A68B3E37961CEC327EED518F6D62530, EDEB16545ECDDEA2ADFF73E4DF3E9FD87E4B7126C8CFB037ABAF883D157103DE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:02:07.0149 0x07e0 MozillaMaintenance - ok
08:02:07.0211 0x07e0 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
08:02:07.0242 0x07e0 mpio - ok
08:02:07.0289 0x07e0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:02:07.0289 0x07e0 mpsdrv - ok
08:02:07.0445 0x07e0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:02:07.0476 0x07e0 MpsSvc - ok
08:02:07.0523 0x07e0 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:02:07.0539 0x07e0 MRxDAV - ok
08:02:07.0601 0x07e0 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:02:07.0617 0x07e0 mrxsmb - ok
08:02:07.0648 0x07e0 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:02:07.0663 0x07e0 mrxsmb10 - ok
08:02:07.0663 0x07e0 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:02:07.0663 0x07e0 mrxsmb20 - ok
08:02:07.0695 0x07e0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
08:02:07.0695 0x07e0 msahci - ok
08:02:07.0710 0x07e0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:02:07.0726 0x07e0 msdsm - ok
08:02:07.0741 0x07e0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
08:02:07.0757 0x07e0 MSDTC - ok
08:02:07.0773 0x07e0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:02:07.0788 0x07e0 Msfs - ok
08:02:07.0788 0x07e0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:02:07.0804 0x07e0 mshidkmdf - ok
08:02:07.0819 0x07e0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:02:07.0819 0x07e0 msisadrv - ok
08:02:07.0851 0x07e0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:02:07.0851 0x07e0 MSiSCSI - ok
08:02:07.0866 0x07e0 msiserver - ok
08:02:07.0897 0x07e0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:02:07.0897 0x07e0 MSKSSRV - ok
08:02:07.0929 0x07e0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:02:07.0929 0x07e0 MSPCLOCK - ok
08:02:07.0975 0x07e0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:02:07.0991 0x07e0 MSPQM - ok
08:02:08.0038 0x07e0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:02:08.0053 0x07e0 MsRPC - ok
08:02:08.0085 0x07e0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:02:08.0085 0x07e0 mssmbios - ok
08:02:08.0100 0x07e0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:02:08.0100 0x07e0 MSTEE - ok
08:02:08.0131 0x07e0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:02:08.0131 0x07e0 MTConfig - ok
08:02:08.0147 0x07e0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
08:02:08.0147 0x07e0 Mup - ok
08:02:08.0241 0x07e0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
08:02:08.0256 0x07e0 napagent - ok
08:02:08.0303 0x07e0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:02:08.0303 0x07e0 NativeWifiP - ok
08:02:08.0428 0x07e0 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
08:02:08.0443 0x07e0 NDIS - ok
08:02:08.0475 0x07e0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:02:08.0475 0x07e0 NdisCap - ok
08:02:08.0506 0x07e0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:02:08.0506 0x07e0 NdisTapi - ok
08:02:08.0537 0x07e0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:02:08.0537 0x07e0 Ndisuio - ok
08:02:08.0584 0x07e0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:02:08.0584 0x07e0 NdisWan - ok
08:02:08.0615 0x07e0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:02:08.0631 0x07e0 NDProxy - ok
08:02:08.0662 0x07e0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:02:08.0662 0x07e0 NetBIOS - ok
08:02:08.0724 0x07e0 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:02:08.0771 0x07e0 NetBT - ok
08:02:08.0787 0x07e0 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon C:\Windows\system32\lsass.exe
08:02:08.0787 0x07e0 Netlogon - ok
08:02:08.0880 0x07e0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
08:02:08.0911 0x07e0 Netman - ok
08:02:08.0958 0x07e0 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:02:08.0974 0x07e0 NetMsmqActivator - ok
08:02:09.0005 0x07e0 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:02:09.0005 0x07e0 NetPipeActivator - ok
08:02:09.0036 0x07e0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
08:02:09.0052 0x07e0 netprofm - ok
08:02:09.0067 0x07e0 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:02:09.0067 0x07e0 NetTcpActivator - ok
08:02:09.0067 0x07e0 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:02:09.0083 0x07e0 NetTcpPortSharing - ok
