Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix by mistake: computer is acting up - gfxui.exe stopped working, slow


  • This topic is locked This topic is locked
77 replies to this topic

#1 super goku

super goku

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 02 November 2013 - 07:29 PM

Hello, 

 

I ran Combofix when I shouldnt have because I saw a post on a different forum saying to run it! I should have checked here on Bleepingcomputer. During the run...it deleted the system32/win.ini and gave me an error saying that gfxui.exe stopped working. The computer is very slow on startups and freezes for no reason...please help!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.25.2
Run by Basma at 20:21:29 on 2013-11-02
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.2.1033.18.3765.1965 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Registry Clean Expert\RCHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Basma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Basma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Basma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Basma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Basma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Basma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Basma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Basma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://gateway.msn.com
mDefault_Page_URL = hxxp://gateway.msn.com
uSearchAssistant = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RegClean Expert Scheduler] "C:\Program Files (x86)\Registry Clean Expert\RCHelper.exe" /startup
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"                                                                                                                                                                                                               
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5F322D61-6016-4885-9E53-42B264FD358E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FE01EBDF-D7A0-443B-82EF-4D8AE65C5067} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FE01EBDF-D7A0-443B-82EF-4D8AE65C5067}\2454C4C4234363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FE01EBDF-D7A0-443B-82EF-4D8AE65C5067}\2454C4C4238393 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FE01EBDF-D7A0-443B-82EF-4D8AE65C5067}\84F6D656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FE01EBDF-D7A0-443B-82EF-4D8AE65C5067}\C41646F6573656572702E4564777F627B6D27657563747 : DHCPNameServer = 64.71.255.204 64.71.255.198
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://gateway.msn.com
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-12-16 841248]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-26 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-4 701512]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-6 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-9-17 2365792]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-16 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-18 243232]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-12-16 292864]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-16 56344]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-8 406056]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-4-27 25928]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-8-29 11880]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-7-22 40448]
S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-16 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-16 158976]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-16 271872]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-13 1255736]
S4 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-02 20:10:29 -------- d-----w- C:\Intel
2013-11-02 19:51:12 -------- d-----w- C:\Users\Basma\AppData\Roaming\iExpert Software
2013-11-02 19:49:06 -------- d-----w- C:\Program Files (x86)\Registry Clean Expert
2013-11-02 19:39:53 -------- d-----w- C:\Users\Basma\AppData\Roaming\ParetoLogic
2013-11-02 19:39:53 -------- d-----w- C:\Users\Basma\AppData\Roaming\DriverCure
2013-11-02 19:39:38 -------- d-----w- C:\ProgramData\ParetoLogic
2013-11-02 19:15:00 -------- d-----w- C:\$RECYCLE.BIN
2013-11-02 19:06:07 256000 ----a-w- C:\Windows\PEV.exe
2013-11-02 19:06:07 208896 ----a-w- C:\Windows\MBR.exe
2013-11-02 19:06:06 98816 ----a-w- C:\Windows\sed.exe
2013-11-02 11:51:02 -------- d-----w- C:\ProgramData\Licenses
2013-11-01 19:35:35 -------- d-----w- C:\Program Files (x86)\Download kEeper
2013-11-01 19:29:55 -------- d-----w- C:\ProgramData\WinterSoft
2013-11-01 19:29:08 -------- d-----w- C:\ProgramData\YoutubeMP3Extension
2013-11-01 19:29:07 -------- d-----w- C:\Program Files (x86)\YoutubeMP3Extension
2013-11-01 19:29:03 -------- d-----w- C:\Program Files (x86)\SearchNewTab
2013-11-01 19:28:53 -------- d-----w- C:\Program Files (x86)\ss helper
2013-11-01 19:28:46 -------- d-----w- C:\Users\Basma\AppData\Local\Packages
2013-11-01 19:28:46 -------- d-----w- C:\ProgramData\Downuload keepera
2013-11-01 19:28:46 -------- d-----w- C:\ProgramData\39b559e409962429
2013-11-01 19:28:42 -------- d-----w- C:\Program Files (x86)\Downuload keepera
2013-11-01 19:28:14 -------- d-----w- C:\ProgramData\InstallMate
2013-10-31 18:28:50 -------- d-----w- C:\Program Files\Uninstaller
2013-10-31 18:21:32 -------- d-----w- C:\Users\Basma\AppData\Local\Programs
2013-10-31 18:21:32 -------- d-----w- C:\Users\Basma\AppData\Local\CRE
.
==================== Find3M  ====================
.
2013-10-10 01:20:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 01:20:28 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-05 05:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-08-28 01:50:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-28 01:50:53 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-08-28 01:50:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 20:21:49.95 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:26 PM

Posted 07 November 2013 - 01:49 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Please go ahead and post the logs created by ComboFix as well.  You should be able to find them at C:/ComboFix.txt
 
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 07 November 2013 - 06:51 PM

Hey Jeffce!
 
first off, I LOVE your super sayin avatar!!! do you know in which episode the King of Sayin transforms? Was this when he was fighting Cell?
 
 
Since my post, the computer will freeze on startup or before starting windows, it will just shut down and i will have to turn the computer back on to start it. Also, 

TDSSKILLER report

 
ComboFix 13-11-01.03 - Basma 02/11/2013  15:07:41.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.2.1033.18.3765.1951 [GMT -4:00]
Running from: c:\users\Basma\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DownloAD Keeper
c:\programdata\DownloAD Keeper\gV0aJNzry.dat
c:\users\Basma\AppData\Roaming\UpdateDrv.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-02 to 2013-11-02  )))))))))))))))))))))))))))))))
.
.
2013-11-02 11:51 . 2013-11-02 11:51 -------- d-----w- c:\programdata\Licenses
2013-11-01 19:35 . 2013-11-01 19:35 -------- d-----w- c:\program files (x86)\Download kEeper
2013-11-01 19:29 . 2013-11-01 19:29 -------- d-----w- c:\programdata\WinterSoft
2013-11-01 19:29 . 2013-11-01 19:35 -------- d-----w- c:\programdata\YoutubeMP3Extension
2013-11-01 19:29 . 2013-11-02 11:18 -------- d-----w- c:\program files (x86)\YoutubeMP3Extension
2013-11-01 19:29 . 2013-11-02 11:18 -------- d-----w- c:\program files (x86)\SearchNewTab
2013-11-01 19:28 . 2013-11-01 19:35 -------- d-----w- c:\program files (x86)\ss helper
2013-11-01 19:28 . 2013-11-02 11:18 -------- d-----w- c:\programdata\39b559e409962429
2013-11-01 19:28 . 2013-11-01 19:35 -------- d-----w- c:\programdata\Downuload keepera
2013-11-01 19:28 . 2013-11-01 19:28 -------- d-----w- c:\users\Basma\AppData\Local\Packages
2013-11-01 19:28 . 2013-11-01 19:35 -------- d-----w- c:\program files (x86)\Downuload keepera
2013-11-01 19:28 . 2013-11-01 19:35 -------- d-----w- c:\programdata\InstallMate
2013-10-31 18:28 . 2013-11-02 11:18 -------- d-----w- c:\program files\Uninstaller
2013-10-31 18:21 . 2013-10-31 18:21 -------- d-----w- c:\users\Basma\AppData\Local\CRE
2013-10-31 18:21 . 2013-10-31 18:21 -------- d-----w- c:\users\Basma\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 01:20 . 2012-07-21 07:17 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 01:20 . 2011-07-09 07:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 23:44 . 2011-04-02 14:18 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 05:43 . 2013-09-05 05:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-08-28 01:50 . 2013-08-28 01:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-28 01:50 . 2012-09-05 10:11 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-08-28 01:50 . 2011-11-27 02:14 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-09-23 4411952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 01:20]
.
2013-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155936706-1385735572-1064701117-1000Core.job
- c:\users\Basma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-05 21:28]
.
2013-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155936706-1385735572-1064701117-1000UA.job
- c:\users\Basma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-05 21:28]
.
2013-05-02 c:\windows\Tasks\ReclaimerUpdateFiles_Basma.job
- c:\users\Basma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-05-01 02:55]
.
2013-05-02 c:\windows\Tasks\ReclaimerUpdateXML_Basma.job
- c:\users\Basma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-05-01 02:55]
.
2013-05-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Basma.job
- c:\users\Basma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-05-01 02:55]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-02-26 818720]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://gateway.msn.com
mStart Page = hxxp://gateway.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = about:blank
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\AVG\AVG2013\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2013-11-02  15:20:07 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-02 19:20
.
Pre-Run: 276,072,050,688 bytes free
Post-Run: 275,690,770,432 bytes free
.
- - End Of File - - E1C8FF2CC93C440518AD8328B588C679
 
