Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seems like zeroaccess, but nothing detected in scans?


  • This topic is locked This topic is locked
34 replies to this topic

#1 zuanne

zuanne

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 21 September 2013 - 11:01 AM

Hello,

Can you please help me? I have run several virus/malware/rootkit detection programs (malwarebytes, Kaspersky, Hitman Pro, Microsoft Security Essentials) and none of them find anything. However, lately when I've been online and click the back button, the page doesn't change, and the dropdown history list is filled with multiple entries of the same "adclick" link that I did not actually click on. So it seems like I've got some sort of zeroaccess or similar bug that clicks on ads, but it's not being detected.  Any suggestions you can give are much appreciated!

 

Thanks very much,

Suzanne

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.11.2
Run by Suzanne at 10:46:20 on 2013-09-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2417 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\VirginMobile\Broadband2Go\Broadband2Go.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/news/world/us_and_canada/
mWinlogon: Userinit = userinit.exe,
BHO: <No Name>: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: TBSB03657 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\iGive Button\tbunsbC4B7.tmp\tbcore3.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - <orphaned>
TB: iGive Button: {43989788-13D1-4BE7-8404-DB58166E06CD} - C:\Program Files (x86)\iGive Button\tbunsbC4B7.tmp\tbcore3.dll
TB: iGive Button: {43989788-13D1-4BE7-8404-DB58166E06CD} - C:\Program Files (x86)\iGive Button\tbunsbC4B7.tmp\tbcore3.dll
uRun: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:31 PM

Posted 23 September 2013 - 10:24 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

     
    Having said that....   YBCQLm4.gif   Let's get going!!  
    ----------
     
    weVCzW0.jpg Please download TDSSKiller
    • Double click TDSSKiller.exe
    • Press Start Scan but do nothing else as we are just looking for what is there.
    • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
    • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    81mYIKe.jpg  AdwCleaner
     
    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
    ----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 zuanne

zuanne
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 23 September 2013 - 04:35 PM

Thanks very much, Jeff!

FYI, one program that sometimes gets flagged as malware is "iGive" or "iGive Button"-- this is something I'd like to keep, please.

 

here are logs you requested:

 

TDSSKiller:

16:19:57.0032 4972 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

16:19:58.0124 4972 ============================================================

16:19:58.0124 4972 Current date / time: 2013/09/23 16:19:58.0124

16:19:58.0124 4972 SystemInfo:

16:19:58.0124 4972

16:19:58.0124 4972 OS Version: 6.1.7601 ServicePack: 1.0

16:19:58.0124 4972 Product type: Workstation

16:19:58.0124 4972 ComputerName: HARRYPUTER

16:19:58.0124 4972 UserName: Suzanne

16:19:58.0124 4972 Windows directory: C:\Windows

16:19:58.0124 4972 System windows directory: C:\Windows

16:19:58.0124 4972 Running under WOW64

16:19:58.0124 4972 Processor architecture: Intel x64

16:19:58.0124 4972 Number of processors: 2

16:19:58.0124 4972 Page size: 0x1000

16:19:58.0124 4972 Boot type: Normal boot

16:19:58.0124 4972 ============================================================

16:19:59.0684 4972 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:19:59.0699 4972 ============================================================

16:19:59.0699 4972 \Device\Harddisk0\DR0:

16:19:59.0699 4972 MBR partitions:

16:19:59.0699 4972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

16:19:59.0699 4972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x22496800

16:19:59.0699 4972 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x224FA800, BlocksNum 0x2744000

16:19:59.0699 4972 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x24C3E800, BlocksNum 0x7EF800

16:19:59.0699 4972 ============================================================

16:19:59.0840 4972 C: <-> \Device\Harddisk0\DR0\Partition2

16:20:00.0042 4972 D: <-> \Device\Harddisk0\DR0\Partition3

16:20:00.0089 4972 E: <-> \Device\Harddisk0\DR0\Partition4

16:20:00.0089 4972 ============================================================

16:20:00.0089 4972 Initialize success

16:20:00.0089 4972 ============================================================

16:20:02.0507 2992 ============================================================

16:20:02.0507 2992 Scan started

16:20:02.0507 2992 Mode: Manual;

16:20:02.0507 2992 ============================================================

16:20:05.0861 2992 ================ Scan system memory ========================

16:20:05.0861 2992 System memory - ok

16:20:05.0877 2992 ================ Scan services =============================

16:20:06.0532 2992 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

16:20:06.0548 2992 1394ohci - ok

16:20:06.0626 2992 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

16:20:06.0626 2992 ACPI - ok

16:20:06.0719 2992 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

16:20:06.0719 2992 AcpiPmi - ok

16:20:07.0125 2992 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

16:20:07.0125 2992 AdobeARMservice - ok

16:20:08.0076 2992 [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:20:08.0076 2992 AdobeFlashPlayerUpdateSvc - ok

16:20:08.0279 2992 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

16:20:08.0295 2992 adp94xx - ok

16:20:08.0451 2992 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

16:20:08.0466 2992 adpahci - ok

16:20:08.0607 2992 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

16:20:08.0607 2992 adpu320 - ok

16:20:08.0638 2992 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

16:20:08.0638 2992 AeLookupSvc - ok

16:20:08.0872 2992 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

16:20:08.0888 2992 AFD - ok

16:20:08.0966 2992 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

16:20:08.0966 2992 agp440 - ok

16:20:09.0059 2992 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

16:20:09.0075 2992 ALG - ok

16:20:09.0200 2992 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

16:20:09.0200 2992 aliide - ok

16:20:09.0309 2992 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

16:20:09.0309 2992 amdide - ok

16:20:09.0465 2992 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

16:20:09.0480 2992 AmdK8 - ok

16:20:09.0527 2992 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

16:20:09.0527 2992 AmdPPM - ok

16:20:09.0730 2992 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

16:20:09.0761 2992 amdsata - ok

16:20:09.0917 2992 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

16:20:09.0980 2992 amdsbs - ok

16:20:10.0151 2992 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

16:20:10.0151 2992 amdxata - ok

16:20:10.0432 2992 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

16:20:10.0432 2992 AppID - ok

16:20:10.0604 2992 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

16:20:10.0635 2992 AppIDSvc - ok

16:20:10.0931 2992 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

16:20:10.0978 2992 Appinfo - ok

16:20:11.0477 2992 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:20:11.0540 2992 Apple Mobile Device - ok

16:20:11.0696 2992 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

16:20:11.0696 2992 arc - ok

16:20:11.0820 2992 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

16:20:11.0820 2992 arcsas - ok

16:20:11.0930 2992 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

16:20:11.0930 2992 AsyncMac - ok

16:20:12.0070 2992 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

16:20:12.0070 2992 atapi - ok

16:20:12.0538 2992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:20:12.0600 2992 AudioEndpointBuilder - ok