08:02:09.0114 0x07e0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:02:09.0114 0x07e0 nfrd960 - ok
08:02:09.0161 0x07e0 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
08:02:09.0177 0x07e0 NlaSvc - ok
08:02:09.0192 0x07e0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:02:09.0192 0x07e0 Npfs - ok
08:02:09.0208 0x07e0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
08:02:09.0208 0x07e0 nsi - ok
08:02:09.0223 0x07e0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:02:09.0223 0x07e0 nsiproxy - ok
08:02:09.0301 0x07e0 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:02:09.0364 0x07e0 Ntfs - ok
08:02:09.0379 0x07e0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
08:02:09.0379 0x07e0 Null - ok
08:02:09.0411 0x07e0 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:02:09.0411 0x07e0 nvraid - ok
08:02:09.0442 0x07e0 [ AFDE3015BB8D76E26BEC3B287C5443A0, 6D4804392149EA9B8BC555D4BEBB84A39DE14E62ACCD7EEBBE21D2D8E37E32B0 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
08:02:09.0442 0x07e0 nvsmu - ok
08:02:09.0473 0x07e0 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:02:09.0473 0x07e0 nvstor - ok
08:02:09.0504 0x07e0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:02:09.0504 0x07e0 nv_agp - ok
08:02:09.0535 0x07e0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:02:09.0535 0x07e0 ohci1394 - ok
08:02:09.0645 0x07e0 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:02:09.0660 0x07e0 ose - ok
08:02:10.0097 0x07e0 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:02:10.0300 0x07e0 osppsvc - ok
08:02:10.0409 0x07e0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:02:10.0425 0x07e0 p2pimsvc - ok
08:02:10.0518 0x07e0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
08:02:10.0549 0x07e0 p2psvc - ok
08:02:10.0659 0x07e0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:02:10.0674 0x07e0 Parport - ok
08:02:10.0690 0x07e0 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:02:10.0705 0x07e0 partmgr - ok
08:02:10.0737 0x07e0 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:02:10.0737 0x07e0 PcaSvc - ok
08:02:10.0752 0x07e0 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
08:02:10.0768 0x07e0 pci - ok
08:02:10.0815 0x07e0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
08:02:10.0830 0x07e0 pciide - ok
08:02:10.0861 0x07e0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:02:10.0877 0x07e0 pcmcia - ok
08:02:10.0908 0x07e0 PCTINDIS5 - ok
08:02:10.0908 0x07e0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
08:02:10.0908 0x07e0 pcw - ok
08:02:10.0939 0x07e0 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:02:10.0955 0x07e0 PEAUTH - ok
08:02:11.0033 0x07e0 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:02:11.0064 0x07e0 PeerDistSvc - ok
08:02:11.0142 0x07e0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:02:11.0142 0x07e0 PerfHost - ok
08:02:11.0283 0x07e0 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
08:02:11.0345 0x07e0 pla - ok
08:02:11.0392 0x07e0 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:02:11.0407 0x07e0 PlugPlay - ok
08:02:11.0423 0x07e0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:02:11.0439 0x07e0 PNRPAutoReg - ok
08:02:11.0470 0x07e0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:02:11.0470 0x07e0 PNRPsvc - ok
08:02:11.0517 0x07e0 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:02:11.0532 0x07e0 PolicyAgent - ok
08:02:11.0548 0x07e0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
08:02:11.0563 0x07e0 Power - ok
08:02:11.0610 0x07e0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:02:11.0610 0x07e0 PptpMiniport - ok
08:02:11.0673 0x07e0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:02:11.0673 0x07e0 Processor - ok
08:02:11.0719 0x07e0 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
08:02:11.0735 0x07e0 ProfSvc - ok
08:02:11.0735 0x07e0 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:02:11.0751 0x07e0 ProtectedStorage - ok
08:02:11.0813 0x07e0 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:02:11.0813 0x07e0 Psched - ok
08:02:11.0875 0x07e0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:02:11.0922 0x07e0 ql2300 - ok
08:02:11.0938 0x07e0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:02:11.0953 0x07e0 ql40xx - ok
08:02:11.0985 0x07e0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
08:02:11.0985 0x07e0 QWAVE - ok