 
COMBOFIX:
ComboFix 13-11-01.03 - Basma 02/11/2013  15:07:41.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.2.1033.18.3765.1951 [GMT -4:00]
Running from: c:\users\Basma\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DownloAD Keeper
c:\programdata\DownloAD Keeper\gV0aJNzry.dat
c:\users\Basma\AppData\Roaming\UpdateDrv.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-02 to 2013-11-02  )))))))))))))))))))))))))))))))
.
.
2013-11-02 11:51 . 2013-11-02 11:51 -------- d-----w- c:\programdata\Licenses
2013-11-01 19:35 . 2013-11-01 19:35 -------- d-----w- c:\program files (x86)\Download kEeper
2013-11-01 19:29 . 2013-11-01 19:29 -------- d-----w- c:\programdata\WinterSoft
2013-11-01 19:29 . 2013-11-01 19:35 -------- d-----w- c:\programdata\YoutubeMP3Extension
2013-11-01 19:29 . 2013-11-02 11:18 -------- d-----w- c:\program files (x86)\YoutubeMP3Extension
2013-11-01 19:29 . 2013-11-02 11:18 -------- d-----w- c:\program files (x86)\SearchNewTab
2013-11-01 19:28 . 2013-11-01 19:35 -------- d-----w- c:\program files (x86)\ss helper
2013-11-01 19:28 . 2013-11-02 11:18 -------- d-----w- c:\programdata\39b559e409962429
2013-11-01 19:28 . 2013-11-01 19:35 -------- d-----w- c:\programdata\Downuload keepera
2013-11-01 19:28 . 2013-11-01 19:28 -------- d-----w- c:\users\Basma\AppData\Local\Packages
2013-11-01 19:28 . 2013-11-01 19:35 -------- d-----w- c:\program files (x86)\Downuload keepera
2013-11-01 19:28 . 2013-11-01 19:35 -------- d-----w- c:\programdata\InstallMate
2013-10-31 18:28 . 2013-11-02 11:18 -------- d-----w- c:\program files\Uninstaller
2013-10-31 18:21 . 2013-10-31 18:21 -------- d-----w- c:\users\Basma\AppData\Local\CRE
2013-10-31 18:21 . 2013-10-31 18:21 -------- d-----w- c:\users\Basma\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 01:20 . 2012-07-21 07:17 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 01:20 . 2011-07-09 07:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 23:44 . 2011-04-02 14:18 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 05:43 . 2013-09-05 05:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-08-28 01:50 . 2013-08-28 01:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-28 01:50 . 2012-09-05 10:11 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-08-28 01:50 . 2011-11-27 02:14 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-09-23 4411952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 01:20]
.
2013-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155936706-1385735572-1064701117-1000Core.job
- c:\users\Basma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-05 21:28]
.
2013-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155936706-1385735572-1064701117-1000UA.job
- c:\users\Basma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-05 21:28]
.
2013-05-02 c:\windows\Tasks\ReclaimerUpdateFiles_Basma.job
- c:\users\Basma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-05-01 02:55]
.
2013-05-02 c:\windows\Tasks\ReclaimerUpdateXML_Basma.job
- c:\users\Basma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-05-01 02:55]
.
2013-05-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Basma.job
- c:\users\Basma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-05-01 02:55]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-02-26 818720]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://gateway.msn.com
mStart Page = hxxp://gateway.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = about:blank
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\AVG\AVG2013\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2013-11-02  15:20:07 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-02 19:20
.
Pre-Run: 276,072,050,688 bytes free
Post-Run: 275,690,770,432 bytes free
.
- - End Of File - - E1C8FF2CC93C440518AD8328B588C679
 


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:26 PM

Posted 07 November 2013 - 07:37 PM

Hi,
 

first off, I LOVE your super sayin avatar!!! do you know in which episode the King of Sayin transforms? Was this when he was fighting Cell?

Thanks!   :)  I think he actually transforms after Goku fights Freiza but before the androids.  When Cell comes is when they all go to the Hyperbolic Time Chamber I believe.  
 
------------------------
 
I see you posted the ComboFix log but not the TDSSKiller log.  Could you post that as well please?   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 08 November 2013 - 05:50 PM

Sorry Jeff...confused here; I included the TDSSKILLER report on top and the combofix at the bottom. I ran it again and posted it the report below. Since then, i am now getting the following error:

 

error message:

 

 Xhgi81O.jpg

 

 

TDSSKILLER Log:

 