16:20:12.0632 2992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

16:20:12.0647 2992 AudioSrv - ok

16:20:13.0006 2992 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

16:20:13.0037 2992 AxInstSV - ok

16:20:13.0209 2992 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

16:20:13.0224 2992 b06bdrv - ok

16:20:13.0396 2992 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

16:20:13.0412 2992 b57nd60a - ok

16:20:13.0521 2992 [ 752B923B2A042C06626F0F5471A03133 ] bcm C:\Windows\system32\DRIVERS\drxvi314_64.sys

16:20:13.0536 2992 bcm - ok

16:20:13.0848 2992 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

16:20:13.0864 2992 BCM43XX - ok

16:20:13.0973 2992 [ 26A8CCD69A4366C5D54AF6924E551A98 ] bcmbusctr C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys

16:20:13.0973 2992 bcmbusctr - ok

16:20:14.0129 2992 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

16:20:14.0145 2992 BDESVC - ok

16:20:14.0254 2992 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

16:20:14.0254 2992 Beep - ok

16:20:14.0753 2992 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

16:20:14.0816 2992 BFE - ok

16:20:15.0346 2992 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

16:20:15.0393 2992 BITS - ok

16:20:15.0486 2992 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

16:20:15.0486 2992 blbdrive - ok

16:20:15.0892 2992 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

16:20:15.0892 2992 Bonjour Service - ok

16:20:16.0017 2992 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

16:20:16.0017 2992 bowser - ok

16:20:16.0142 2992 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

16:20:16.0142 2992 BrFiltLo - ok

16:20:16.0235 2992 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

16:20:16.0235 2992 BrFiltUp - ok

16:20:16.0329 2992 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

16:20:16.0344 2992 Browser - ok

16:20:16.0594 2992 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

16:20:16.0703 2992 Brserid - ok

16:20:16.0797 2992 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

16:20:16.0797 2992 BrSerWdm - ok

16:20:16.0922 2992 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

16:20:16.0922 2992 BrUsbMdm - ok

16:20:17.0031 2992 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

16:20:17.0031 2992 BrUsbSer - ok

16:20:17.0187 2992 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

16:20:17.0187 2992 BTHMODEM - ok

16:20:17.0249 2992 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

16:20:17.0312 2992 bthserv - ok

16:20:17.0405 2992 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

16:20:17.0405 2992 cdfs - ok

16:20:17.0592 2992 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

16:20:17.0655 2992 cdrom - ok

16:20:17.0764 2992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

16:20:17.0780 2992 CertPropSvc - ok

16:20:17.0842 2992 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

16:20:17.0842 2992 circlass - ok

16:20:17.0951 2992 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

16:20:17.0951 2992 CLFS - ok

16:20:18.0123 2992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:20:18.0123 2992 clr_optimization_v2.0.50727_32 - ok

16:20:18.0341 2992 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:20:18.0357 2992 clr_optimization_v2.0.50727_64 - ok

16:20:18.0778 2992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:20:18.0965 2992 clr_optimization_v4.0.30319_32 - ok

16:20:19.0059 2992 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:20:19.0074 2992 clr_optimization_v4.0.30319_64 - ok

16:20:19.0199 2992 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys

16:20:19.0199 2992 clwvd - ok

16:20:19.0293 2992 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

16:20:19.0293 2992 CmBatt - ok

16:20:19.0355 2992 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

16:20:19.0355 2992 cmdide - ok

16:20:19.0433 2992 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

16:20:19.0433 2992 CNG - ok

16:20:19.0558 2992 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

16:20:19.0558 2992 Compbatt - ok

16:20:19.0636 2992 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

16:20:19.0652 2992 CompositeBus - ok

16:20:19.0683 2992 COMSysApp - ok

16:20:19.0745 2992 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

16:20:19.0745 2992 crcdisk - ok

16:20:19.0870 2992 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll

16:20:19.0886 2992 CryptSvc - ok

16:20:19.0964 2992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

16:20:19.0979 2992 DcomLaunch - ok

16:20:20.0042 2992 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

16:20:20.0057 2992 defragsvc - ok

16:20:20.0104 2992 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

16:20:20.0120 2992 DfsC - ok

16:20:20.0198 2992 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

16:20:20.0213 2992 Dhcp - ok

16:20:20.0525 2992 [ 2816852764A682EECAA2B1CAA7978DC2 ] DIFMBUS C:\Windows\system32\DRIVERS\DIFMBUS.sys

16:20:20.0525 2992 DIFMBUS - ok

16:20:20.0619 2992 [ EDB58F57059542241ACCF15FA56AF332 ] DIFMCDF C:\Windows\system32\DRIVERS\DIFMCDF.sys

16:20:20.0619 2992 DIFMCDF - ok

16:20:20.0744 2992 [ 031F9E001A0730A3A65032AB21B7B323 ] DIFMCVsp C:\Windows\system32\DRIVERS\DIFMCVsp.sys

16:20:20.0744 2992 DIFMCVsp - ok

16:20:20.0853 2992 [ B67C9651C0C1E81DB88099581BD3A433 ] DIFMMdm C:\Windows\system32\DRIVERS\DIFMMdm.sys

16:20:20.0853 2992 DIFMMdm - ok

16:20:20.0931 2992 [ 8E41358268172668638D9AD7BC88F989 ] DIFMNET C:\Windows\system32\DRIVERS\DIFMNET.sys

16:20:20.0946 2992 DIFMNET - ok

16:20:21.0258 2992 [ DF250D9BC1E71170FBB75068F1E5D85A ] DIFMNVsp C:\Windows\system32\DRIVERS\DIFMNVsp.sys

16:20:21.0274 2992 DIFMNVsp - ok

16:20:21.0383 2992 [ E96E74D32E3CD51078A16AFB84F43DF8 ] DIFMVsp C:\Windows\system32\DRIVERS\DIFMVsp.sys

16:20:21.0399 2992 DIFMVsp - ok

16:20:21.0446 2992 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

16:20:21.0461 2992 discache - ok

16:20:21.0633 2992 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

16:20:21.0633 2992 Disk - ok

16:20:21.0695 2992 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

16:20:21.0695 2992 Dnscache - ok

16:20:21.0773 2992 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

16:20:21.0773 2992 dot3svc - ok

16:20:21.0820 2992 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

16:20:21.0836 2992 DPS - ok

16:20:21.0929 2992 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

16:20:21.0945 2992 drmkaud - ok

16:20:22.0116 2992 [ 1A986E433B8EB2375F55961D993746B3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