08:02:12.0000 0x07e0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:02:12.0016 0x07e0 QWAVEdrv - ok
08:02:12.0031 0x07e0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:02:12.0031 0x07e0 RasAcd - ok
08:02:12.0078 0x07e0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:02:12.0078 0x07e0 RasAgileVpn - ok
08:02:12.0109 0x07e0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
08:02:12.0109 0x07e0 RasAuto - ok
08:02:12.0141 0x07e0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:02:12.0141 0x07e0 Rasl2tp - ok
08:02:12.0172 0x07e0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
08:02:12.0203 0x07e0 RasMan - ok
08:02:12.0234 0x07e0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:02:12.0234 0x07e0 RasPppoe - ok
08:02:12.0250 0x07e0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:02:12.0250 0x07e0 RasSstp - ok
08:02:12.0343 0x07e0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:02:12.0359 0x07e0 rdbss - ok
08:02:12.0375 0x07e0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:02:12.0375 0x07e0 rdpbus - ok
08:02:12.0375 0x07e0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:02:12.0375 0x07e0 RDPCDD - ok
08:02:12.0437 0x07e0 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:02:12.0437 0x07e0 RDPDR - ok
08:02:12.0484 0x07e0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:02:12.0484 0x07e0 RDPENCDD - ok
08:02:12.0484 0x07e0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:02:12.0484 0x07e0 RDPREFMP - ok
08:02:12.0593 0x07e0 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:02:12.0593 0x07e0 RdpVideoMiniport - ok
08:02:12.0640 0x07e0 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:02:12.0671 0x07e0 RDPWD - ok
08:02:12.0718 0x07e0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:02:12.0733 0x07e0 rdyboost - ok
08:02:12.0765 0x07e0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:02:12.0765 0x07e0 RemoteAccess - ok
08:02:12.0843 0x07e0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:02:12.0843 0x07e0 RemoteRegistry - ok
08:02:12.0874 0x07e0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:02:12.0889 0x07e0 RpcEptMapper - ok
08:02:12.0905 0x07e0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
08:02:12.0905 0x07e0 RpcLocator - ok
08:02:12.0983 0x07e0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
08:02:12.0999 0x07e0 RpcSs - ok
08:02:13.0030 0x07e0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:02:13.0030 0x07e0 rspndr - ok
08:02:13.0077 0x07e0 [ ABCB5A38A0D85BDF69B7877E1AD1EED5, 44DF1A92E8FA53677A04C46088B0AD49F1F6A090820BE550A514C4FBFD91444D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:02:13.0077 0x07e0 RTL8167 - ok
08:02:13.0123 0x07e0 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
08:02:13.0139 0x07e0 s3cap - ok
08:02:13.0155 0x07e0 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs C:\Windows\system32\lsass.exe
08:02:13.0155 0x07e0 SamSs - ok
08:02:13.0217 0x07e0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:02:13.0233 0x07e0 sbp2port - ok
08:02:13.0248 0x07e0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:02:13.0264 0x07e0 SCardSvr - ok
08:02:13.0295 0x07e0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:02:13.0295 0x07e0 scfilter - ok
08:02:13.0357 0x07e0 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
08:02:13.0404 0x07e0 Schedule - ok
08:02:13.0420 0x07e0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:02:13.0420 0x07e0 SCPolicySvc - ok
08:02:13.0451 0x07e0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:02:13.0467 0x07e0 SDRSVC - ok
08:02:13.0513 0x07e0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:02:13.0513 0x07e0 secdrv - ok
08:02:13.0545 0x07e0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
08:02:13.0545 0x07e0 seclogon - ok
08:02:13.0576 0x07e0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
08:02:13.0576 0x07e0 SENS - ok
08:02:13.0591 0x07e0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:02:13.0607 0x07e0 SensrSvc - ok
08:02:13.0638 0x07e0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:02:13.0638 0x07e0 Serenum - ok
08:02:13.0669 0x07e0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:02:13.0669 0x07e0 Serial - ok
08:02:13.0716 0x07e0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:02:13.0716 0x07e0 sermouse - ok
08:02:13.0763 0x07e0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
08:02:13.0779 0x07e0 SessionEnv - ok
08:02:13.0794 0x07e0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:02:13.0794 0x07e0 sffdisk - ok