17:43:19.0579 0x1774  TDSS rootkit removing tool 3.0.0.16 Nov  1 2013 15:53:38
17:43:24.0997 0x1774  ============================================================
17:43:24.0998 0x1774  Current date / time: 2013/11/08 17:43:24.0997
17:43:24.0998 0x1774  SystemInfo:
17:43:24.0998 0x1774  
17:43:24.0998 0x1774  OS Version: 6.1.7601 ServicePack: 1.0
17:43:24.0998 0x1774  Product type: Workstation
17:43:24.0998 0x1774  ComputerName: BASMA-PC
17:43:24.0998 0x1774  UserName: Basma
17:43:24.0998 0x1774  Windows directory: C:\Windows
17:43:24.0998 0x1774  System windows directory: C:\Windows
17:43:24.0998 0x1774  Running under WOW64
17:43:24.0999 0x1774  Processor architecture: Intel x64
17:43:24.0999 0x1774  Number of processors: 2
17:43:24.0999 0x1774  Page size: 0x1000
17:43:24.0999 0x1774  Boot type: Normal boot
17:43:24.0999 0x1774  ============================================================
17:43:30.0100 0x1774  System UUID: {9CC539CA-A2EB-30F1-920A-41746DEF0FD4}
17:43:31.0370 0x1774  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:43:31.0375 0x1774  ============================================================
17:43:31.0375 0x1774  \Device\Harddisk0\DR0:
17:43:31.0375 0x1774  MBR partitions:
17:43:31.0375 0x1774  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
17:43:31.0375 0x1774  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
17:43:31.0375 0x1774  ============================================================
17:43:31.0502 0x1774  C: <-> \Device\Harddisk0\DR0\Partition2
17:43:31.0502 0x1774  ============================================================
17:43:31.0502 0x1774  Initialize success
17:43:31.0502 0x1774  ============================================================
17:43:46.0424 0x1644  ============================================================
17:43:46.0424 0x1644  Scan started
17:43:46.0424 0x1644  Mode: Manual; 
17:43:46.0424 0x1644  ============================================================
17:43:46.0424 0x1644  KSN ping started
17:43:49.0017 0x1644  KSN ping finished: true
17:43:52.0410 0x1644  ================ Scan system memory ========================
17:43:52.0410 0x1644  System memory - ok
17:43:52.0410 0x1644  ================ Scan services =============================
17:43:53.0407 0x1644  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:43:53.0428 0x1644  1394ohci - ok
17:43:53.0806 0x1644  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:43:53.0825 0x1644  ACPI - ok
17:43:54.0010 0x1644  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:43:54.0012 0x1644  AcpiPmi - ok
17:43:54.0980 0x1644  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:43:55.0096 0x1644  AdobeFlashPlayerUpdateSvc - ok
17:43:55.0268 0x1644  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:43:55.0288 0x1644  adp94xx - ok
17:43:55.0474 0x1644  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:43:55.0491 0x1644  adpahci - ok
17:43:55.0669 0x1644  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:43:55.0681 0x1644  adpu320 - ok
17:43:55.0807 0x1644  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:43:55.0848 0x1644  AeLookupSvc - ok
17:43:56.0305 0x1644  [ 314C17917AC8523EC77A710215012A65, 725CF2D5F63C06F7704C24FE0CFA696215DADC6C0EC445D9671E82F8E23E56AD ] AFD             C:\Windows\system32\drivers\afd.sys
17:43:56.0328 0x1644  AFD - ok
17:43:56.0398 0x1644  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
17:43:56.0404 0x1644  agp440 - ok
17:43:56.0486 0x1644  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
17:43:56.0492 0x1644  ALG - ok
17:43:56.0621 0x1644  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:43:56.0624 0x1644  aliide - ok
17:43:56.0714 0x1644  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:43:56.0717 0x1644  amdide - ok
17:43:56.0936 0x1644  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:43:56.0941 0x1644  AmdK8 - ok
17:43:56.0969 0x1644  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:43:56.0972 0x1644  AmdPPM - ok
17:43:57.0064 0x1644  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:43:57.0072 0x1644  amdsata - ok
17:43:57.0223 0x1644  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:43:57.0234 0x1644  amdsbs - ok
17:43:57.0334 0x1644  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:43:57.0338 0x1644  amdxata - ok
17:43:57.0547 0x1644  [ 391887990CDAA83DE5C56C3FDE966DA1, BC55E21E03B3FE7BBDBB13D56AADB8FBA74F58521AC73B105AD9788E7AE18F0B ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
17:43:57.0589 0x1644  AmUStor - ok
17:43:57.0755 0x1644  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
17:43:57.0790 0x1644  AppID - ok
17:43:57.0898 0x1644  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:43:57.0953 0x1644  AppIDSvc - ok
17:43:58.0322 0x1644  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
17:43:58.0327 0x1644  Appinfo - ok
17:43:58.0649 0x1644  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:43:58.0655 0x1644  arc - ok
17:43:58.0751 0x1644  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:43:58.0757 0x1644  arcsas - ok
17:43:58.0877 0x1644  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:43:58.0879 0x1644  AsyncMac - ok
17:43:58.0994 0x1644  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:43:58.0997 0x1644  atapi - ok
17:43:59.0323 0x1644  [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:43:59.0432 0x1644  athr - ok
17:43:59.0977 0x1644  [ 36322190763845975E0D001E90687BF2, EA3DB2D112015CA5C744C5A84CDEFF6D02CE7D0E7E6E141AE3E527C2FAB5600E ] athur           C:\Windows\system32\DRIVERS\athurx.sys
17:44:00.0123 0x1644  athur - ok
17:44:00.0503 0x1644  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:44:00.0552 0x1644  AudioEndpointBuilder - ok
17:44:00.0981 0x1644  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:44:01.0000 0x1644  AudioSrv - ok
17:44:02.0490 0x1644  [ 4DB93F4DB7077801D2D82013506AC1D0, 3D71655D1557021D5D828E37EAFDBA35C631061E48D64B9D376746F8FCC760B3 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
17:44:02.0712 0x1644  AVGIDSAgent - ok
17:44:02.0871 0x1644  [ 241C32E942869FD1351CC5864976C3AC, 5479FFFC242500E212BA365CF05745EA5E57854115060638218285FF722276BD ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:44:02.0883 0x1644  AVGIDSDriver - ok
17:44:03.0123 0x1644  [ C8D9EEACF266512C1FA52E2ECF5AD944, 01972886F4324C55BE4450F2E18F263FBF0BE7525A9390714216E6C7A1827B1D ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
17:44:03.0130 0x1644  AVGIDSHA - ok
17:44:03.0325 0x1644  [ FACD18A89FDEBC35C85CAF762B294BE2, FD6EBE87ACA6CC017AB7ED886B2BC13CA05BDA38E4B7E8A63F33EF7E5C755BB8 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
17:44:03.0338 0x1644  Avgldx64 - ok
17:44:03.0778 0x1644  [ 29FCDEAC6086FB7E55344B51E35D99CE, 06408D79DF92B8A31DE0CA518BD93CA211D3192496CA3783762F289549F8F615 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
17:44:03.0932 0x1644  Avgloga - ok
17:44:04.0050 0x1644  [ 85053293DCDE19829E8691A9E9E8A6FF, 1F115376DCF888C0ED928D5E7150CC4602510FDA785DE76912D415366D8D7393 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
17:44:04.0058 0x1644  Avgmfx64 - ok
17:44:04.0321 0x1644  [ 4494718783294ECFFBA7E89D82BAE6E1, 416D9F0B16B179502E1B1D59BC0948ACA00B9E00EE4A1D816E0E99AC72193A01 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
17:44:04.0325 0x1644  Avgrkx64 - ok
17:44:04.0491 0x1644  [ 69BD90E337625F96C718CACE7A9C9E29, 586948D6715ACB845D58BB5A73B8E5DA96A5415BC67D0508054F03D9A5C21768 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
17:44:04.0505 0x1644  Avgtdia - ok
17:44:04.0670 0x1644  [ 48939D9F350AEF9370F03A1E49A49BE2, 889FC07FE2DC4262055F37F8EEFFE15D5F12615FF797951BE445B42152076327 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
17:44:04.0859 0x1644  avgwd - ok
17:44:05.0085 0x1644  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:44:05.0092 0x1644  AxInstSV - ok
17:44:05.0355 0x1644  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:44:05.0383 0x1644  b06bdrv - ok
17:44:05.0479 0x1644  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:44:05.0490 0x1644  b57nd60a - ok
17:44:05.0874 0x1644  [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
17:44:05.0979 0x1644  BCM43XX - ok
17:44:06.0169 0x1644  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:44:06.0176 0x1644  BDESVC - ok
17:44:06.0310 0x1644  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:44:06.0312 0x1644  Beep - ok
17:44:06.0936 0x1644  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
17:44:07.0038 0x1644  BFE - ok
17:44:07.0422 0x1644  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
17:44:07.0449 0x1644  BITS - ok
17:44:07.0554 0x1644  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:44:07.0558 0x1644  blbdrive - ok
17:44:07.0737 0x1644  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:44:07.0904 0x1644  bowser - ok
17:44:08.0108 0x1644  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:44:08.0112 0x1644  BrFiltLo - ok
17:44:08.0155 0x1644  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:44:08.0156 0x1644  BrFiltUp - ok
17:44:08.0376 0x1644  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
17:44:08.0383 0x1644  BridgeMP - ok
17:44:08.0596 0x1644  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
17:44:08.0627 0x1644  Browser - ok
17:44:08.0711 0x1644  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:44:08.0724 0x1644  Brserid - ok
17:44:08.0843 0x1644  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:44:08.0849 0x1644  BrSerWdm - ok
17:44:08.0907 0x1644  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:44:08.0909 0x1644  BrUsbMdm - ok
17:44:09.0004 0x1644  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:44:09.0007 0x1644  BrUsbSer - ok
17:44:09.0275 0x1644  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:44:09.0280 0x1644  BTHMODEM - ok
17:44:09.0426 0x1644  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
17:44:09.0432 0x1644  bthserv - ok
17:44:09.0630 0x1644  catchme - ok
17:44:09.0890 0x1644  [ D1787E11C6A0078DDEAF8CF3EE2AB293, 15362A48EFF3DDD6C6D9B333CB7F5FE835B60A256B29467AD749DCFAC6C761D3 ] CAXHWAZL        C:\Windows\system32\DRIVERS\CAXHWAZL.sys
17:44:09.0907 0x1644  CAXHWAZL - ok
17:44:10.0030 0x1644  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:44:10.0036 0x1644  cdfs - ok
17:44:10.0211 0x1644  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
17:44:10.0221 0x1644  cdrom - ok
17:44:10.0381 0x1644  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:44:10.0387 0x1644  CertPropSvc - ok
17:44:10.0499 0x1644  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:44:10.0504 0x1644  circlass - ok
17:44:10.0750 0x1644  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
17:44:10.0772 0x1644  CLFS - ok
17:44:11.0146 0x1644  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:44:11.0435 0x1644  clr_optimization_v2.0.50727_32 - ok
17:44:11.0924 0x1644  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:44:11.0931 0x1644  clr_optimization_v2.0.50727_64 - ok
17:44:12.0251 0x1644  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:44:12.0673 0x1644  clr_optimization_v4.0.30319_32 - ok
17:44:13.0191 0x1644  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:44:13.0199 0x1644  clr_optimization_v4.0.30319_64 - ok
17:44:13.0289 0x1644  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:44:13.0292 0x1644  CmBatt - ok
17:44:13.0350 0x1644  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:44:13.0353 0x1644  cmdide - ok
17:44:13.0671 0x1644  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\Windows\system32\Drivers\cng.sys
17:44:13.0697 0x1644  CNG - ok
17:44:13.0788 0x1644  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:44:13.0792 0x1644  Compbatt - ok
17:44:13.0925 0x1644  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:44:13.0928 0x1644  CompositeBus - ok
17:44:13.0962 0x1644  COMSysApp - ok
17:44:14.0027 0x1644  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:44:14.0030 0x1644  crcdisk - ok
17:44:14.0181 0x1644  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:44:14.0191 0x1644  CryptSvc - ok
17:44:14.0684 0x1644  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:44:14.0752 0x1644  cvhsvc - ok
17:44:15.0095 0x1644  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:44:15.0114 0x1644  DcomLaunch - ok
17:44:15.0329 0x1644  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:44:15.0346 0x1644  defragsvc - ok
17:44:15.0421 0x1644  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:44:15.0428 0x1644  DfsC - ok
17:44:15.0572 0x1644  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:44:15.0587 0x1644  Dhcp - ok
17:44:15.0679 0x1644  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
17:44:15.0682 0x1644  discache - ok
17:44:15.0823 0x1644  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:44:15.0829 0x1644  Disk - ok
17:44:16.0201 0x1644  [ D5BCB77BE83CF99F508943945D46343D, 00C5624CE970A05075A19168643BF6E8FA60C764333ECEC088D7FFCA10547833 ] DKbFltr         C:\Windows\syswow64\Drivers\DKbFltr.sys
17:44:16.0212 0x1644  DKbFltr - ok
17:44:16.0351 0x1644  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:44:16.0362 0x1644  Dnscache - ok
17:44:16.0538 0x1644  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:44:16.0556 0x1644  dot3svc - ok
17:44:16.0730 0x1644  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
17:44:16.0740 0x1644  DPS - ok
17:44:16.0843 0x1644  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:44:16.0845 0x1644  drmkaud - ok
17:44:17.0219 0x1644  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:44:17.0273 0x1644  DXGKrnl - ok
17:44:17.0370 0x1644  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
17:44:17.0377 0x1644  EapHost - ok
17:44:18.0674 0x1644  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:44:18.0876 0x1644  ebdrv - ok
17:44:18.0929 0x1644  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
17:44:18.0933 0x1644  EFS - ok
17:44:19.0428 0x1644  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:44:19.0570 0x1644  ehRecvr - ok
17:44:19.0648 0x1644  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
17:44:19.0657 0x1644  ehSched - ok
17:44:19.0907 0x1644  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:44:20.0027 0x1644  elxstor - ok
17:44:20.0601 0x1644  [ D3FA244EF742B359093F8596011CB815, 98FE79170BDD2AB2B50A1E1361AAB9821C26BAE15388476D93DD0C05BB731A91 ] ePowerSvc       C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
17:44:20.0756 0x1644  ePowerSvc - ok
17:44:20.0833 0x1644  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:44:20.0836 0x1644  ErrDev - ok
17:44:21.0077 0x1644  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
17:44:21.0090 0x1644  EventSystem - ok
17:44:21.0300 0x1644  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:44:21.0313 0x1644  exfat - ok
17:44:21.0400 0x1644  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:44:21.0413 0x1644  fastfat - ok
17:44:21.0537 0x1644  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
17:44:21.0632 0x1644  Fax - ok
17:44:21.0765 0x1644  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:44:21.0799 0x1644  fdc - ok
17:44:21.0876 0x1644  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
17:44:21.0878 0x1644  fdPHost - ok
17:44:21.0953 0x1644  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:44:21.0957 0x1644  FDResPub - ok
17:44:21.0997 0x1644  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:44:22.0001 0x1644  FileInfo - ok
17:44:22.0032 0x1644  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:44:22.0035 0x1644  Filetrace - ok
17:44:22.0134 0x1644  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:44:22.0138 0x1644  flpydisk - ok
17:44:22.0290 0x1644  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:44:22.0312 0x1644  FltMgr - ok
17:44:22.0823 0x1644  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
17:44:22.0907 0x1644  FontCache - ok
17:44:23.0060 0x1644  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:44:23.0065 0x1644  FontCache3.0.0.0 - ok
17:44:23.0135 0x1644  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:44:23.0138 0x1644  FsDepends - ok
17:44:23.0245 0x1644  [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
17:44:23.0249 0x1644  fssfltr - ok
17:44:23.0886 0x1644  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:44:24.0717 0x1644  fsssvc - ok
17:44:24.0777 0x1644  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:44:24.0780 0x1644  Fs_Rec - ok
17:44:25.0024 0x1644  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:44:25.0037 0x1644  fvevol - ok
17:44:25.0098 0x1644  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:44:25.0105 0x1644  gagp30kx - ok
17:44:25.0394 0x1644  [ CE16683CFD11FE70BDE435DDA5EA1FCA, 43D850361F2B5C9389F7FABC3C62BD1517349C03834F436579DD01CFD09919F4 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
17:44:25.0472 0x1644  GameConsoleService - ok
17:44:25.0850 0x1644  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:44:25.0906 0x1644  gpsvc - ok
17:44:26.0188 0x1644  [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService     C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
17:44:26.0203 0x1644  GREGService - ok
17:44:26.0286 0x1644  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:44:26.0288 0x1644  hcw85cir - ok
17:44:26.0457 0x1644  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:44:26.0476 0x1644  HdAudAddService - ok
17:44:26.0587 0x1644  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:44:26.0595 0x1644  HDAudBus - ok
17:44:26.0846 0x1644  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
17:44:26.0851 0x1644  HECIx64 - ok
17:44:26.0915 0x1644  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:44:26.0918 0x1644  HidBatt - ok
17:44:26.0961 0x1644  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:44:26.0968 0x1644  HidBth - ok
17:44:27.0070 0x1644  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:44:27.0075 0x1644  HidIr - ok
17:44:27.0137 0x1644  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
17:44:27.0154 0x1644  hidserv - ok
17:44:27.0307 0x1644  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:44:27.0344 0x1644  HidUsb - ok
17:44:27.0401 0x1644  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:44:27.0428 0x1644  hkmsvc - ok
17:44:27.0654 0x1644  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:44:27.0667 0x1644  HomeGroupListener - ok
17:44:27.0804 0x1644  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:44:27.0817 0x1644  HomeGroupProvider - ok
17:44:27.0888 0x1644  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:44:27.0894 0x1644  HpSAMD - ok
17:44:28.0129 0x1644  [ 447256D1C026654C5CD3CC17E7B20631, F89589AC17BC50483E6687963370937E6CD19D6030F30D70577A7DA266116919 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
17:44:28.0216 0x1644  HsfXAudioService - ok
17:44:28.0311 0x1644  [ 26C5D00321937E49B6BC91029947D094, 610BBA49EAB5926FBC4B7990A64A8C3E5B7634CB25A39FC4D9104DD60FA3451A ] HSF_DPV         C:\Windows\system32\DRIVERS\CAX_DPV.sys
17:44:28.0432 0x1644  HSF_DPV - ok
17:44:28.0819 0x1644  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:44:28.0992 0x1644  HTTP - ok
17:44:29.0042 0x1644  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:44:29.0043 0x1644  hwpolicy - ok
17:44:29.0182 0x1644  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:44:29.0189 0x1644  i8042prt - ok
17:44:29.0448 0x1644  [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:44:29.0475 0x1644  iaStor - ok
17:44:29.0568 0x1644  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:44:29.0584 0x1644  iaStorV - ok
17:44:29.0755 0x1644  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:44:29.0925 0x1644  idsvc - ok
17:44:32.0261 0x1644  [ 2835C0808BA40FA8BC141E6015EB2414, DA79F820E3FF11812BE6467CEE0934060E9DDE2F188550B55B4D95BB882F9DFE ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:44:32.0589 0x1644  igfx - ok
17:44:32.0677 0x1644  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:44:32.0680 0x1644  iirsp - ok
17:44:32.0961 0x1644  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:44:32.0986 0x1644  IKEEXT - ok
17:44:33.0098 0x1644  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
17:44:33.0126 0x1644  Impcd - ok
17:44:33.0715 0x1644  [ 42943BB3AB7A405B30EFF7C8283CC129, B914B5610565B794BE28664DE605C5726A0587F15034A026509885771C63B0D5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:44:33.0785 0x1644  IntcAzAudAddService - ok
17:44:34.0025 0x1644  [ 58CF58DEE26C909BD6F977B61D246295, 0CE27B81C091961A22B75478449D654F9C1A68E43DF80C699DB8DD3D1B288461 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
17:44:34.0060 0x1644  IntcDAud - ok
17:44:34.0120 0x1644  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:44:34.0122 0x1644  intelide - ok
17:44:34.0255 0x1644  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:44:34.0257 0x1644  intelppm - ok
17:44:34.0326 0x1644  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:44:34.0341 0x1644  IPBusEnum - ok
17:44:34.0383 0x1644  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:44:34.0386 0x1644  IpFilterDriver - ok
17:44:34.0586 0x1644  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:44:34.0607 0x1644  iphlpsvc - ok
17:44:34.0638 0x1644  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:44:34.0643 0x1644  IPMIDRV - ok
17:44:34.0756 0x1644  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:44:34.0764 0x1644  IPNAT - ok
17:44:34.0881 0x1644  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:44:34.0884 0x1644  IRENUM - ok
17:44:34.0960 0x1644  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:44:34.0963 0x1644  isapnp - ok
17:44:35.0119 0x1644  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:44:35.0137 0x1644  iScsiPrt - ok
17:44:35.0422 0x1644  [ 12E27942DBB7C91880163634B0D8A776, DEE56DB8993A915E8FC32F9F50FAEED591799B0694655926C4F260EBFB99FC7E ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
17:44:35.0446 0x1644  k57nd60a - ok
17:44:35.0535 0x1644  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:44:35.0545 0x1644  kbdclass - ok
17:44:35.0622 0x1644  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:44:35.0624 0x1644  kbdhid - ok
17:44:35.0650 0x1644  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
17:44:35.0653 0x1644  KeyIso - ok
17:44:35.0744 0x1644  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:44:35.0795 0x1644  KSecDD - ok
17:44:36.0080 0x1644  [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:44:36.0088 0x1644  KSecPkg - ok
17:44:36.0214 0x1644  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:44:36.0216 0x1644  ksthunk - ok
17:44:36.0438 0x1644  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:44:36.0478 0x1644  KtmRm - ok
17:44:36.0783 0x1644  [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
17:44:36.0787 0x1644  L1E - ok
17:44:36.0918 0x1644  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
17:44:36.0934 0x1644  LanmanServer - ok
17:44:37.0039 0x1644  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:44:37.0048 0x1644  LanmanWorkstation - ok
17:44:37.0163 0x1644  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:44:37.0168 0x1644  lltdio - ok
17:44:37.0347 0x1644  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:44:37.0379 0x1644  lltdsvc - ok
17:44:37.0429 0x1644  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:44:37.0431 0x1644  lmhosts - ok
17:44:37.0979 0x1644  [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:44:37.0995 0x1644  LMS - ok
17:44:38.0097 0x1644  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:44:38.0105 0x1644  LSI_FC - ok
17:44:38.0143 0x1644  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:44:38.0150 0x1644  LSI_SAS - ok
17:44:38.0276 0x1644  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:44:38.0281 0x1644  LSI_SAS2 - ok
17:44:38.0348 0x1644  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:44:38.0357 0x1644  LSI_SCSI - ok
17:44:38.0428 0x1644  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:44:38.0433 0x1644  luafv - ok
17:44:38.0710 0x1644  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:44:38.0713 0x1644  MBAMProtector - ok
17:44:39.0146 0x1644  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:44:39.0168 0x1644  MBAMScheduler - ok
17:44:39.0579 0x1644  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:44:39.0610 0x1644  MBAMService - ok
17:44:39.0712 0x1644  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:44:39.0733 0x1644  Mcx2Svc - ok
17:44:39.0844 0x1644  [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:44:39.0873 0x1644  mdmxsdk - ok
17:44:39.0970 0x1644  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:44:39.0975 0x1644  megasas - ok
17:44:40.0132 0x1644  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:44:40.0149 0x1644  MegaSR - ok
17:44:40.0258 0x1644  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
17:44:40.0264 0x1644  MMCSS - ok
17:44:40.0315 0x1644  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
17:44:40.0317 0x1644  Modem - ok
17:44:40.0421 0x1644  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:44:40.0424 0x1644  monitor - ok
17:44:40.0484 0x1644  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
17:44:40.0487 0x1644  mouclass - ok
17:44:40.0646 0x1644  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:44:40.0648 0x1644  mouhid - ok
17:44:40.0758 0x1644  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:44:40.0814 0x1644  mountmgr - ok
17:44:40.0860 0x1644  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:44:40.0870 0x1644  mpio - ok
17:44:41.0306 0x1644  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:44:41.0312 0x1644  mpsdrv - ok
17:44:41.0577 0x1644  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:44:41.0605 0x1644  MpsSvc - ok
17:44:41.0718 0x1644  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:44:41.0773 0x1644  MRxDAV - ok
17:44:42.0030 0x1644  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:44:42.0074 0x1644  mrxsmb - ok
17:44:42.0353 0x1644  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:44:42.0370 0x1644  mrxsmb10 - ok
17:44:42.0424 0x1644  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:44:42.0429 0x1644  mrxsmb20 - ok
17:44:42.0543 0x1644  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:44:42.0550 0x1644  msahci - ok
17:44:42.0646 0x1644  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:44:42.0655 0x1644  msdsm - ok
17:44:42.0737 0x1644  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
17:44:42.0769 0x1644  MSDTC - ok
17:44:42.0835 0x1644  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:44:42.0838 0x1644  Msfs - ok
17:44:42.0886 0x1644  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:44:42.0889 0x1644  mshidkmdf - ok
17:44:42.0941 0x1644  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:44:42.0944 0x1644  msisadrv - ok
17:44:43.0059 0x1644  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:44:43.0083 0x1644  MSiSCSI - ok
17:44:43.0091 0x1644  msiserver - ok
17:44:43.0132 0x1644  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:44:43.0135 0x1644  MSKSSRV - ok
17:44:43.0156 0x1644  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:44:43.0158 0x1644  MSPCLOCK - ok
17:44:43.0225 0x1644  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:44:43.0227 0x1644  MSPQM - ok
17:44:43.0292 0x1644  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:44:43.0304 0x1644  MsRPC - ok
17:44:43.0359 0x1644  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:44:43.0361 0x1644  mssmbios - ok
17:44:43.0445 0x1644  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:44:43.0447 0x1644  MSTEE - ok
17:44:43.0470 0x1644  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:44:43.0473 0x1644  MTConfig - ok
17:44:43.0543 0x1644  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
17:44:43.0584 0x1644  Mup - ok
17:44:43.0898 0x1644  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
17:44:43.0999 0x1644  napagent - ok
17:44:44.0241 0x1644  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:44:44.0295 0x1644  NativeWifiP - ok
17:44:45.0317 0x1644  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:44:45.0559 0x1644  NDIS - ok
17:44:45.0686 0x1644  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:44:45.0688 0x1644  NdisCap - ok
17:44:46.0060 0x1644  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:44:46.0087 0x1644  NdisTapi - ok
17:44:46.0292 0x1644  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:44:46.0297 0x1644  Ndisuio - ok
17:44:46.0492 0x1644  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:44:46.0503 0x1644  NdisWan - ok
17:44:46.0587 0x1644  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:44:46.0592 0x1644  NDProxy - ok
17:44:47.0238 0x1644  [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:44:48.0243 0x1644  Nero BackItUp Scheduler 4.0 - ok
17:44:48.0321 0x1644  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:44:48.0323 0x1644  NetBIOS - ok
17:44:48.0641 0x1644  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:44:48.0656 0x1644  NetBT - ok
17:44:48.0761 0x1644  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
17:44:48.0765 0x1644  Netlogon - ok
17:44:48.0930 0x1644  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
17:44:48.0952 0x1644  Netman - ok
17:44:49.0113 0x1644  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
17:44:49.0133 0x1644  netprofm - ok
17:44:49.0171 0x1644  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:44:49.0176 0x1644  NetTcpPortSharing - ok
17:44:49.0250 0x1644  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:44:49.0254 0x1644  nfrd960 - ok
17:44:49.0284 0x1644  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:44:49.0293 0x1644  NlaSvc - ok
17:44:49.0406 0x1644  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:44:49.0410 0x1644  Npfs - ok
17:44:49.0489 0x1644  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
17:44:49.0493 0x1644  nsi - ok
17:44:49.0535 0x1644  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:44:49.0537 0x1644  nsiproxy - ok
17:44:50.0370 0x1644  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:44:50.0437 0x1644  Ntfs - ok
17:44:50.0510 0x1644  [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
17:44:50.0523 0x1644  NTI IScheduleSvc - ok
17:44:50.0603 0x1644  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
17:44:50.0606 0x1644  NTIDrvr - ok
17:44:50.0649 0x1644  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
17:44:50.0651 0x1644  Null - ok
17:44:50.0794 0x1644  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:44:50.0804 0x1644  nvraid - ok
17:44:50.0882 0x1644  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:44:50.0893 0x1644  nvstor - ok
17:44:50.0969 0x1644  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:44:50.0978 0x1644  nv_agp - ok
17:44:51.0034 0x1644  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:44:51.0040 0x1644  ohci1394 - ok
17:44:51.0260 0x1644  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:44:51.0300 0x1644  ose - ok
17:44:52.0542 0x1644  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:44:56.0620 0x1644  osppsvc - ok
17:44:56.0856 0x1644  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:44:56.0872 0x1644  p2pimsvc - ok
17:44:57.0104 0x1644  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
17:44:57.0119 0x1644  p2psvc - ok
17:44:57.0196 0x1644  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:44:57.0203 0x1644  Parport - ok
17:44:57.0285 0x1644  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:44:57.0292 0x1644  partmgr - ok
17:44:57.0406 0x1644  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:44:57.0416 0x1644  PcaSvc - ok
17:44:57.0514 0x1644  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
17:44:57.0525 0x1644  pci - ok
17:44:57.0664 0x1644  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:44:57.0667 0x1644  pciide - ok
17:44:57.0733 0x1644  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:44:57.0740 0x1644  pcmcia - ok
17:44:57.0785 0x1644  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:44:57.0787 0x1644  pcw - ok
17:44:58.0217 0x1644  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:44:58.0269 0x1644  PEAUTH - ok
17:44:58.0325 0x1644  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:44:58.0335 0x1644  PerfHost - ok
17:44:58.0536 0x1644  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
17:44:58.0593 0x1644  pla - ok
17:44:58.0695 0x1644  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:44:58.0708 0x1644  PlugPlay - ok
17:44:58.0728 0x1644  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:44:58.0737 0x1644  PNRPAutoReg - ok
17:44:58.0803 0x1644  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:44:58.0811 0x1644  PNRPsvc - ok
17:44:58.0925 0x1644  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:44:58.0942 0x1644  PolicyAgent - ok
17:44:58.0983 0x1644  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
17:44:58.0989 0x1644  Power - ok
17:44:59.0035 0x1644  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:44:59.0040 0x1644  PptpMiniport - ok
17:44:59.0071 0x1644  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:44:59.0074 0x1644  Processor - ok
17:44:59.0153 0x1644  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:44:59.0162 0x1644  ProfSvc - ok
17:44:59.0182 0x1644  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:44:59.0184 0x1644  ProtectedStorage - ok
17:44:59.0270 0x1644  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:44:59.0274 0x1644  Psched - ok
17:44:59.0349 0x1644  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:44:59.0416 0x1644  ql2300 - ok
17:44:59.0479 0x1644  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:44:59.0509 0x1644  ql40xx - ok
17:44:59.0570 0x1644  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
17:44:59.0602 0x1644  QWAVE - ok
17:44:59.0668 0x1644  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:44:59.0670 0x1644  QWAVEdrv - ok
17:44:59.0701 0x1644  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:44:59.0703 0x1644  RasAcd - ok
17:44:59.0797 0x1644  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:44:59.0799 0x1644  RasAgileVpn - ok
17:44:59.0835 0x1644  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
17:44:59.0846 0x1644  RasAuto - ok
17:44:59.0895 0x1644  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:44:59.0900 0x1644  Rasl2tp - ok
17:45:00.0046 0x1644  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
17:45:00.0099 0x1644  RasMan - ok
17:45:00.0194 0x1644  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:45:00.0197 0x1644  RasPppoe - ok
17:45:00.0239 0x1644  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:45:00.0242 0x1644  RasSstp - ok
17:45:00.0328 0x1644  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:45:00.0337 0x1644  rdbss - ok
17:45:00.0384 0x1644  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:45:00.0386 0x1644  rdpbus - ok
17:45:00.0422 0x1644  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:45:00.0423 0x1644  RDPCDD - ok
17:45:00.0459 0x1644  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:45:00.0460 0x1644  RDPENCDD - ok
17:45:00.0478 0x1644  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:45:00.0479 0x1644  RDPREFMP - ok
17:45:00.0573 0x1644  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:45:00.0580 0x1644  RDPWD - ok
17:45:00.0634 0x1644  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:45:00.0641 0x1644  rdyboost - ok
17:45:00.0677 0x1644  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:45:00.0691 0x1644  RemoteAccess - ok
17:45:00.0726 0x1644  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:45:00.0759 0x1644  RemoteRegistry - ok
17:45:00.0805 0x1644  RimUsb - ok
17:45:00.0829 0x1644  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:45:00.0832 0x1644  RpcEptMapper - ok
17:45:00.0865 0x1644  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
17:45:00.0872 0x1644  RpcLocator - ok
17:45:00.0923 0x1644  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
17:45:00.0936 0x1644  RpcSs - ok
17:45:00.0995 0x1644  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:45:01.0017 0x1644  rspndr - ok
17:45:01.0038 0x1644  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
17:45:01.0040 0x1644  SamSs - ok
17:45:01.0080 0x1644  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:45:01.0084 0x1644  sbp2port - ok
17:45:01.0268 0x1644  [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:45:01.0298 0x1644  SBSDWSCService - ok
17:45:01.0359 0x1644  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:45:01.0372 0x1644  SCardSvr - ok
17:45:01.0445 0x1644  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:45:01.0447 0x1644  scfilter - ok
17:45:01.0556 0x1644  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
17:45:01.0642 0x1644  Schedule - ok
17:45:01.0676 0x1644  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:45:01.0678 0x1644  SCPolicySvc - ok
17:45:01.0798 0x1644  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:45:01.0887 0x1644  SDRSVC - ok
17:45:02.0145 0x1644  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:45:02.0147 0x1644  secdrv - ok
17:45:02.0207 0x1644  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
17:45:02.0213 0x1644  seclogon - ok
17:45:02.0249 0x1644  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
17:45:02.0253 0x1644  SENS - ok
17:45:02.0282 0x1644  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:45:02.0291 0x1644  SensrSvc - ok
17:45:02.0353 0x1644  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:45:02.0356 0x1644  Serenum - ok
17:45:02.0451 0x1644  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:45:02.0458 0x1644  Serial - ok
17:45:02.0521 0x1644  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:45:02.0525 0x1644  sermouse - ok
17:45:02.0578 0x1644  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
17:45:02.0593 0x1644  SessionEnv - ok
17:45:02.0631 0x1644  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:45:02.0633 0x1644  sffdisk - ok
17:45:02.0661 0x1644  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:45:02.0663 0x1644  sffp_mmc - ok
17:45:02.0698 0x1644  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:45:02.0700 0x1644  sffp_sd - ok
17:45:02.0748 0x1644  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:45:02.0751 0x1644  sfloppy - ok
17:45:03.0016 0x1644  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
17:45:03.0038 0x1644  Sftfs - ok
17:45:03.0215 0x1644  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:45:03.0231 0x1644  sftlist - ok
17:45:03.0328 0x1644  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:45:03.0336 0x1644  Sftplay - ok
17:45:03.0376 0x1644  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:45:03.0377 0x1644  Sftredir - ok
17:45:03.0383 0x1644  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
17:45:03.0384 0x1644  Sftvol - ok
17:45:03.0430 0x1644  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:45:03.0436 0x1644  sftvsa - ok
17:45:03.0492 0x1644  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:45:03.0503 0x1644  SharedAccess - ok
17:45:03.0728 0x1644  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:45:03.0783 0x1644  ShellHWDetection - ok
17:45:03.0904 0x1644  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:45:04.0060 0x1644  SiSRaid2 - ok
17:45:04.0135 0x1644  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:45:04.0139 0x1644  SiSRaid4 - ok
17:45:04.0204 0x1644  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:45:04.0208 0x1644  Smb - ok
17:45:04.0268 0x1644  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:45:04.0270 0x1644  SNMPTRAP - ok
17:45:04.0321 0x1644  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:45:04.0323 0x1644  spldr - ok
17:45:04.0428 0x1644  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
17:45:04.0444 0x1644  Spooler - ok
17:45:04.0961 0x1644  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:45:05.0131 0x1644  sppsvc - ok
17:45:05.0188 0x1644  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:45:05.0204 0x1644  sppuinotify - ok
17:45:05.0335 0x1644  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:45:05.0348 0x1644  srv - ok
17:45:05.0411 0x1644  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:45:05.0423 0x1644  srv2 - ok
17:45:05.0520 0x1644  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:45:05.0553 0x1644  SrvHsfHDA - ok
17:45:05.0674 0x1644  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:45:05.0748 0x1644  SrvHsfV92 - ok
17:45:06.0047 0x1644  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:45:06.0099 0x1644  SrvHsfWinac - ok
17:45:06.0251 0x1644  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:45:06.0256 0x1644  srvnet - ok
17:45:06.0349 0x1644  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:45:06.0355 0x1644  SSDPSRV - ok
17:45:06.0387 0x1644  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:45:06.0392 0x1644  SstpSvc - ok
17:45:06.0431 0x1644  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:45:06.0433 0x1644  stexstor - ok
17:45:06.0506 0x1644  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
17:45:06.0540 0x1644  stisvc - ok
17:45:06.0635 0x1644  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:45:06.0638 0x1644  swenum - ok
17:45:06.0965 0x1644  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
17:45:06.0992 0x1644  swprv - ok
17:45:07.0093 0x1644  [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:45:07.0103 0x1644  SynTP - ok
17:45:07.0463 0x1644  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
17:45:07.0565 0x1644  SysMain - ok
17:45:07.0723 0x1644  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:45:07.0766 0x1644  TabletInputService - ok
17:45:07.0870 0x1644  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:45:07.0938 0x1644  TapiSrv - ok
17:45:08.0133 0x1644  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
17:45:08.0151 0x1644  TBS - ok
17:45:08.0478 0x1644  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:45:08.0595 0x1644  Tcpip - ok
17:45:08.0704 0x1644  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:45:08.0747 0x1644  TCPIP6 - ok
17:45:08.0868 0x1644  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:45:08.0870 0x1644  tcpipreg - ok
17:45:08.0912 0x1644  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:45:08.0914 0x1644  TDPIPE - ok
17:45:08.0957 0x1644  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:45:08.0959 0x1644  TDTCP - ok
17:45:09.0020 0x1644  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:45:09.0024 0x1644  tdx - ok
17:45:09.0072 0x1644  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:45:09.0075 0x1644  TermDD - ok
17:45:09.0323 0x1644  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
17:45:09.0487 0x1644  TermService - ok
17:45:09.0737 0x1644  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
17:45:10.0348 0x1644  Themes - ok
17:45:10.0524 0x1644  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:45:10.0560 0x1644  THREADORDER - ok
17:45:10.0757 0x1644  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
17:45:10.0797 0x1644  TrkWks - ok
17:45:11.0358 0x1644  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:45:11.0369 0x1644  TrustedInstaller - ok
17:45:11.0503 0x1644  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:45:11.0533 0x1644  tssecsrv - ok
17:45:11.0813 0x1644  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:45:11.0818 0x1644  TsUsbFlt - ok
17:45:12.0860 0x1644  [ 1D43BF1698B88B6758F20F4B4C40C37B, 17EFA195FC2E3D6FD3FB05C7593F3BE639DCEA65A5AAF63FB35C31F53A72EF95 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
17:45:13.0009 0x1644  TuneUp.UtilitiesSvc - ok
17:45:13.0227 0x1644  [ 7BC3381C0713F613B31ACDE38B71CB53, 275A6CB6A6157270C35FD7D6213D0D99030AEE5AE852E0D929CBE879C63FAB2F ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
17:45:13.0229 0x1644  TuneUpUtilitiesDrv - ok
17:45:13.0393 0x1644  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:45:13.0400 0x1644  tunnel - ok
17:45:13.0600 0x1644  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:45:13.0606 0x1644  uagp35 - ok
17:45:13.0649 0x1644  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
17:45:13.0652 0x1644  UBHelper - ok
17:45:14.0483 0x1644  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:45:14.0494 0x1644  udfs - ok
17:45:14.0541 0x1644  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:45:14.0555 0x1644  UI0Detect - ok
17:45:14.0598 0x1644  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:45:14.0600 0x1644  uliagpkx - ok
17:45:14.0747 0x1644  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
17:45:14.0752 0x1644  umbus - ok
17:45:14.0841 0x1644  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:45:14.0843 0x1644  UmPass - ok
17:45:17.0200 0x1644  [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:45:17.0331 0x1644  UNS - ok
17:45:17.0650 0x1644  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
17:45:17.0657 0x1644  Updater Service - ok
17:45:18.0249 0x1644  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
17:45:18.0282 0x1644  upnphost - ok
17:45:18.0385 0x1644  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:45:18.0389 0x1644  usbaudio - ok
17:45:18.0442 0x1644  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:45:18.0479 0x1644  usbccgp - ok
17:45:18.0602 0x1644  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:45:18.0608 0x1644  usbcir - ok
17:45:18.0653 0x1644  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:45:18.0655 0x1644  usbehci - ok
17:45:18.0756 0x1644  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:45:18.0777 0x1644  usbhub - ok
17:45:19.0008 0x1644  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:45:19.0011 0x1644  usbohci - ok
17:45:19.0135 0x1644  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:45:19.0137 0x1644  usbprint - ok
17:45:19.0388 0x1644  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:45:19.0391 0x1644  usbscan - ok
17:45:19.0497 0x1644  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
17:45:19.0537 0x1644  USBSTOR - ok
17:45:19.0567 0x1644  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:45:19.0570 0x1644  usbuhci - ok
17:45:19.0820 0x1644  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:45:19.0854 0x1644  usbvideo - ok
17:45:20.0232 0x1644  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
17:45:20.0237 0x1644  UxSms - ok
17:45:20.0392 0x1644  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
17:45:20.0397 0x1644  VaultSvc - ok
17:45:20.0521 0x1644  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:45:20.0525 0x1644  vdrvroot - ok
17:45:20.0829 0x1644  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
17:45:20.0879 0x1644  vds - ok
17:45:20.0930 0x1644  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:45:20.0932 0x1644  vga - ok
17:45:20.0982 0x1644  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:45:20.0993 0x1644  VgaSave - ok
17:45:21.0068 0x1644  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:45:21.0076 0x1644  vhdmp - ok
17:45:21.0239 0x1644  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:45:21.0241 0x1644  viaide - ok
17:45:21.0284 0x1644  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:45:21.0287 0x1644  volmgr - ok
17:45:21.0430 0x1644  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:45:21.0448 0x1644  volmgrx - ok
17:45:21.0567 0x1644  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:45:21.0585 0x1644  volsnap - ok
17:45:21.0731 0x1644  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:45:21.0743 0x1644  vsmraid - ok
17:45:22.0955 0x1644  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
17:45:23.0210 0x1644  VSS - ok
17:45:23.0226 0x1644  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:45:23.0229 0x1644  vwifibus - ok
17:45:23.0283 0x1644  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:45:23.0287 0x1644  vwififlt - ok
17:45:23.0459 0x1644  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
17:45:23.0520 0x1644  W32Time - ok
17:45:23.0560 0x1644  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:45:23.0562 0x1644  WacomPen - ok
17:45:23.0649 0x1644  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:45:23.0653 0x1644  WANARP - ok
17:45:23.0676 0x1644  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:45:23.0678 0x1644  Wanarpv6 - ok
17:45:24.0499 0x1644  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:45:25.0464 0x1644  WatAdminSvc - ok
17:45:25.0628 0x1644  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
17:45:25.0796 0x1644  wbengine - ok
17:45:26.0242 0x1644  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:45:26.0268 0x1644  WbioSrvc - ok
17:45:26.0338 0x1644  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:45:26.0353 0x1644  wcncsvc - ok
17:45:26.0438 0x1644  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:45:26.0454 0x1644  WcsPlugInService - ok
17:45:26.0519 0x1644  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:45:26.0522 0x1644  Wd - ok
17:45:26.0841 0x1644  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:45:26.0878 0x1644  Wdf01000 - ok
17:45:26.0950 0x1644  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:45:26.0954 0x1644  WdiServiceHost - ok
17:45:26.0961 0x1644  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:45:26.0965 0x1644  WdiSystemHost - ok
17:45:27.0011 0x1644  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
17:45:27.0022 0x1644  WebClient - ok
17:45:27.0053 0x1644  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:45:27.0075 0x1644  Wecsvc - ok
17:45:27.0096 0x1644  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:45:27.0100 0x1644  wercplsupport - ok
17:45:27.0143 0x1644  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:45:27.0169 0x1644  WerSvc - ok
17:45:27.0282 0x1644  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:45:27.0286 0x1644  WfpLwf - ok
17:45:27.0311 0x1644  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:45:27.0315 0x1644  WIMMount - ok
17:45:27.0498 0x1644  [ A6EA7A3FC4B00F48535B506DB1E86EFD, B2A28C0438BA679D760FB8B68289D625CF6204DFF8000A285B5CA68417314F65 ] winachsf        C:\Windows\system32\DRIVERS\CAX_CNXT.sys
17:45:27.0524 0x1644  winachsf - ok
17:45:27.0582 0x1644  WinDefend - ok
17:45:27.0607 0x1644  WinHttpAutoProxySvc - ok
17:45:27.0750 0x1644  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:45:27.0824 0x1644  Winmgmt - ok
17:45:28.0194 0x1644  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:45:28.0291 0x1644  WinRM - ok
17:45:28.0471 0x1644  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:45:28.0474 0x1644  WinUsb - ok
17:45:28.0602 0x1644  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:45:28.0643 0x1644  Wlansvc - ok
17:45:28.0768 0x1644  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:45:28.0796 0x1644  wlcrasvc - ok
17:45:29.0308 0x1644  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:45:29.0441 0x1644  wlidsvc - ok
17:45:29.0533 0x1644  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:45:29.0535 0x1644  WmiAcpi - ok
17:45:29.0580 0x1644  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:45:29.0602 0x1644  wmiApSrv - ok
17:45:29.0670 0x1644  WMPNetworkSvc - ok
17:45:29.0719 0x1644  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:45:29.0734 0x1644  WPCSvc - ok
17:45:29.0965 0x1644  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:45:29.0975 0x1644  WPDBusEnum - ok
17:45:30.0015 0x1644  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:45:30.0016 0x1644  ws2ifsl - ok
17:45:30.0059 0x1644  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
17:45:30.0064 0x1644  wscsvc - ok
17:45:30.0069 0x1644  WSearch - ok
17:45:30.0362 0x1644  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:45:30.0417 0x1644  wuauserv - ok
17:45:30.0489 0x1644  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:45:30.0496 0x1644  WudfPf - ok
17:45:30.0644 0x1644  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:45:30.0650 0x1644  WUDFRd - ok
17:45:30.0685 0x1644  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:45:30.0697 0x1644  wudfsvc - ok
17:45:30.0858 0x1644  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:45:30.0916 0x1644  WwanSvc - ok
17:45:30.0998 0x1644  [ E8F3FA126A06F8E7088F63757112A186, FC742ECA6DD823C5B17A514EC4473F65EE290FA6501370675B3628FD881A1C4B ] XAudio          C:\Windows\system32\DRIVERS\XAudio64.sys
17:45:31.0000 0x1644  XAudio - ok
17:45:31.0074 0x1644  ================ Scan global ===============================
17:45:31.0126 0x1644  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:45:31.0242 0x1644  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:45:31.0277 0x1644  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:45:31.0304 0x1644  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:45:31.0349 0x1644  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
17:45:31.0360 0x1644  [ Global ] - ok
17:45:31.0360 0x1644  ================ Scan MBR ==================================
17:45:31.0376 0x1644  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:45:32.0058 0x1644  \Device\Harddisk0\DR0 - ok
17:45:32.0059 0x1644  ================ Scan VBR ==================================
17:45:32.0103 0x1644  [ 42DC631EB35AF18B8E818263E8C9C0E6 ] \Device\Harddisk0\DR0\Partition1
17:45:32.0106 0x1644  \Device\Harddisk0\DR0\Partition1 - ok
17:45:32.0136 0x1644  [ 4841B4EFCEC45DD1ADC33111AD70F385 ] \Device\Harddisk0\DR0\Partition2
17:45:32.0139 0x1644  \Device\Harddisk0\DR0\Partition2 - ok
17:45:32.0140 0x1644  Waiting for KSN requests completion. In queue: 185
17:45:33.0140 0x1644  Waiting for KSN requests completion. In queue: 185
17:45:34.0140 0x1644  Waiting for KSN requests completion. In queue: 185
17:45:35.0231 0x1644  AV detected via SS2: AVG AntiVirus Free Edition 2013, C:\Program Files (x86)\AVG\AVG2013\avgwsc.exe ( 13.0.0.3300 ), 0x41000 ( enabled : updated )
17:45:35.0339 0x1644  Win FW state via NFP2: enabled
17:45:37.0880 0x1644  ============================================================
17:45:37.0880 0x1644  Scan finished
17:45:37.0880 0x1644  ============================================================
17:45:37.0903 0x09a8  Detected object count: 0
17:45:37.0903 0x09a8  Actual detected object count: 0


#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:26 PM

Posted 08 November 2013 - 08:34 PM

Hi,

 

Thanks for posting that.  Please run a new scan with ComboFix and post the new log.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 09 November 2013 - 02:49 AM

ComboFix 13-11-07.01 - Basma 09/11/2013   2:27.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.3765.2455 [GMT -5:00]
Running from: c:\users\Basma\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-09 to 2013-11-09  )))))))))))))))))))))))))))))))
.
.
2013-11-09 07:37 . 2013-11-09 07:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-05 22:51 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-11-05 22:51 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-11-05 20:33 . 2013-11-05 20:33 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-05 02:38 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-11-05 02:37 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-05 02:37 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-11-05 02:37 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-11-05 02:37 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-05 02:35 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-11-05 02:35 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-11-05 02:35 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-05 02:35 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-11-05 02:34 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-11-05 02:34 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-11-05 02:34 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-11-05 02:34 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-11-05 02:34 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-11-05 02:34 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-11-05 02:34 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-11-05 02:34 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-11-05 02:32 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2013-11-05 02:32 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2013-11-05 02:32 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2013-11-05 02:32 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2013-11-05 02:32 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2013-11-05 02:32 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-11-05 02:32 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2013-11-05 02:32 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-11-05 02:32 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2013-11-05 02:32 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2013-11-05 02:32 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2013-11-05 02:31 . 2013-07-03 04:40 42496 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-11-05 02:31 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-11-05 02:31 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-11-05 02:31 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2013-11-05 02:31 . 2013-07-04 12:50 102400 ----a-w- c:\windows\system32\davclnt.dll
2013-11-05 02:31 . 2013-07-04 11:57 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2013-11-05 02:31 . 2013-07-04 11:51 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2013-11-05 02:31 . 2013-07-04 10:11 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-11-05 02:31 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-11-05 02:31 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-11-05 02:31 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-11-05 02:29 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-11-05 02:29 . 2013-09-14 01:10 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-05 02:29 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-05 02:29 . 2013-09-08 02:27 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-11-05 02:29 . 2013-09-08 02:03 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-11-05 02:29 . 2013-08-28 01:21 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-11-05 02:17 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-11-05 02:16 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-11-04 02:37 . 2013-11-04 02:37 -------- d-----w- c:\windows\system32\SPReview
2013-11-04 02:36 . 2013-11-04 02:36 -------- d-----w- c:\windows\system32\EventProviders
2013-11-04 01:23 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2013-11-04 01:23 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-11-04 01:23 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2013-11-04 01:23 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-04 01:23 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-11-04 01:23 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2013-11-04 01:23 . 2010-11-20 13:27 1743360 ----a-w- c:\windows\system32\sysmain.dll
2013-11-04 01:23 . 2010-11-20 12:19 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2013-11-04 01:23 . 2010-11-20 12:19 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2013-11-04 01:23 . 2010-11-20 13:27 3650560 ----a-w- c:\windows\system32\MSVidCtl.dll
2013-11-04 01:23 . 2010-11-20 13:27 14633472 ----a-w- c:\windows\system32\wmp.dll
2013-11-04 01:21 . 2010-11-20 13:26 630272 ----a-w- c:\windows\system32\evr.dll
2013-11-04 01:20 . 2010-11-20 13:27 154624 ----a-w- c:\windows\system32\uxlib.dll
2013-11-04 01:19 . 2010-11-20 13:27 10752 ----a-w- c:\windows\system32\riched32.dll
2013-11-04 01:18 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2013-11-04 01:18 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2013-11-04 01:17 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2013-11-04 01:17 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2013-11-03 22:03 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-11-03 22:03 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-11-03 22:03 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-11-03 22:03 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2013-11-03 22:03 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2013-11-03 22:02 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2013-11-03 22:02 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2013-11-02 19:51 . 2013-11-02 19:51 -------- d-----w- c:\users\Basma\AppData\Roaming\iExpert Software
2013-11-02 19:49 . 2013-11-02 20:03 -------- d-----w- c:\program files (x86)\Registry Clean Expert
2013-11-02 19:39 . 2013-11-02 19:39 -------- d-----w- c:\users\Basma\AppData\Roaming\ParetoLogic
2013-11-02 19:39 . 2013-11-02 19:39 -------- d-----w- c:\users\Basma\AppData\Roaming\DriverCure
2013-11-02 19:39 . 2013-11-02 20:18 -------- d-----w- c:\programdata\ParetoLogic
2013-11-02 11:51 . 2013-11-02 11:51 -------- d-----w- c:\programdata\Licenses
2013-11-01 19:35 . 2013-11-01 19:35 -------- d-----w- c:\program files (x86)\Download kEeper
2013-11-01 19:29 . 2013-11-01 19:29 -------- d-----w- c:\programdata\WinterSoft
2013-11-01 19:29 . 2013-11-01 19:35 -------- d-----w- c:\programdata\YoutubeMP3Extension
2013-11-01 19:29 . 2013-11-02 11:18 -------- d-----w- c:\program files (x86)\YoutubeMP3Extension
2013-11-01 19:29 . 2013-11-02 11:18 -------- d-----w- c:\program files (x86)\SearchNewTab
2013-11-01 19:28 . 2013-11-01 19:35 -------- d-----w- c:\program files (x86)\ss helper
2013-11-01 19:28 . 2013-11-02 11:18 -------- d-----w- c:\programdata\39b559e409962429
2013-11-01 19:28 . 2013-11-01 19:35 -------- d-----w- c:\programdata\Downuload keepera
2013-11-01 19:28 . 2013-11-01 19:28 -------- d-----w- c:\users\Basma\AppData\Local\Packages
2013-11-01 19:28 . 2013-11-01 19:35 -------- d-----w- c:\program files (x86)\Downuload keepera
2013-11-01 19:28 . 2013-11-01 19:35 -------- d-----w- c:\programdata\InstallMate
2013-10-31 18:28 . 2013-11-02 11:18 -------- d-----w- c:\program files\Uninstaller
2013-10-31 18:21 . 2013-10-31 18:21 -------- d-----w- c:\users\Basma\AppData\Local\CRE
2013-10-31 18:21 . 2013-10-31 18:21 -------- d-----w- c:\users\Basma\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-04 02:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-11-04 02:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-10-10 01:20 . 2012-07-21 07:17 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 01:20 . 2011-07-09 07:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 23:44 . 2011-04-02 14:18 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 05:43 . 2013-09-05 05:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-08-29 01:48 . 2013-11-05 02:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-28 01:50 . 2013-08-28 01:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-28 01:50 . 2012-09-05 10:11 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-08-28 01:50 . 2011-11-27 02:14 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-09-23 4411952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler^Registry: HKCU:RUN]
2013-11-02 20:03 601848 ----a-w- c:\program files (x86)\Registry Clean Expert\RCHelper.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 01:20]
.
2013-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155936706-1385735572-1064701117-1000Core.job
- c:\users\Basma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-05 21:28]
.
2013-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2155936706-1385735572-1064701117-1000UA.job
- c:\users\Basma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-05 21:28]
.
2013-05-02 c:\windows\Tasks\ReclaimerUpdateFiles_Basma.job
- c:\users\Basma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-05-01 02:55]
.
2013-05-02 c:\windows\Tasks\ReclaimerUpdateXML_Basma.job
- c:\users\Basma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-05-01 02:55]
.
2013-05-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Basma.job
- c:\users\Basma\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-05-01 02:55]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-02-26 818720]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-15 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-15 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-15 410136]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = about:blank
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-09  02:47:24
ComboFix-quarantined-files.txt  2013-11-09 07:47
ComboFix2.txt  2013-11-02 19:20
.
Pre-Run: 276,653,711,360 bytes free
Post-Run: 276,352,839,680 bytes free
.
- - End Of File - - ED833790BC90BA4EF7A420B15423795D


#8 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 09 November 2013 - 07:01 PM

Jeff... Just to let you know. When I put the computer to sleep it will not turn back on... It will shut down and I have to turn it back on

#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:26 PM

Posted 09 November 2013 - 08:32 PM

That ComboFix log looks pretty good.  How is your system behaving??  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 09 November 2013 - 10:38 PM

Better but still a problem when I place the computer on "sleep". As i try to turn it back on...it will shut down. I then have to press the power button to turn the computer back on.

 

the first time Combofix was run, i think it deleted a file called system32/winini



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:26 PM

Posted 10 November 2013 - 10:51 AM

No that file being removed is fine.  :)  How long have you been having the problem with the system going to sleep and having to be restarted??  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 10 November 2013 - 11:00 AM

not sure because i just started putting it on sleep after you started helping me



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:26 PM

Posted 10 November 2013 - 11:24 AM

not sure because i just started putting it on sleep after you started helping me

Ok let me do some digging around and see what I can come up with.   :)  In the meantime....
 

VBJ9QO9.jpgJava
 
Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
 
http://java.com/en/download/index.jsp
----------
 
See this page for instructions on how to clear java's cache.
 
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

----------
 

GUZVCQN.jpgMalwarebytes
 
Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:26 PM

Posted 12 November 2013 - 07:41 AM

Still with me?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 super goku

super goku
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 12 November 2013 - 10:55 PM

yes just having problems running the scan...the computer will shut down! trying again






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users