16:20:22.0132 2992 DXGKrnl - ok

16:20:22.0210 2992 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

16:20:22.0210 2992 EapHost - ok

16:20:22.0740 2992 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

16:20:22.0865 2992 ebdrv - ok

16:20:22.0943 2992 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

16:20:22.0943 2992 EFS - ok

16:20:23.0177 2992 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

16:20:23.0224 2992 ehRecvr - ok

16:20:23.0318 2992 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

16:20:23.0318 2992 ehSched - ok

16:20:23.0552 2992 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

16:20:23.0630 2992 elxstor - ok

16:20:23.0676 2992 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

16:20:23.0692 2992 ErrDev - ok

16:20:23.0817 2992 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

16:20:23.0848 2992 EventSystem - ok

16:20:23.0942 2992 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

16:20:23.0942 2992 exfat - ok

16:20:23.0957 2992 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

16:20:23.0973 2992 fastfat - ok

16:20:24.0129 2992 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

16:20:24.0144 2992 Fax - ok

16:20:24.0176 2992 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

16:20:24.0176 2992 fdc - ok

16:20:24.0285 2992 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

16:20:24.0285 2992 fdPHost - ok

16:20:24.0332 2992 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

16:20:24.0332 2992 FDResPub - ok

16:20:24.0410 2992 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

16:20:24.0441 2992 FileInfo - ok

16:20:24.0472 2992 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

16:20:24.0472 2992 Filetrace - ok

16:20:24.0581 2992 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

16:20:24.0581 2992 flpydisk - ok

16:20:24.0690 2992 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

16:20:24.0690 2992 FltMgr - ok

16:20:24.0831 2992 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

16:20:24.0909 2992 FontCache - ok

16:20:25.0002 2992 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:20:25.0002 2992 FontCache3.0.0.0 - ok

16:20:25.0034 2992 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

16:20:25.0034 2992 FsDepends - ok

16:20:25.0065 2992 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

16:20:25.0065 2992 Fs_Rec - ok

16:20:25.0314 2992 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

16:20:25.0330 2992 fvevol - ok

16:20:25.0595 2992 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

16:20:25.0595 2992 gagp30kx - ok

16:20:25.0845 2992 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

16:20:25.0845 2992 GamesAppService - ok

16:20:25.0970 2992 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:20:25.0970 2992 GEARAspiWDM - ok

16:20:26.0126 2992 [ 9F5E8645FECD68C0ECC374F5A4AE068A ] gfiark C:\Windows\system32\drivers\gfiark.sys

16:20:26.0126 2992 gfiark - ok

16:20:26.0328 2992 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

16:20:26.0344 2992 gpsvc - ok

16:20:26.0391 2992 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

16:20:26.0391 2992 hcw85cir - ok

16:20:26.0547 2992 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

16:20:26.0562 2992 HdAudAddService - ok

16:20:26.0687 2992 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

16:20:26.0703 2992 HDAudBus - ok

16:20:26.0750 2992 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

16:20:26.0750 2992 HidBatt - ok

16:20:26.0796 2992 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

16:20:26.0796 2992 HidBth - ok

16:20:26.0890 2992 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

16:20:26.0906 2992 HidIr - ok

16:20:26.0968 2992 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

16:20:26.0968 2992 hidserv - ok

16:20:27.0062 2992 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

16:20:27.0077 2992 HidUsb - ok

16:20:27.0327 2992 [ FCE2251FE4464DCAA2F4684F19A8EE9B ] hitmanpro37 C:\Windows\system32\drivers\hitmanpro37.sys

16:20:27.0327 2992 hitmanpro37 - ok

16:20:27.0592 2992 [ 3EDAD05F378D4751E14CDA596A5E7E43 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe

16:20:27.0592 2992 HitmanProScheduler - ok

16:20:27.0670 2992 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

16:20:27.0670 2992 hkmsvc - ok

16:20:27.0764 2992 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

16:20:27.0764 2992 HomeGroupListener - ok

16:20:27.0842 2992 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

16:20:27.0857 2992 HomeGroupProvider - ok

16:20:28.0044 2992 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

16:20:28.0060 2992 HP Support Assistant Service - ok

16:20:28.0247 2992 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

16:20:28.0247 2992 HPClientSvc - ok

16:20:28.0575 2992 [ E07F8E78D08D9269E3365C2A4F637191 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

16:20:28.0590 2992 hpCMSrv - ok

16:20:28.0902 2992 [ 9BFDA0BC109EB6D16F2CB862BB85E28C ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

16:20:28.0918 2992 HPDrvMntSvc.exe - ok

16:20:29.0402 2992 [ 514455F6586473791C5C6B25BA4E1BAB ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

16:20:29.0417 2992 hpqwmiex - ok

16:20:29.0573 2992 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

16:20:29.0573 2992 HpSAMD - ok

16:20:29.0792 2992 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

16:20:29.0792 2992 HPWMISVC - ok

16:20:29.0948 2992 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

16:20:29.0963 2992 HTTP - ok

16:20:29.0979 2992 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

16:20:29.0979 2992 hwpolicy - ok

16:20:30.0041 2992 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

16:20:30.0041 2992 i8042prt - ok

16:20:30.0213 2992 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

16:20:30.0213 2992 iaStor - ok

16:20:30.0603 2992 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

16:20:30.0603 2992 IAStorDataMgrSvc - ok

16:20:30.0852 2992 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

16:20:30.0884 2992 iaStorV - ok

16:20:31.0695 2992 [ D3090576412EC63E0C6271D8B0974D73 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

16:20:31.0742 2992 IconMan_R - ok

16:20:32.0007 2992 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:20:32.0022 2992 idsvc - ok

16:20:33.0676 2992 [ 33FAA40B288002C89529DBD14F3AB72C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

16:20:33.0848 2992 igfx - ok

16:20:34.0004 2992 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

16:20:34.0004 2992 iirsp - ok

16:20:34.0160 2992 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

16:20:34.0175 2992 IKEEXT - ok

16:20:34.0347 2992 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

16:20:34.0362 2992 IntcDAud - ok

16:20:34.0565 2992 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

16:20:34.0565 2992 intelide - ok

16:20:34.0674 2992 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

16:20:34.0674 2992 intelppm - ok

16:20:34.0706 2992 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

16:20:34.0706 2992 IPBusEnum - ok

16:20:34.0737 2992 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:20:34.0737 2992 IpFilterDriver - ok

16:20:34.0830 2992 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

16:20:34.0830 2992 iphlpsvc - ok

16:20:34.0862 2992 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

16:20:34.0862 2992 IPMIDRV - ok

16:20:34.0908 2992 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

16:20:34.0924 2992 IPNAT - ok

16:20:35.0657 2992 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

16:20:35.0673 2992 iPod Service - ok

16:20:35.0767 2992 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

16:20:35.0767 2992 IRENUM - ok

16:20:35.0861 2992 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

16:20:35.0861 2992 isapnp - ok

16:20:35.0986 2992 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

16:20:36.0033 2992 iScsiPrt - ok

16:20:36.0079 2992 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

16:20:36.0079 2992 kbdclass - ok

16:20:36.0267 2992 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

16:20:36.0329 2992 kbdhid - ok

16:20:36.0391 2992 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

16:20:36.0391 2992 KeyIso - ok

16:20:36.0454 2992 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

16:20:36.0485 2992 KSecDD - ok

16:20:36.0547 2992 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

16:20:36.0579 2992 KSecPkg - ok

16:20:36.0610 2992 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

16:20:36.0610 2992 ksthunk - ok

16:20:36.0719 2992 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

16:20:36.0782 2992 KtmRm - ok

16:20:36.0954 2992 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

16:20:37.0016 2992 LanmanServer - ok

16:20:37.0141 2992 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:20:37.0157 2992 LanmanWorkstation - ok