08:02:13.0810 0x07e0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:02:13.0810 0x07e0 sffp_mmc - ok
08:02:13.0825 0x07e0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:02:13.0825 0x07e0 sffp_sd - ok
08:02:13.0872 0x07e0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:02:13.0872 0x07e0 sfloppy - ok
08:02:13.0919 0x07e0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:02:13.0935 0x07e0 SharedAccess - ok
08:02:13.0997 0x07e0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:02:14.0013 0x07e0 ShellHWDetection - ok
08:02:14.0028 0x07e0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:02:14.0044 0x07e0 SiSRaid2 - ok
08:02:14.0075 0x07e0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:02:14.0075 0x07e0 SiSRaid4 - ok
08:02:14.0091 0x07e0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:02:14.0106 0x07e0 Smb - ok
08:02:14.0184 0x07e0 [ FDB6E127DF739D4911319F0C8D339CAF, 8A61851C07F686838BD0816683620B5856D3F698E5F1AEC5ECD75F69817287B1 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
08:02:14.0200 0x07e0 snapman - ok
08:02:14.0231 0x07e0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:02:14.0231 0x07e0 SNMPTRAP - ok
08:02:14.0262 0x07e0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
08:02:14.0262 0x07e0 spldr - ok
08:02:14.0356 0x07e0 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
08:02:14.0387 0x07e0 Spooler - ok
08:02:14.0574 0x07e0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
08:02:14.0683 0x07e0 sppsvc - ok
08:02:14.0715 0x07e0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:02:14.0746 0x07e0 sppuinotify - ok
08:02:14.0839 0x07e0 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:02:14.0855 0x07e0 srv - ok
08:02:14.0886 0x07e0 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:02:14.0886 0x07e0 srv2 - ok
08:02:14.0917 0x07e0 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:02:14.0917 0x07e0 srvnet - ok
08:02:14.0949 0x07e0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:02:14.0964 0x07e0 SSDPSRV - ok
08:02:14.0995 0x07e0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:02:15.0011 0x07e0 SstpSvc - ok
08:02:15.0042 0x07e0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:02:15.0042 0x07e0 stexstor - ok
08:02:15.0089 0x07e0 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
08:02:15.0089 0x07e0 StillCam - ok
08:02:15.0183 0x07e0 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
08:02:15.0214 0x07e0 stisvc - ok
08:02:15.0261 0x07e0 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
08:02:15.0261 0x07e0 storflt - ok
08:02:15.0276 0x07e0 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
08:02:15.0276 0x07e0 StorSvc - ok
08:02:15.0292 0x07e0 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
08:02:15.0292 0x07e0 storvsc - ok
08:02:15.0323 0x07e0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
08:02:15.0323 0x07e0 swenum - ok
08:02:15.0432 0x07e0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
08:02:15.0463 0x07e0 swprv - ok
08:02:15.0635 0x07e0 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
08:02:15.0682 0x07e0 SysMain - ok
08:02:15.0713 0x07e0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:02:15.0713 0x07e0 TabletInputService - ok
08:02:15.0744 0x07e0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
08:02:15.0760 0x07e0 TapiSrv - ok
08:02:15.0791 0x07e0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
08:02:15.0791 0x07e0 TBS - ok
08:02:15.0900 0x07e0 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:02:15.0978 0x07e0 Tcpip - ok
08:02:16.0103 0x07e0 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:02:16.0150 0x07e0 TCPIP6 - ok
08:02:16.0181 0x07e0 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:02:16.0197 0x07e0 tcpipreg - ok
08:02:16.0228 0x07e0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:02:16.0228 0x07e0 TDPIPE - ok
08:02:16.0259 0x07e0 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:02:16.0275 0x07e0 TDTCP - ok
08:02:16.0321 0x07e0 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:02:16.0321 0x07e0 tdx - ok
08:02:16.0337 0x07e0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
08:02:16.0353 0x07e0 TermDD - ok
08:02:16.0399 0x07e0 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
08:02:16.0431 0x07e0 TermService - ok
08:02:16.0462 0x07e0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
08:02:16.0477 0x07e0 Themes - ok
08:02:16.0493 0x07e0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
08:02:16.0509 0x07e0 THREADORDER - ok
08:02:16.0509 0x07e0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
08:02:16.0509 0x07e0 TrkWks - ok
08:02:16.0571 0x07e0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:02:16.0587 0x07e0 TrustedInstaller - ok
08:02:16.0633 0x07e0 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:02:16.0633 0x07e0 tssecsrv - ok
08:02:16.0680 0x07e0 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:02:16.0680 0x07e0 TsUsbFlt - ok
08:02:16.0743 0x07e0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:02:16.0758 0x07e0 tunnel - ok
08:02:16.0774 0x07e0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:02:16.0789 0x07e0 uagp35 - ok
08:02:16.0852 0x07e0 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:02:16.0852 0x07e0 udfs - ok
08:02:16.0883 0x07e0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:02:16.0883 0x07e0 UI0Detect - ok
08:02:16.0899 0x07e0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:02:16.0899 0x07e0 uliagpkx - ok
08:02:16.0930 0x07e0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:02:16.0945 0x07e0 umbus - ok
08:02:16.0992 0x07e0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:02:16.0992 0x07e0 UmPass - ok
08:02:17.0039 0x07e0 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
08:02:17.0055 0x07e0 UmRdpService - ok
08:02:17.0101 0x07e0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
08:02:17.0133 0x07e0 upnphost - ok
08:02:17.0164 0x07e0 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:02:17.0164 0x07e0 USBAAPL64 - ok
08:02:17.0242 0x07e0 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:02:17.0242 0x07e0 usbaudio - ok
08:02:17.0273 0x07e0 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:02:17.0273 0x07e0 usbccgp - ok
08:02:17.0335 0x07e0 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:02:17.0351 0x07e0 usbcir - ok
08:02:17.0367 0x07e0 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:02:17.0367 0x07e0 usbehci - ok
08:02:17.0491 0x07e0 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:02:17.0507 0x07e0 usbhub - ok
08:02:17.0523 0x07e0 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:02:17.0523 0x07e0 usbohci - ok
08:02:17.0569 0x07e0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:02:17.0585 0x07e0 usbprint - ok
08:02:17.0616 0x07e0 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:02:17.0616 0x07e0 usbscan - ok
08:02:17.0647 0x07e0 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:02:17.0647 0x07e0 USBSTOR - ok
08:02:17.0679 0x07e0 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:02:17.0679 0x07e0 usbuhci - ok
08:02:17.0694 0x07e0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
08:02:17.0694 0x07e0 UxSms - ok
08:02:17.0710 0x07e0 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc C:\Windows\system32\lsass.exe
08:02:17.0725 0x07e0 VaultSvc - ok
08:02:17.0819 0x07e0 [ CD74DB141650A8E131F30250381E5A77, C3F6CC4FA70D73A0453126AD6FB1A8A285A6B66EC2C661D9B4F798F8D9CB3976 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
08:02:17.0819 0x07e0 VBoxAswDrv - ok
08:02:17.0866 0x07e0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:02:17.0866 0x07e0 vdrvroot - ok
08:02:17.0944 0x07e0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
08:02:17.0959 0x07e0 vds - ok
08:02:17.0991 0x07e0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:02:17.0991 0x07e0 vga - ok
08:02:18.0006 0x07e0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:02:18.0006 0x07e0 VgaSave - ok
08:02:18.0053 0x07e0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:02:18.0069 0x07e0 vhdmp - ok
08:02:18.0100 0x07e0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
08:02:18.0100 0x07e0 viaide - ok
08:02:18.0147 0x07e0 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
08:02:18.0147 0x07e0 vmbus - ok
08:02:18.0162 0x07e0 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
08:02:18.0162 0x07e0 VMBusHID - ok
08:02:18.0193 0x07e0 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:02:18.0209 0x07e0 volmgr - ok
08:02:18.0287 0x07e0 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:02:18.0334 0x07e0 volmgrx - ok
08:02:18.0334 0x07e0 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:02:18.0349 0x07e0 volsnap - ok
08:02:18.0381 0x07e0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:02:18.0396 0x07e0 vsmraid - ok
08:02:18.0490 0x07e0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