16:20:37.0328 2992 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

16:20:37.0328 2992 lltdio - ok

16:20:37.0422 2992 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

16:20:37.0422 2992 lltdsvc - ok

16:20:37.0453 2992 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

16:20:37.0453 2992 lmhosts - ok

16:20:37.0578 2992 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

16:20:37.0594 2992 LMS - ok

16:20:37.0672 2992 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

16:20:37.0672 2992 LSI_FC - ok

16:20:37.0766 2992 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

16:20:37.0766 2992 LSI_SAS - ok

16:20:37.0891 2992 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

16:20:37.0922 2992 LSI_SAS2 - ok

16:20:38.0063 2992 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

16:20:38.0078 2992 LSI_SCSI - ok

16:20:38.0172 2992 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

16:20:38.0172 2992 luafv - ok

16:20:38.0250 2992 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

16:20:38.0265 2992 Mcx2Svc - ok

16:20:38.0312 2992 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

16:20:38.0312 2992 megasas - ok

16:20:38.0468 2992 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

16:20:38.0468 2992 MegaSR - ok

16:20:38.0562 2992 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

16:20:38.0562 2992 MEIx64 - ok

16:20:38.0640 2992 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

16:20:38.0655 2992 MMCSS - ok

16:20:38.0702 2992 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

16:20:38.0702 2992 Modem - ok

16:20:38.0781 2992 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

16:20:38.0781 2992 monitor - ok

16:20:38.0875 2992 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

16:20:38.0875 2992 mouclass - ok

16:20:39.0015 2992 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

16:20:39.0015 2992 mouhid - ok

16:20:39.0062 2992 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

16:20:39.0062 2992 mountmgr - ok

16:20:39.0312 2992 [ FC1D590039EF06A381768710E6C07E75 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

16:20:39.0312 2992 MpFilter - ok

16:20:39.0436 2992 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

16:20:39.0436 2992 mpio - ok

16:20:39.0514 2992 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

16:20:39.0514 2992 mpsdrv - ok

16:20:39.0655 2992 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

16:20:39.0843 2992 MpsSvc - ok

16:20:39.0937 2992 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

16:20:39.0952 2992 MRxDAV - ok

16:20:40.0030 2992 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

16:20:40.0030 2992 mrxsmb - ok

16:20:40.0093 2992 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:20:40.0093 2992 mrxsmb10 - ok

16:20:40.0124 2992 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:20:40.0124 2992 mrxsmb20 - ok

16:20:40.0202 2992 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

16:20:40.0202 2992 msahci - ok

16:20:40.0342 2992 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

16:20:40.0342 2992 msdsm - ok

16:20:40.0420 2992 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

16:20:40.0420 2992 MSDTC - ok

16:20:40.0436 2992 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

16:20:40.0451 2992 Msfs - ok

16:20:40.0467 2992 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

16:20:40.0483 2992 mshidkmdf - ok

16:20:40.0576 2992 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

16:20:40.0576 2992 msisadrv - ok

16:20:40.0717 2992 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

16:20:40.0779 2992 MSiSCSI - ok

16:20:40.0779 2992 msiserver - ok

16:20:40.0858 2992 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

16:20:40.0858 2992 MSKSSRV - ok

16:20:41.0108 2992 [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

16:20:41.0108 2992 MsMpSvc - ok

16:20:41.0232 2992 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

16:20:41.0232 2992 MSPCLOCK - ok

16:20:41.0310 2992 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

16:20:41.0310 2992 MSPQM - ok

16:20:41.0404 2992 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

16:20:41.0404 2992 MsRPC - ok

16:20:41.0451 2992 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

16:20:41.0451 2992 mssmbios - ok

16:20:41.0544 2992 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

16:20:41.0544 2992 MSTEE - ok

16:20:41.0576 2992 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

16:20:41.0576 2992 MTConfig - ok

16:20:41.0700 2992 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

16:20:41.0700 2992 Mup - ok

16:20:41.0810 2992 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

16:20:41.0842 2992 napagent - ok

16:20:41.0982 2992 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

16:20:41.0982 2992 NativeWifiP - ok

16:20:42.0138 2992 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

16:20:42.0154 2992 NDIS - ok

16:20:42.0247 2992 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

16:20:42.0247 2992 NdisCap - ok

16:20:42.0325 2992 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

16:20:42.0341 2992 NdisTapi - ok

16:20:42.0403 2992 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

16:20:42.0403 2992 Ndisuio - ok

16:20:42.0466 2992 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

16:20:42.0466 2992 NdisWan - ok

16:20:42.0497 2992 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

16:20:42.0497 2992 NDProxy - ok

16:20:42.0575 2992 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

16:20:42.0575 2992 NetBIOS - ok

16:20:42.0669 2992 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

16:20:42.0684 2992 NetBT - ok

16:20:42.0731 2992 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

16:20:42.0731 2992 Netlogon - ok

16:20:42.0872 2992 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

16:20:42.0872 2992 Netman - ok

16:20:43.0060 2992 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

16:20:43.0075 2992 netprofm - ok

16:20:43.0574 2992 [ 31609B481CC202BFB441E37FEBCDEA05 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys

16:20:43.0606 2992 netr28x - ok

16:20:43.0699 2992 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:20:43.0699 2992 NetTcpPortSharing - ok

16:20:43.0824 2992 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

16:20:43.0840 2992 nfrd960 - ok

16:20:44.0028 2992 [ 8FB3C853E886E1E4D57271672486111C ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

16:20:44.0028 2992 NisDrv - ok

16:20:44.0246 2992 [ 869A808253726EA11939EC4FE76346A4 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

16:20:44.0262 2992 NisSrv - ok

16:20:44.0402 2992 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

16:20:44.0402 2992 NlaSvc - ok

16:20:44.0465 2992 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

16:20:44.0480 2992 Npfs - ok

16:20:44.0543 2992 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

16:20:44.0558 2992 nsi - ok

16:20:44.0589 2992 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

16:20:44.0605 2992 nsiproxy - ok

16:20:45.0058 2992 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

16:20:45.0168 2992 Ntfs - ok

16:20:45.0230 2992 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

16:20:45.0230 2992 Null - ok

16:20:45.0495 2992 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys

16:20:45.0511 2992 NVENETFD - ok

16:20:45.0636 2992 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

16:20:45.0636 2992 nvraid - ok

16:20:45.0776 2992 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

16:20:45.0776 2992 nvstor - ok

16:20:45.0870 2992 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

16:20:45.0870 2992 nv_agp - ok

16:20:47.0055 2992 [ FEE3805E73BA23CBE880A7CBF7C5CAF2 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

16:20:47.0086 2992 OfficeSvc - ok

16:20:47.0180 2992 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

16:20:47.0196 2992 ohci1394 - ok

16:20:47.0398 2992 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:20:47.0398 2992 ose - ok

16:20:48.0476 2992 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:20:48.0569 2992 osppsvc - ok

16:20:48.0679 2992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

16:20:48.0679 2992 p2pimsvc - ok

16:20:48.0819 2992 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

16:20:48.0850 2992 p2psvc - ok

16:20:48.0881 2992 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

16:20:48.0881 2992 Parport - ok

16:20:48.0929 2992 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

16:20:48.0929 2992 partmgr - ok

16:20:49.0038 2992 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

16:20:49.0038 2992 PcaSvc - ok

16:20:49.0116 2992 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

16:20:49.0116 2992 pci - ok

16:20:49.0179 2992 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

16:20:49.0179 2992 pciide - ok

16:20:49.0241 2992 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

16:20:49.0241 2992 pcmcia - ok

16:20:49.0304 2992 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

16:20:49.0304 2992 pcw - ok

16:20:49.0382 2992 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

16:20:49.0397 2992 PEAUTH - ok

16:20:49.0725 2992 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

16:20:49.0725 2992 PerfHost - ok

16:20:49.0865 2992 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

16:20:49.0912 2992 pla - ok

16:20:49.0991 2992 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

16:20:49.0991 2992 PlugPlay - ok

16:20:50.0053 2992 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

16:20:50.0053 2992 PNRPAutoReg - ok

16:20:50.0147 2992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

16:20:50.0147 2992 PNRPsvc - ok

16:20:50.0287 2992 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

16:20:50.0303 2992 PolicyAgent - ok

16:20:50.0334 2992 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

16:20:50.0350 2992 Power - ok

16:20:50.0443 2992 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

16:20:50.0459 2992 PptpMiniport - ok

16:20:50.0521 2992 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

16:20:50.0521 2992 Processor - ok

16:20:50.0693 2992 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

16:20:50.0693 2992 ProfSvc - ok

16:20:50.0740 2992 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

16:20:50.0740 2992 ProtectedStorage - ok

16:20:50.0818 2992 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

16:20:50.0818 2992 Psched - ok

16:20:51.0458 2992 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

16:20:51.0521 2992 ql2300 - ok

16:20:51.0630 2992 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

16:20:51.0630 2992 ql40xx - ok

16:20:51.0724 2992 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

16:20:51.0739 2992 QWAVE - ok

16:20:51.0786 2992 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

16:20:51.0786 2992 QWAVEdrv - ok

16:20:51.0817 2992 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

16:20:51.0817 2992 RasAcd - ok

16:20:51.0926 2992 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

16:20:51.0926 2992 RasAgileVpn - ok

16:20:51.0989 2992 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

16:20:51.0989 2992 RasAuto - ok

16:20:52.0067 2992 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

16:20:52.0067 2992 Rasl2tp - ok

16:20:52.0129 2992 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

16:20:52.0145 2992 RasMan - ok

16:20:52.0223 2992 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

16:20:52.0223 2992 RasPppoe - ok

16:20:52.0270 2992 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

16:20:52.0270 2992 RasSstp - ok

16:20:52.0332 2992 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

16:20:52.0332 2992 rdbss - ok

16:20:52.0410 2992 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

16:20:52.0410 2992 rdpbus - ok

16:20:52.0504 2992 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

16:20:52.0504 2992 RDPCDD - ok

16:20:52.0582 2992 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

16:20:52.0582 2992 RDPENCDD - ok

16:20:52.0675 2992 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

16:20:52.0675 2992 RDPREFMP - ok

16:20:52.0816 2992 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

16:20:52.0816 2992 RDPWD - ok

16:20:52.0909 2992 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

16:20:52.0909 2992 rdyboost - ok

16:20:52.0956 2992 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

16:20:52.0972 2992 RemoteAccess - ok

16:20:53.0096 2992 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

16:20:53.0096 2992 RemoteRegistry - ok

16:20:53.0159 2992 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

16:20:53.0174 2992 RpcEptMapper - ok

16:20:53.0206 2992 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

16:20:53.0206 2992 RpcLocator - ok

16:20:53.0299 2992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

16:20:53.0315 2992 RpcSs - ok

16:20:53.0393 2992 [ 6E5C3D18C3BCC72AA527DBC5FA61AB8F ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys

16:20:53.0393 2992 RSPCIESTOR - ok

16:20:53.0486 2992 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

16:20:53.0486 2992 rspndr - ok

16:20:53.0705 2992 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

16:20:53.0720 2992 RTL8167 - ok

16:20:53.0752 2992 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

16:20:53.0752 2992 SamSs - ok

16:20:53.0830 2992 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

16:20:53.0830 2992 sbp2port - ok

16:20:53.0923 2992 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

16:20:53.0923 2992 SCardSvr - ok

16:20:53.0970 2992 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

16:20:53.0970 2992 scfilter - ok

16:20:54.0157 2992 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

16:20:54.0220 2992 Schedule - ok

16:20:54.0251 2992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

16:20:54.0251 2992 SCPolicySvc - ok

16:20:54.0344 2992 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

16:20:54.0344 2992 sdbus - ok

16:20:54.0407 2992 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

16:20:54.0422 2992 SDRSVC - ok

16:20:54.0485 2992 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

16:20:54.0500 2992 secdrv - ok

16:20:54.0516 2992 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

16:20:54.0516 2992 seclogon - ok

16:20:54.0563 2992 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

16:20:54.0563 2992 SENS - ok

16:20:54.0610 2992 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

16:20:54.0625 2992 SensrSvc - ok

16:20:54.0672 2992 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

16:20:54.0672 2992 Serenum - ok

16:20:54.0750 2992 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

16:20:54.0750 2992 Serial - ok

16:20:54.0875 2992 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

16:20:54.0875 2992 sermouse - ok

16:20:54.0937 2992 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

16:20:54.0937 2992 SessionEnv - ok

16:20:54.0968 2992 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

16:20:54.0968 2992 sffdisk - ok

16:20:55.0046 2992 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

16:20:55.0046 2992 sffp_mmc - ok

16:20:55.0078 2992 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

16:20:55.0078 2992 sffp_sd - ok

16:20:55.0124 2992 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

16:20:55.0124 2992 sfloppy - ok

16:20:55.0249 2992 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

16:20:55.0249 2992 SharedAccess - ok

16:20:55.0358 2992 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:20:55.0374 2992 ShellHWDetection - ok

16:20:55.0499 2992 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

16:20:55.0499 2992 SiSRaid2 - ok

16:20:55.0530 2992 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

16:20:55.0530 2992 SiSRaid4 - ok

16:20:55.0904 2992 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

16:20:55.0904 2992 SkypeUpdate - ok

16:20:55.0967 2992 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

16:20:55.0967 2992 Smb - ok

16:20:56.0076 2992 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

16:20:56.0076 2992 SNMPTRAP - ok

16:20:56.0123 2992 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

16:20:56.0123 2992 spldr - ok

16:20:56.0232 2992 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

16:20:56.0263 2992 Spooler - ok

16:20:57.0043 2992 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

16:20:57.0184 2992 sppsvc - ok

16:20:57.0199 2992 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

16:20:57.0199 2992 sppuinotify - ok

16:20:57.0433 2992 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

16:20:57.0449 2992 srv - ok

16:20:57.0542 2992 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

16:20:57.0542 2992 srv2 - ok

16:20:57.0698 2992 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

16:20:57.0698 2992 SrvHsfHDA - ok

16:20:58.0198 2992 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

16:20:58.0244 2992 SrvHsfV92 - ok

16:20:58.0541 2992 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

16:20:58.0556 2992 SrvHsfWinac - ok

16:20:58.0666 2992 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

16:20:58.0681 2992 srvnet - ok

16:20:58.0806 2992 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

16:20:58.0822 2992 SSDPSRV - ok

16:20:58.0868 2992 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

16:20:58.0868 2992 SstpSvc - ok

16:20:59.0196 2992 [ 7BF818B11C1FEDC3E76D233124470A30 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

16:20:59.0212 2992 STacSV - ok

16:20:59.0274 2992 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

16:20:59.0274 2992 stexstor - ok

16:20:59.0430 2992 [ EBC1A5E076A9BE314D3D9E8ED19ABB0A ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

16:20:59.0446 2992 STHDA - ok

16:20:59.0633 2992 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

16:20:59.0648 2992 stisvc - ok

16:20:59.0680 2992 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

16:20:59.0680 2992 swenum - ok

16:20:59.0836 2992 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

16:20:59.0851 2992 swprv - ok

16:21:00.0366 2992 [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

16:21:00.0382 2992 SynTP - ok

16:21:00.0600 2992 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

16:21:00.0647 2992 SysMain - ok

16:21:00.0678 2992 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:21:00.0694 2992 TabletInputService - ok

16:21:00.0740 2992 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

16:21:00.0756 2992 TapiSrv - ok

16:21:00.0787 2992 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

16:21:00.0787 2992 TBS - ok

16:21:01.0520 2992 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

16:21:01.0552 2992 Tcpip - ok

16:21:02.0051 2992 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

16:21:02.0082 2992 TCPIP6 - ok

16:21:02.0144 2992 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

16:21:02.0160 2992 tcpipreg - ok

16:21:02.0238 2992 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

16:21:02.0238 2992 TDPIPE - ok

16:21:02.0300 2992 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

16:21:02.0300 2992 TDTCP - ok

16:21:02.0363 2992 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

16:21:02.0363 2992 tdx - ok

16:21:02.0410 2992 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

16:21:02.0410 2992 TermDD - ok

16:21:02.0503 2992 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

16:21:02.0519 2992 TermService - ok

16:21:02.0534 2992 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

16:21:02.0550 2992 Themes - ok

16:21:02.0566 2992 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

16:21:02.0581 2992 THREADORDER - ok

16:21:02.0659 2992 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

16:21:02.0675 2992 TrkWks - ok

16:21:02.0800 2992 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:21:02.0800 2992 TrustedInstaller - ok

16:21:02.0862 2992 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

16:21:02.0862 2992 tssecsrv - ok

16:21:03.0034 2992 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

16:21:03.0034 2992 TsUsbFlt - ok

16:21:03.0080 2992 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

16:21:03.0080 2992 TsUsbGD - ok

16:21:03.0190 2992 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

16:21:03.0190 2992 tunnel - ok

16:21:03.0236 2992 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

16:21:03.0236 2992 uagp35 - ok

16:21:03.0346 2992 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

16:21:03.0361 2992 udfs - ok

16:21:03.0392 2992 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

16:21:03.0392 2992 UI0Detect - ok

16:21:03.0486 2992 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

16:21:03.0486 2992 uliagpkx - ok

16:21:03.0564 2992 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

16:21:03.0580 2992 umbus - ok

16:21:03.0611 2992 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

16:21:03.0611 2992 UmPass - ok

16:21:04.0172 2992 [ 758C2CE427C343F780A205E28555C98D ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

16:21:04.0219 2992 UNS - ok

16:21:04.0297 2992 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

16:21:04.0313 2992 upnphost - ok

16:21:04.0375 2992 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

16:21:04.0375 2992 usbccgp - ok

16:21:04.0422 2992 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

16:21:04.0422 2992 usbcir - ok

16:21:04.0484 2992 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

16:21:04.0484 2992 usbehci - ok

16:21:04.0562 2992 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

16:21:04.0562 2992 usbhub - ok

16:21:04.0609 2992 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

16:21:04.0609 2992 usbohci - ok

16:21:04.0672 2992 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

16:21:04.0672 2992 usbprint - ok

16:21:04.0750 2992 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

16:21:04.0750 2992 usbscan - ok

16:21:04.0812 2992 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:21:04.0812 2992 USBSTOR - ok

16:21:04.0843 2992 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

16:21:04.0843 2992 usbuhci - ok

16:21:04.0921 2992 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

16:21:04.0921 2992 usbvideo - ok

16:21:05.0093 2992 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys

16:21:05.0093 2992 usb_rndisx - ok

16:21:05.0155 2992 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

16:21:05.0155 2992 UxSms - ok

16:21:05.0171 2992 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

16:21:05.0186 2992 VaultSvc - ok

16:21:05.0233 2992 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

16:21:05.0233 2992 vdrvroot - ok

16:21:05.0311 2992 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

16:21:05.0327 2992 vds - ok

16:21:05.0436 2992 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

16:21:05.0452 2992 vga - ok

16:21:05.0467 2992 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

16:21:05.0467 2992 VgaSave - ok

16:21:05.0545 2992 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

16:21:05.0561 2992 vhdmp - ok

16:21:05.0639 2992 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

16:21:05.0639 2992 viaide - ok

16:21:05.0701 2992 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

16:21:05.0701 2992 volmgr - ok

16:21:05.0810 2992 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

16:21:05.0810 2992 volmgrx - ok

16:21:05.0935 2992 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys

16:21:05.0935 2992 volsnap - ok

16:21:06.0107 2992 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

16:21:06.0107 2992 vsmraid - ok

16:21:06.0528 2992 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

16:21:06.0606 2992 VSS - ok

16:21:06.0715 2992 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

16:21:06.0715 2992 vwifibus - ok

16:21:06.0809 2992 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

16:21:06.0809 2992 vwififlt - ok

16:21:06.0934 2992 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

16:21:06.0949 2992 vwifimp - ok

16:21:07.0027 2992 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

16:21:07.0043 2992 W32Time - ok

16:21:07.0105 2992 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

16:21:07.0105 2992 WacomPen - ok

16:21:07.0262 2992 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

16:21:07.0278 2992 WANARP - ok

16:21:07.0325 2992 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

16:21:07.0325 2992 Wanarpv6 - ok

16:21:07.0949 2992 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

16:21:08.0058 2992 WatAdminSvc - ok

16:21:08.0308 2992 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

16:21:08.0371 2992 wbengine - ok

16:21:08.0496 2992 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

16:21:08.0496 2992 WbioSrvc - ok

16:21:08.0605 2992 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

16:21:08.0620 2992 wcncsvc - ok

16:21:08.0667 2992 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:21:08.0683 2992 WcsPlugInService - ok

16:21:08.0745 2992 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

16:21:08.0745 2992 Wd - ok

16:21:08.0979 2992 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

16:21:09.0261 2992 Wdf01000 - ok

16:21:09.0292 2992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

16:21:09.0292 2992 WdiServiceHost - ok

16:21:09.0308 2992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

16:21:09.0308 2992 WdiSystemHost - ok

16:21:09.0401 2992 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

16:21:09.0417 2992 WebClient - ok

16:21:09.0495 2992 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

16:21:09.0495 2992 Wecsvc - ok

16:21:09.0526 2992 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

16:21:09.0542 2992 wercplsupport - ok

16:21:09.0604 2992 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

16:21:09.0620 2992 WerSvc - ok

16:21:09.0713 2992 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

16:21:09.0713 2992 WfpLwf - ok

16:21:09.0760 2992 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

16:21:09.0760 2992 WIMMount - ok

16:21:09.0823 2992 WinDefend - ok

16:21:09.0869 2992 WinHttpAutoProxySvc - ok

16:21:10.0213 2992 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

16:21:10.0213 2992 Winmgmt - ok

16:21:10.0790 2992 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

16:21:10.0883 2992 WinRM - ok

16:21:11.0071 2992 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

16:21:11.0071 2992 WinUsb - ok

16:21:11.0243 2992 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

16:21:11.0259 2992 Wlansvc - ok

16:21:11.0415 2992 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

16:21:11.0415 2992 wlcrasvc - ok

16:21:12.0227 2992 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:21:12.0274 2992 wlidsvc - ok

16:21:12.0383 2992 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

16:21:12.0383 2992 WmiAcpi - ok

16:21:12.0492 2992 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

16:21:12.0508 2992 wmiApSrv - ok

16:21:12.0617 2992 WMPNetworkSvc - ok

16:21:12.0711 2992 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

16:21:12.0711 2992 WPCSvc - ok

16:21:12.0742 2992 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

16:21:12.0757 2992 WPDBusEnum - ok

16:21:12.0851 2992 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

16:21:12.0851 2992 ws2ifsl - ok

16:21:12.0929 2992 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

16:21:12.0929 2992 wscsvc - ok

16:21:12.0945 2992 WSearch - ok

16:21:13.0304 2992 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

16:21:13.0648 2992 wuauserv - ok

16:21:13.0694 2992 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

16:21:13.0694 2992 WudfPf - ok

16:21:13.0819 2992 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

16:21:13.0835 2992 WUDFRd - ok

16:21:13.0928 2992 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

16:21:13.0944 2992 wudfsvc - ok

16:21:14.0053 2992 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

16:21:14.0069 2992 WwanSvc - ok

16:21:14.0225 2992 ================ Scan global ===============================

16:21:14.0318 2992 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

16:21:14.0428 2992 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll

16:21:14.0490 2992 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll

16:21:14.0568 2992 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

16:21:14.0786 2992 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

16:21:14.0802 2992 [Global] - ok

16:21:14.0802 2992 ================ Scan MBR ==================================

16:21:14.0833 2992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

16:21:15.0629 2992 \Device\Harddisk0\DR0 - ok

16:21:15.0629 2992 ================ Scan VBR ==================================

16:21:15.0691 2992 [ 41498973CB42656CAB04B1B4C883B4CB ] \Device\Harddisk0\DR0\Partition1

16:21:15.0691 2992 \Device\Harddisk0\DR0\Partition1 - ok

16:21:15.0722 2992 [ EED4A403BCABCC4D4FCC29F27B28E92C ] \Device\Harddisk0\DR0\Partition2

16:21:15.0722 2992 \Device\Harddisk0\DR0\Partition2 - ok

16:21:15.0800 2992 [ 5F6A87103E605D2C69A1F1CD4288086C ] \Device\Harddisk0\DR0\Partition3

16:21:15.0800 2992 \Device\Harddisk0\DR0\Partition3 - ok

16:21:15.0863 2992 [ 47AAB6973FCBDC7E01EB0342AB0CEDEA ] \Device\Harddisk0\DR0\Partition4

16:21:15.0878 2992 \Device\Harddisk0\DR0\Partition4 - ok

16:21:15.0878 2992 ============================================================

16:21:15.0878 2992 Scan finished

16:21:15.0878 2992 ============================================================

16:21:15.0894 2556 Detected object count: 0

16:21:15.0894 2556 Actual detected object count: 0

 

And ADWCleaner:

# AdwCleaner v3.005 - Report created 23/09/2013 at 16:29:09
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Suzanne - HARRYPUTER
# Running from : C:\Users\Suzanne\Documents\Anti-Virus\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Users\Suzanne\AppData\LocalLow\Toolbar4

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\wecarereminder
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\wecarereminder
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TBSB03657.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB03657.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB03657.TBSB03657
Key Found : HKLM\SOFTWARE\Classes\TBSB03657.TBSB03657.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB03657
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB03657
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB03657.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB03657.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [8065 octets] - [22/09/2013 18:59:45]
AdwCleaner[R1].txt - [7953 octets] - [23/09/2013 16:29:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [8013 octets] ##########



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:31 PM

Posted 23 September 2013 - 09:41 PM

81mYIKe.jpgAdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 zuanne

zuanne
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 24 September 2013 - 07:02 AM

Good Morning, Jeff,

I ran AdwCleaner as instructed, and here is the post-cleaning report:

 

# AdwCleaner v3.005 - Report created 24/09/2013 at 06:49:25
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Suzanne - HARRYPUTER
# Running from : C:\Users\Suzanne\Documents\Anti-Virus\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Suzanne\AppData\LocalLow\Toolbar4

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\TBSB03657.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB03657.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB03657.TBSB03657
Key Deleted : HKLM\SOFTWARE\Classes\TBSB03657.TBSB03657.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB03657
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB03657.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [8065 octets] - [22/09/2013 18:59:45]
AdwCleaner[R1].txt - [8125 octets] - [23/09/2013 16:29:09]
AdwCleaner[R2].txt - [8185 octets] - [24/09/2013 06:43:14]
AdwCleaner[S0].txt - [7731 octets] - [24/09/2013 06:49:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7791 octets] ##########

 

Thank you!



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:31 PM

Posted 24 September 2013 - 07:05 AM

Hi,
 
Good job!  Let's continue....
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 zuanne

zuanne
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 24 September 2013 - 05:05 PM

Hi Jeff,

no "illegal operation" message came up when I ran ComboFix, and here is the log:

 

ComboFix 13-09-24.02 - Suzanne 09/24/2013  16:29:10.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2566 [GMT -5:00]
Running from: c:\users\Suzanne\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Microsoft Office\WINWORD.EXE
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-24 to 2013-09-24  )))))))))))))))))))))))))))))))
.
.
2013-09-24 21:40 . 2013-09-24 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-23 12:28 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91B29DBC-8427-45DF-A66C-3E05ACA7B945}\mpengine.dll
2013-09-22 23:59 . 2013-09-24 11:49 -------- d-----w- C:\AdwCleaner
2013-09-22 11:44 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-12 11:54 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-12 11:54 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-12 11:54 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-12 11:54 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-12 11:54 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-09-08 12:38 . 2013-09-08 12:37 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4AA5075F-9490-49F9-88B3-788A4ED80196}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 21:29 . 2012-09-11 22:30 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 21:29 . 2011-10-15 04:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 12:08 . 2012-07-21 20:34 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-24 13:13 . 2012-09-28 11:08 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-14 23:04 . 2013-05-17 00:35 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-08-02 01:48 . 2013-09-12 11:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 12:01 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 12:01 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 22:09 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 22:09 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 22:16 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 11:59 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 22:16 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 22:16 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 22:16 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 11:59 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 22:16 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 22:16 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 22:16 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 22:16 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 11:53 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{43989788-13D1-4BE7-8404-DB58166E06CD}"= "c:\program files (x86)\iGive Button\tbunsbC4B7.tmp\tbcore3.dll" [2012-06-27 2673528]
.
[HKEY_CLASSES_ROOT\clsid\{43989788-13d1-4be7-8404-db58166e06cd}]
[HKEY_CLASSES_ROOT\TBSB03657.TBSB03657.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB03657.TBSB03657]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-08-14 23:24 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-08-14 23:24 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-08-14 23:24 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys;c:\windows\SYSNATIVE\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys;c:\windows\SYSNATIVE\DRIVERS\BcmBusCtr_64.sys [x]
R3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;c:\windows\system32\DRIVERS\DIFMBUS.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMBUS.sys [x]
R3 DIFMCDF;Franklin EVDO USB Modem Installation CD;c:\windows\system32\DRIVERS\DIFMCDF.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMCDF.sys [x]
R3 DIFMMdm;Franklin EVDO USB Modem;c:\windows\system32\DRIVERS\DIFMMdm.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMMdm.sys [x]
R3 DIFMNET;Franklin EVDO USB Modem Network Adapter;c:\windows\system32\DRIVERS\DIFMNET.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMNET.sys [x]
R3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;c:\windows\system32\DRIVERS\DIFMNVsp.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMNVsp.sys [x]
R3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;c:\windows\system32\DRIVERS\DIFMVsp.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMVsp.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 DIFMCVsp;Franklin EVDO USB Modem CM Port;c:\windows\system32\DRIVERS\DIFMCVsp.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMCVsp.sys [x]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 21:29]
.
2013-09-23 c:\windows\Tasks\HPCeeScheduleForSuzanne.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-08-14 23:24 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-08-14 23:24 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-08-14 23:24 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-26 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-26 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-26 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/news/world/us_and_canada/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.28.82.91 68.28.68.132
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-20256200.sys
SafeBoot-85225267.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
WebBrowser-{43989788-13D1-4BE7-8404-DB58166E06CD} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-UnThreat - c:\program files (x86)\UnThreat AntiVirus\UnThreat.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-24  16:58:20
ComboFix-quarantined-files.txt  2013-09-24 21:58
.
Pre-Run: 200,157,896,704 bytes free
Post-Run: 200,821,555,200 bytes free
.
- - End Of File - - 5A9E7EA98D617A6B3CA8B89CE6D7AB98
 

 

Any idea why it deleted Word?  Is that or the other deleted file some sort of virus with a name intended to make users think it is something else?

 

Thanks!

Suzanne



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:31 PM

Posted 24 September 2013 - 09:04 PM

Looks like the file was in the wrong directory and that is why it was removed.   Are you able to run Word right now??  Give it a run and let me know.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 zuanne

zuanne
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 24 September 2013 - 09:17 PM

Ah, that makes sense.  I had upgraded to Office 2013 a few months ago and had trouble installing it the first time I tried, so I wonder if that is why some files were in the wrong place.  But yes, Word runs just fine now. 

 

One more odd question-- would ComboFix have changed my internet settings? I only ask because after running it, Twitter (which I think uses a lot of cookies) is showing up as just written text-- no pictures or formatting, and Facebook is taking a very long time to open/change pages.  Not sure if it's my machine, my internet connection, or the websites.

 

Thanks,

Suzanne



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:31 PM

Posted 24 September 2013 - 09:22 PM

Hi,
 
Don't worry as we are not done yet, but yes there will be some changes made to your system from running ComboFix but everything should go back to normal shortly.   :)
 
I am still reviewing your ComboFix log and will return as quickly as I can.  I have a test to study for tomorrow so hopefully it will be tonight.   I appreciate your patience.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 zuanne

zuanne
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 24 September 2013 - 09:28 PM

Thanks for your help, Jeff, and no worries about timing :)

Good luck on your test!!



#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:31 PM

Posted 25 September 2013 - 08:32 AM

Looking pretty good.  How is your system running now?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 zuanne

zuanne
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 25 September 2013 - 09:05 AM

Hi Jeff,

I'm at work now, so not on the computer in question.   Won't be able to get to it until ~4p.m. Central time

But this morning it was running fine except for the wonky Twitter formatting.  The Facebook load speed was much improved, so I think that may just have been a site/internet issue rather than my machine.

 

thanks,

Suzanne



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:31 PM

Posted 25 September 2013 - 09:34 AM

Ok just give it a check when you get home and we will go from there.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 zuanne

zuanne
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 25 September 2013 - 04:55 PM

Hi Jeff,
the machine seems to be working fine now, except for the stripped-down pages (no graphics or formatting) for some websites like Twitter and att.net. Facebook is taking a really long time to load and the screen freezes, but once it does load, it looks fine.  Is there anything in particular I should be looking for? 

 

Thanks,

Suzanne






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users