08:02:18.0552 0x07e0 VSS - ok
08:02:18.0583 0x07e0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:02:18.0583 0x07e0 vwifibus - ok
08:02:18.0646 0x07e0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
08:02:18.0661 0x07e0 W32Time - ok
08:02:18.0677 0x07e0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:02:18.0677 0x07e0 WacomPen - ok
08:02:18.0724 0x07e0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:02:18.0724 0x07e0 WANARP - ok
08:02:18.0724 0x07e0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:02:18.0724 0x07e0 Wanarpv6 - ok
08:02:18.0942 0x07e0 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:02:18.0989 0x07e0 WatAdminSvc - ok
08:02:19.0161 0x07e0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
08:02:19.0207 0x07e0 wbengine - ok
08:02:19.0239 0x07e0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:02:19.0254 0x07e0 WbioSrvc - ok
08:02:19.0285 0x07e0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:02:19.0317 0x07e0 wcncsvc - ok
08:02:19.0348 0x07e0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:02:19.0348 0x07e0 WcsPlugInService - ok
08:02:19.0426 0x07e0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:02:19.0441 0x07e0 Wd - ok
08:02:19.0504 0x07e0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:02:19.0519 0x07e0 Wdf01000 - ok
08:02:19.0566 0x07e0 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:02:19.0582 0x07e0 WdiServiceHost - ok
08:02:19.0582 0x07e0 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:02:19.0582 0x07e0 WdiSystemHost - ok
08:02:19.0629 0x07e0 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
08:02:19.0629 0x07e0 WebClient - ok
08:02:19.0691 0x07e0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:02:19.0707 0x07e0 Wecsvc - ok
08:02:19.0707 0x07e0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:02:19.0722 0x07e0 wercplsupport - ok
08:02:19.0753 0x07e0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
08:02:19.0769 0x07e0 WerSvc - ok
08:02:19.0800 0x07e0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:02:19.0800 0x07e0 WfpLwf - ok
08:02:19.0831 0x07e0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:02:19.0831 0x07e0 WIMMount - ok
08:02:19.0863 0x07e0 WinDefend - ok
08:02:19.0863 0x07e0 WinHttpAutoProxySvc - ok
08:02:19.0956 0x07e0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:02:19.0956 0x07e0 Winmgmt - ok
08:02:20.0143 0x07e0 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
08:02:20.0237 0x07e0 WinRM - ok
08:02:20.0299 0x07e0 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:02:20.0299 0x07e0 WinUsb - ok
08:02:20.0346 0x07e0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:02:20.0377 0x07e0 Wlansvc - ok
08:02:20.0409 0x07e0 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:02:20.0424 0x07e0 wlcrasvc - ok
08:02:20.0533 0x07e0 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:02:20.0611 0x07e0 wlidsvc - ok
08:02:20.0658 0x07e0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:02:20.0658 0x07e0 WmiAcpi - ok
08:02:20.0705 0x07e0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:02:20.0705 0x07e0 wmiApSrv - ok
08:02:20.0752 0x07e0 WMPNetworkSvc - ok
08:02:20.0783 0x07e0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:02:20.0783 0x07e0 WPCSvc - ok
08:02:20.0814 0x07e0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:02:20.0830 0x07e0 WPDBusEnum - ok
08:02:20.0845 0x07e0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:02:20.0845 0x07e0 ws2ifsl - ok
08:02:20.0877 0x07e0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
08:02:20.0892 0x07e0 wscsvc - ok
08:02:20.0892 0x07e0 WSearch - ok
08:02:21.0064 0x07e0 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
08:02:21.0142 0x07e0 wuauserv - ok
08:02:21.0157 0x07e0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:02:21.0157 0x07e0 WudfPf - ok
08:02:21.0189 0x07e0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:02:21.0189 0x07e0 WUDFRd - ok
08:02:21.0204 0x07e0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:02:21.0220 0x07e0 wudfsvc - ok
08:02:21.0251 0x07e0 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
08:02:21.0267 0x07e0 WwanSvc - ok
08:02:21.0282 0x07e0 ================ Scan global ===============================
goalie79
Regular Member
 
Posts: 36
Joined: March 22nd, 2015, 10:39 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 115 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware