Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Initialization Error - error code: 0x80073b01 for MS Security Client


  • This topic is locked This topic is locked
20 replies to this topic

#1 baltzj

baltzj

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 08 December 2013 - 01:25 PM

On booting PC, I get an error box with the above message.  Outlook comes up OK but not IE.  I also get that when I attempt to run Microsoft Security Essentials.  How do I correct this issue?

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Baltz at 12:06:42 on 2013-12-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6057.3743 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\ProgramData\WPM\wprotectmanager.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon64.exe
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
C:\Program Files (x86)\Mobogenie\mgusb.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
uProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: <No Name>: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll
uURLSearchHooks: <No Name>: {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Toolbar BHO: {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Toolbar BHO: {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Search Assistant BHO: {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Search Assistant BHO: {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll
TB: FromDocToPDF: {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll
TB: VideoDownloadConverter: {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: FromDocToPDF: {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll
TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [FromDocToPDF EPM Support] "C:\PROGRA~2\FROMDO~2\bar\1.bin\65medint.exe" T8EPMSUP.DLL,S
mRun: [FromDocToPDF_65 Browser Plugin Loader 64] C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon64.exe
mRun: [VideoDownloadConverter EPM Support] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zmedint.exe" T8EPMSUP.DLL,S
mRun: [VideoDownloadConverter_4z Browser Plugin Loader 64] C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
StartupFolder: C:\Users\Baltz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\WINDOWS\Installer\{91140000-0011-0000-

0000-0000000FF1CE}\outicon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://billhighway.webex.com/client/T27LD/nbr/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslvpn.tyson.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{03DB1383-B319-4973-A330-B884465A5637} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3675BF30-7977-44A4-AC96-365C2B26E489} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-

user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
x64-mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
x64-mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
x64-mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [FromDocToPDF Home Page Guard 64 bit] "C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe"
x64-Run: [VideoDownloadConverter Home Page Guard 64 bit] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-9 55856]
R1 NEOFLTR_719_20893;Juniper Networks TDI Filter Driver (NEOFLTR_719_20893);C:\Windows\System32\drivers\NEOFLTR_719_20893.SYS [2012-5-28 99152]
R2 FromDocToPDF_65Service;FromDocToPDFService;C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe [2013-12-5 89160]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-9 1692480]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 VideoDownloadConverter_4zService;VideoDownloadConverterService;C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2013-12-6 88648]
R2 Wpm;Wpm Service;C:\ProgramData\WPM\wprotectmanager.exe -service --> C:\ProgramData\WPM\wprotectmanager.exe -service [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-9 317440]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam 600(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-9 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11

105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-

11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-25 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-08 17:34:29 -------- d-----w- C:\Program Files\McAfee Security Scan
2013-12-08 17:34:25 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5DCC9FD-11B7-4CE9-8D1C-

87CD3308B240}\mpengine.dll
2013-12-07 18:18:10 -------- d-----w- C:\Users\Baltz\AppData\Roaming\Optimizer Pro
2013-12-07 18:13:26 -------- d-----w- C:\Users\Baltz\AppData\Local\cache
2013-12-07 18:13:25 -------- d-----w- C:\Users\Baltz\AppData\Local\Mobogenie
2013-12-07 18:13:22 -------- d-----w- C:\ProgramData\WPM
2013-12-07 18:12:24 -------- d-----w- C:\Program Files (x86)\Mobogenie
2013-12-07 18:12:17 -------- d-----w- C:\Program Files (x86)\Mysearchdial
2013-12-07 17:03:32 -------- d-----w- C:\Users\Baltz\AppData\Local\Diagnostics
2013-12-07 15:35:54 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-12-07 15:27:15 -------- d-----w- C:\Program Files\HitmanPro
2013-12-07 15:26:18 -------- d-----w- C:\ProgramData\HitmanPro
2013-12-07 15:21:27 10285968 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-07 02:19:35 -------- d-----w- C:\Users\Baltz\AppData\Local\VideoDownloadConverter_4z
2013-12-07 02:19:28 -------- d-----w- C:\Program Files (x86)\VideoDownloadConverter
2013-12-07 02:19:16 -------- d-----w- C:\Program Files (x86)\VideoDownloadConverter_4z
2013-12-06 13:28:26 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-12-06 13:28:26 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B42B3E71-84D7-4715-AE3D-

0575DFEE954C}\gapaengine.dll
2013-12-06 00:24:50 -------- d-----w- C:\Users\Baltz\AppData\Local\IAC
2013-12-06 00:24:49 -------- d-----w- C:\Users\Baltz\AppData\Local\FromDocToPDF_65
2013-12-06 00:24:21 -------- d-----w- C:\Program Files (x86)\FromDocToPDF_65
2013-12-03 22:49:03 -------- d-----w- C:\ProgramData\McAfee Security Scan
2013-12-01 04:55:12 -------- d-----w- C:\Windows\Migration
2013-12-01 04:44:56 -------- d-----w- C:\ProgramData\Oracle
2013-12-01 04:44:24 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-01 04:35:48 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-11-25 16:13:00 -------- d-----w- C:\Users\Baltz\AppData\Local\{B2727E6A-80F2-48B2-BA65-974A8A6DE987}
2013-11-25 16:10:38 -------- d-----w- C:\Users\Baltz\AppData\Local\{0917D490-012C-47FA-AF0E-D58A537CEF27}
2013-11-25 16:09:42 -------- d-----w- C:\Users\Baltz\AppData\Local\{18986926-7AB9-4CC5-BE7E-0906EE30580B}
.
==================== Find3M  ====================
.
2013-12-03 22:48:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-03 22:48:58 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 15:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 15:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-12 03:21:54 863344 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 03:21:54 501872 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 03:21:54 28776 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2013-09-12 03:21:54 18000 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-09-12 01:39:06 855664 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2013-09-12 01:39:06 614000 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2013-09-12 01:39:06 30312 ----a-w- C:\Windows\System32\aspnet_counters.dll
2013-09-12 01:39:06 18000 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
.
============= FINISH: 12:07:04.22 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 08 December 2013 - 01:48 PM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 baltzj

baltzj
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 09 December 2013 - 07:07 PM

  1. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2013
    Ran by Baltz (administrator) on OFFICEDESKTOP on 09-12-2013 18:00:02
    Running from C:\Users\Baltz\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
    (COMPANYVERS_NAME) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    ( ) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe
    ( ) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (COMPANYVERS_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
    (RealVNC Ltd.) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (VER_COMPANY_NAME) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon64.exe
    (VER_COMPANY_NAME) C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe
    () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
    HKLM\...\Run: [HotKeysCmds] - "C:\Windows\system32\hkcmd.exe"
    HKLM\...\Run: [FromDocToPDF Home Page Guard 64 bit] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe [485448 2013-12-05] ( )
    HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe [485448 2013-12-06] ( )
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
    HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [FromDocToPDF EPM Support] - "C:\PROGRA~2\FROMDO~2\bar\1.bin\65medint.exe" T8EPMSUP.DLL,S
    HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader 64] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon64.exe [71240 2013-12-05] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [VideoDownloadConverter EPM Support] - "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zmedint.exe" T8EPMSUP.DLL,S
    HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader 64] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe [71752 2013-12-06] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [747712 2013-12-07] ()
    AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL [ ] ()
    Startup: C:\Users\Baltz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
    ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
    URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKLM-x32 - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^MI0000^us&si=CPPRmcCqmrsCFWRk7AodPnYAuw&ptb=159A4BA7-C9D2-4C9F-992E-EA44649B9997&ind=2013120519&n=77fdc807&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
    Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
    Toolbar: HKCU - No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} -  No File
    Toolbar: HKCU - No Name - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} -  No File
    DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://billhighway.webex.com/client/T27LD/nbr/ieatgpc1.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sslvpn.tyson.com/dana-cached/sc/JuniperSetupClient.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    Chrome:
    =======
    CHR HomePage: hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
    CHR RestoreOnStartup: "hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX"
    CHR DefaultSearchKeyword: aartemis
    CHR DefaultSearchProvider:       "name": "First user"
    CHR DefaultSearchURL: http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Extension: (Extended Protection) - C:\Users\Baltz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0
    CHR Extension: (Skype Click to Call) - C:\Users\Baltz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
    CHR Extension: (Google Wallet) - C:\Users\Baltz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
    CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Baltz\AppData\Local\mysearchdial-speeddial.crx
    CHR HKLM-x32\...\Chrome\Extension: [ippenodjaoidmkkfdlmdhofiebnpjddb] - C:\Program Files (x86)\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
    CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://aartemis.com/?type=sc&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX

    ==================== Services (Whitelisted) =================

    R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [89160 2013-12-05] (COMPANYVERS_NAME)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
    R2 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [88648 2013-12-06] (COMPANYVERS_NAME)
    R2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)
    R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [499856 2013-12-07] (Cherished Technololgy LIMITED)

    ==================== Drivers (Whitelisted) ====================

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
    R1 NEOFLTR_719_20893; C:\Windows\system32\Drivers\NEOFLTR_719_20893.SYS [99152 2012-05-04] (Juniper Networks)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2013-12-09 18:00 - 2013-12-09 18:00 - 00016382 _____ C:\Users\Baltz\Downloads\FRST.txt
    2013-12-09 17:59 - 2013-12-09 17:59 - 00000000 ____D C:\FRST
    2013-12-09 17:58 - 2013-12-09 17:59 - 01927982 _____ (Farbar) C:\Users\Baltz\Downloads\FRST64.exe
    2013-12-08 12:07 - 2013-12-08 12:09 - 00021253 _____ C:\Users\Baltz\Desktop\dds.txt
    2013-12-08 12:07 - 2013-12-08 12:09 - 00009183 _____ C:\Users\Baltz\Desktop\attach.txt
    2013-12-08 12:04 - 2013-12-08 12:05 - 00688992 ____R (Swearware) C:\Users\Baltz\Downloads\dds.com
    2013-12-08 11:34 - 2013-12-08 11:34 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2013-12-07 13:35 - 2013-12-07 13:35 - 00000452 _____ C:\Users\Baltz\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
    2013-12-07 12:18 - 2013-12-07 12:18 - 00000000 ____D C:\Users\Baltz\AppData\Roaming\Optimizer Pro
    2013-12-07 12:13 - 2013-12-09 17:55 - 00002208 _____ C:\Users\Baltz\daemonprocess.txt
    2013-12-07 12:13 - 2013-12-07 12:58 - 00000000 ____D C:\Users\Baltz\AppData\Local\Mobogenie
    2013-12-07 12:13 - 2013-12-07 12:29 - 00000000 ____D C:\Users\Baltz\AppData\Local\cache
    2013-12-07 12:13 - 2013-12-07 12:13 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
    2013-12-07 12:13 - 2013-12-07 12:13 - 00000000 ____D C:\Users\wangzhisong
    2013-12-07 12:13 - 2013-12-07 12:13 - 00000000 ____D C:\Users\Baltz\Documents\Mobogenie
    2013-12-07 12:13 - 2013-12-07 12:13 - 00000000 ____D C:\ProgramData\WPM
    2013-12-07 12:12 - 2013-12-08 12:12 - 00000292 _____ C:\Windows\Tasks\MySearchDial.job
    2013-12-07 12:12 - 2013-12-07 12:40 - 00000000 ____D C:\Program Files (x86)\Mysearchdial
    2013-12-07 12:12 - 2013-12-07 12:29 - 00000000 ____D C:\Program Files (x86)\Mobogenie
    2013-12-07 12:12 - 2013-12-07 12:13 - 00003242 _____ C:\Windows\System32\Tasks\MySearchDial
    2013-12-07 12:12 - 2013-12-07 12:12 - 00351124 _____ C:\Users\Baltz\AppData\Local\mysearchdial-speeddial.crx
    2013-12-07 12:12 - 2013-12-07 12:12 - 00000000 ____D C:\Users\Baltz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
    2013-12-07 12:12 - 2013-12-07 12:09 - 11125072 _____ (Microsoft Corporation) C:\Users\Baltz\Downloads\mseinstall [1].exe
    2013-12-07 10:05 - 2013-12-07 10:05 - 00002706 _____ C:\Users\Baltz\Desktop\RKreport[0]_D_12072013_100522.txt
    2013-12-07 10:00 - 2013-12-07 10:00 - 00002580 _____ C:\Users\Baltz\Desktop\RKreport[0]_S_12072013_100020.txt
    2013-12-07 09:59 - 2013-12-07 10:06 - 00000000 ____D C:\Users\Baltz\Desktop\RK_Quarantine
    2013-12-07 09:52 - 2013-12-07 09:52 - 04101441 _____ C:\Users\Baltz\Desktop\tdsskiller.zip
    2013-12-07 09:51 - 2013-12-07 09:51 - 00000000 ____D C:\Users\Baltz\Downloads\tdsskiller
    2013-12-07 09:48 - 2013-12-07 09:48 - 02218636 _____ C:\Users\Baltz\Desktop\tdsskiller.exe
    2013-12-07 09:41 - 2013-12-07 09:41 - 02218636 _____ C:\Users\Baltz\Downloads\tdsskiller.zip
    2013-12-07 09:37 - 2013-12-07 09:37 - 00075724 _____ C:\Users\Baltz\Desktop\HitmanPro_20131207_0936.log
    2013-12-07 09:35 - 2013-12-07 09:35 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
    2013-12-07 09:27 - 2013-12-07 09:27 - 00001855 _____ C:\Users\Public\Desktop\HitmanPro.lnk
    2013-12-07 09:27 - 2013-12-07 09:27 - 00000000 ____D C:\Program Files\HitmanPro
    2013-12-07 09:26 - 2013-12-07 09:37 - 00000000 ____D C:\ProgramData\HitmanPro
    2013-12-07 09:23 - 2013-12-07 09:23 - 10264904 _____ (SurfRight B.V.) C:\Users\Baltz\Downloads\HitmanPro_x64.exe
    2013-12-06 20:19 - 2013-12-06 20:19 - 00000000 ____D C:\Users\Baltz\AppData\Local\VideoDownloadConverter_4z
    2013-12-06 20:19 - 2013-12-06 20:19 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4z
    2013-12-06 20:19 - 2013-12-06 20:19 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter
    2013-12-05 18:24 - 2013-12-05 18:24 - 00000000 ____D C:\Users\Baltz\AppData\Local\IAC
    2013-12-05 18:24 - 2013-12-05 18:24 - 00000000 ____D C:\Users\Baltz\AppData\Local\FromDocToPDF_65
    2013-12-05 18:24 - 2013-12-05 18:24 - 00000000 ____D C:\Program Files (x86)\FromDocToPDF_65
    2013-12-03 16:49 - 2013-12-08 11:34 - 00001893 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2013-12-03 16:49 - 2013-12-03 16:49 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2013-11-30 23:02 - 2013-12-08 11:32 - 00002040 _____ C:\Users\Baltz\Desktop\Rkill.txt
    2013-11-30 22:44 - 2013-11-30 22:44 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2013-11-30 22:44 - 2013-11-30 22:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-11-30 22:44 - 2013-11-30 22:44 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-11-30 22:44 - 2013-11-30 22:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-11-30 22:44 - 2013-11-30 22:44 - 00000000 ____D C:\ProgramData\Oracle
    2013-11-30 22:44 - 2013-11-30 22:44 - 00000000 ____D C:\Program Files (x86)\Java
    2013-11-30 22:35 - 2013-11-30 22:35 - 00000000 ____D C:\Windows\system32\config\NisDrv
    2013-11-30 22:35 - 2013-11-30 22:35 - 00000000 ____D C:\Windows\system32\config\mpfilter
    2013-11-30 22:35 - 2013-11-30 22:35 - 00000000 ____D C:\Windows\system32\config\amd64
    2013-11-30 22:35 - 2013-11-30 22:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-11-30 22:35 - 2013-10-23 18:23 - 00185664 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll
    2013-11-30 22:35 - 2013-10-23 17:14 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll
    2013-11-30 20:06 - 2013-11-30 20:06 - 00003124 _____ C:\Windows\System32\Tasks\{773119B8-2A21-404A-BF20-A259727C4A18}
    2013-11-25 19:23 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
    2013-11-25 19:21 - 2013-11-25 19:21 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-11-25 19:21 - 2013-11-25 19:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-11-25 19:21 - 2013-11-25 19:21 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2013-11-25 19:21 - 2013-11-25 19:21 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-11-25 19:21 - 2013-11-25 19:21 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2013-11-25 19:21 - 2013-11-25 19:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2013-11-25 19:21 - 2013-11-25 19:21 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2013-11-25 19:21 - 2013-11-25 19:21 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2013-11-25 19:21 - 2013-11-25 19:21 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2013-11-25 19:21 - 2013-11-25 19:21 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2013-11-25 19:21 - 2013-11-25 19:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2013-11-25 19:20 - 2013-11-30 22:53 - 00008504 _____ C:\Windows\IE11_main.log
    2013-11-25 10:13 - 2013-11-25 10:13 - 00000000 ____D C:\Users\Baltz\AppData\Local\{B2727E6A-80F2-48B2-BA65-974A8A6DE987}
    2013-11-25 10:10 - 2013-11-25 10:10 - 00000000 ____D C:\Users\Baltz\AppData\Local\{0917D490-012C-47FA-AF0E-D58A537CEF27}
    2013-11-25 10:09 - 2013-11-25 10:09 - 00000000 ____D C:\Users\Baltz\AppData\Local\{18986926-7AB9-4CC5-BE7E-0906EE30580B}
    2013-11-13 21:07 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2013-11-13 21:07 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2013-11-13 21:07 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2013-11-13 21:07 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
    2013-11-13 21:07 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
    2013-11-13 21:07 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2013-11-13 21:07 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-11-13 21:07 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
    2013-11-13 21:07 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
    2013-11-13 21:07 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2013-11-13 21:07 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
    2013-11-13 21:07 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-11-13 21:07 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
    2013-11-13 21:07 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2013-11-13 21:07 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2013-11-13 21:07 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2013-11-13 21:07 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2013-11-13 21:07 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2013-11-13 21:07 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2013-11-13 21:07 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2013-11-13 21:07 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2013-11-13 21:07 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2013-11-13 21:07 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2013-11-13 21:07 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2013-11-13 21:07 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2013-11-13 21:07 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-11-13 21:07 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2013-11-13 21:07 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2013-11-13 21:07 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2013-11-13 21:07 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2013-11-09 16:55 - 2013-11-09 16:55 - 00018457 _____ C:\Users\Baltz\Documents\StoryCorps  Great Questions.txt

    ==================== One Month Modified Files and Folders =======

    2013-12-09 18:00 - 2013-12-09 18:00 - 00016382 _____ C:\Users\Baltz\Downloads\FRST.txt
    2013-12-09 17:59 - 2013-12-09 17:59 - 00000000 ____D C:\FRST
    2013-12-09 17:59 - 2013-12-09 17:58 - 01927982 _____ (Farbar) C:\Users\Baltz\Downloads\FRST64.exe
    2013-12-09 17:57 - 2012-03-12 09:15 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
    2013-12-09 17:55 - 2013-12-07 12:13 - 00002208 _____ C:\Users\Baltz\daemonprocess.txt
    2013-12-09 17:55 - 2012-01-09 07:31 - 01133741 _____ C:\Windows\WindowsUpdate.log
    2013-12-09 17:51 - 2012-03-12 19:28 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-12-09 17:51 - 2012-03-12 12:58 - 00000000 ____D C:\Users\Baltz\Documents\Outlook Files
    2013-12-09 17:51 - 2012-01-09 06:24 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2013-12-09 17:51 - 2012-01-09 06:24 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2013-12-09 17:51 - 2012-01-09 05:56 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2013-12-09 17:50 - 2012-03-13 12:30 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
    2013-12-09 17:50 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-12-09 17:50 - 2009-07-13 22:51 - 00281555 _____ C:\Windows\setupact.log
    2013-12-09 17:06 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-12-09 17:06 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-12-09 17:03 - 2012-03-12 19:28 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-12-08 19:05 - 2012-03-12 18:55 - 00000000 ____D C:\Users\Baltz\AppData\Roaming\Skype
    2013-12-08 16:39 - 2012-03-13 15:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
    2013-12-08 16:39 - 2012-03-13 12:30 - 00043225 _____ C:\Windows\system32\lvcoinst.log
    2013-12-08 16:39 - 2012-03-12 09:15 - 00003458 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
    2013-12-08 12:12 - 2013-12-07 12:12 - 00000292 _____ C:\Windows\Tasks\MySearchDial.job
    2013-12-08 12:09 - 2013-12-08 12:07 - 00021253 _____ C:\Users\Baltz\Desktop\dds.txt
    2013-12-08 12:09 - 2013-12-08 12:07 - 00009183 _____ C:\Users\Baltz\Desktop\attach.txt
    2013-12-08 12:05 - 2013-12-08 12:04 - 00688992 ____R (Swearware) C:\Users\Baltz\Downloads\dds.com
    2013-12-08 11:34 - 2013-12-08 11:34 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2013-12-08 11:34 - 2013-12-03 16:49 - 00001893 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2013-12-08 11:32 - 2013-11-30 23:02 - 00002040 _____ C:\Users\Baltz\Desktop\Rkill.txt
    2013-12-07 19:58 - 2012-03-12 19:28 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-12-07 19:58 - 2012-03-12 19:28 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2013-12-07 13:35 - 2013-12-07 13:35 - 00000452 _____ C:\Users\Baltz\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
    2013-12-07 12:58 - 2013-12-07 12:13 - 00000000 ____D C:\Users\Baltz\AppData\Local\Mobogenie
    2013-12-07 12:41 - 2010-11-20 21:47 - 00401368 _____ C:\Windows\PFRO.log
    2013-12-07 12:40 - 2013-12-07 12:12 - 00000000 ____D C:\Program Files (x86)\Mysearchdial
    2013-12-07 12:29 - 2013-12-07 12:13 - 00000000 ____D C:\Users\Baltz\AppData\Local\cache
    2013-12-07 12:29 - 2013-12-07 12:12 - 00000000 ____D C:\Program Files (x86)\Mobogenie
    2013-12-07 12:18 - 2013-12-07 12:18 - 00000000 ____D C:\Users\Baltz\AppData\Roaming\Optimizer Pro
    2013-12-07 12:13 - 2013-12-07 12:13 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
    2013-12-07 12:13 - 2013-12-07 12:13 - 00000000 ____D C:\Users\wangzhisong
    2013-12-07 12:13 - 2013-12-07 12:13 - 00000000 ____D C:\Users\Baltz\Documents\Mobogenie
    2013-12-07 12:13 - 2013-12-07 12:13 - 00000000 ____D C:\ProgramData\WPM
    2013-12-07 12:13 - 2013-12-07 12:12 - 00003242 _____ C:\Windows\System32\Tasks\MySearchDial
    2013-12-07 12:13 - 2012-07-22 11:05 - 00002365 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2013-12-07 12:13 - 2012-03-12 09:17 - 00001567 _____ C:\Users\Baltz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2013-12-07 12:13 - 2012-03-12 09:11 - 00000000 ____D C:\Users\Baltz
    2013-12-07 12:13 - 2008-12-22 10:59 - 00001447 _____ C:\Users\Baltz\Desktop\Internet Explorer.lnk
    2013-12-07 12:12 - 2013-12-07 12:12 - 00351124 _____ C:\Users\Baltz\AppData\Local\mysearchdial-speeddial.crx
    2013-12-07 12:12 - 2013-12-07 12:12 - 00000000 ____D C:\Users\Baltz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
    2013-12-07 12:09 - 2013-12-07 12:12 - 11125072 _____ (Microsoft Corporation) C:\Users\Baltz\Downloads\mseinstall [1].exe
    2013-12-07 11:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
    2013-12-07 10:06 - 2013-12-07 09:59 - 00000000 ____D C:\Users\Baltz\Desktop\RK_Quarantine
    2013-12-07 10:05 - 2013-12-07 10:05 - 00002706 _____ C:\Users\Baltz\Desktop\RKreport[0]_D_12072013_100522.txt
    2013-12-07 10:00 - 2013-12-07 10:00 - 00002580 _____ C:\Users\Baltz\Desktop\RKreport[0]_S_12072013_100020.txt
    2013-12-07 09:52 - 2013-12-07 09:52 - 04101441 _____ C:\Users\Baltz\Desktop\tdsskiller.zip
    2013-12-07 09:51 - 2013-12-07 09:51 - 00000000 ____D C:\Users\Baltz\Downloads\tdsskiller
    2013-12-07 09:48 - 2013-12-07 09:48 - 02218636 _____ C:\Users\Baltz\Desktop\tdsskiller.exe
    2013-12-07 09:41 - 2013-12-07 09:41 - 02218636 _____ C:\Users\Baltz\Downloads\tdsskiller.zip
    2013-12-07 09:37 - 2013-12-07 09:37 - 00075724 _____ C:\Users\Baltz\Desktop\HitmanPro_20131207_0936.log
    2013-12-07 09:37 - 2013-12-07 09:26 - 00000000 ____D C:\ProgramData\HitmanPro
    2013-12-07 09:35 - 2013-12-07 09:35 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
    2013-12-07 09:27 - 2013-12-07 09:27 - 00001855 _____ C:\Users\Public\Desktop\HitmanPro.lnk
    2013-12-07 09:27 - 2013-12-07 09:27 - 00000000 ____D C:\Program Files\HitmanPro
    2013-12-07 09:23 - 2013-12-07 09:23 - 10264904 _____ (SurfRight B.V.) C:\Users\Baltz\Downloads\HitmanPro_x64.exe
    2013-12-07 08:11 - 2009-07-13 23:08 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-12-06 20:19 - 2013-12-06 20:19 - 00000000 ____D C:\Users\Baltz\AppData\Local\VideoDownloadConverter_4z
    2013-12-06 20:19 - 2013-12-06 20:19 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter_4z
    2013-12-06 20:19 - 2013-12-06 20:19 - 00000000 ____D C:\Program Files (x86)\VideoDownloadConverter
    2013-12-05 18:24 - 2013-12-05 18:24 - 00000000 ____D C:\Users\Baltz\AppData\Local\IAC
    2013-12-05 18:24 - 2013-12-05 18:24 - 00000000 ____D C:\Users\Baltz\AppData\Local\FromDocToPDF_65
    2013-12-05 18:24 - 2013-12-05 18:24 - 00000000 ____D C:\Program Files (x86)\FromDocToPDF_65
    2013-12-05 13:54 - 2012-03-12 11:37 - 00001994 ____H C:\Users\Baltz\Documents\Default.rdp
    2013-12-03 16:49 - 2013-12-03 16:49 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2013-12-03 16:49 - 2012-03-12 18:59 - 00000000 ____D C:\Users\Baltz\AppData\Local\Adobe
    2013-12-03 16:48 - 2012-09-05 13:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-12-03 16:48 - 2012-01-09 05:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-12-01 18:00 - 2012-01-09 05:59 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-12-01 18:00 - 2012-01-09 05:58 - 00000000 ____D C:\ProgramData\Skype
    2013-11-30 22:57 - 2009-07-13 23:13 - 00800172 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-11-30 22:56 - 2011-02-10 10:10 - 00778744 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-11-30 22:53 - 2013-11-25 19:20 - 00008504 _____ C:\Windows\IE11_main.log
    2013-11-30 22:53 - 2012-01-09 07:30 - 00000000 ____D C:\Program Files (x86)\Intel
    2013-11-30 22:44 - 2013-11-30 22:44 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2013-11-30 22:44 - 2013-11-30 22:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-11-30 22:44 - 2013-11-30 22:44 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-11-30 22:44 - 2013-11-30 22:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-11-30 22:44 - 2013-11-30 22:44 - 00000000 ____D C:\ProgramData\Oracle
    2013-11-30 22:44 - 2013-11-30 22:44 - 00000000 ____D C:\Program Files (x86)\Java
    2013-11-30 22:42 - 2012-01-09 06:20 - 00000000 ____D C:\ProgramData\McAfee
    2013-11-30 22:36 - 2012-03-13 08:18 - 00001945 _____ C:\Windows\epplauncher.mif
    2013-11-30 22:35 - 2013-11-30 22:35 - 00000000 ____D C:\Windows\system32\config\NisDrv
    2013-11-30 22:35 - 2013-11-30 22:35 - 00000000 ____D C:\Windows\system32\config\mpfilter
    2013-11-30 22:35 - 2013-11-30 22:35 - 00000000 ____D C:\Windows\system32\config\amd64
    2013-11-30 22:35 - 2013-11-30 22:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-11-30 22:35 - 2012-03-13 08:18 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-11-30 22:20 - 2011-04-01 20:12 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Baltz\Desktop\rkill.exe
    2013-11-30 21:28 - 2010-09-04 21:47 - 00000361 _____ C:\rkill.log
    2013-11-30 20:06 - 2013-11-30 20:06 - 00003124 _____ C:\Windows\System32\Tasks\{773119B8-2A21-404A-BF20-A259727C4A18}
    2013-11-26 03:02 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
    2013-11-25 19:24 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2013-11-25 19:21 - 2013-11-25 19:21 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-11-25 19:21 - 2013-11-25 19:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-11-25 19:21 - 2013-11-25 19:21 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2013-11-25 19:21 - 2013-11-25 19:21 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-11-25 19:21 - 2013-11-25 19:21 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2013-11-25 19:21 - 2013-11-25 19:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2013-11-25 19:21 - 2013-11-25 19:21 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2013-11-25 19:21 - 2013-11-25 19:21 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2013-11-25 19:21 - 2013-11-25 19:21 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2013-11-25 19:21 - 2013-11-25 19:21 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2013-11-25 19:21 - 2013-11-25 19:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2013-11-25 19:21 - 2013-11-25 19:21 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2013-11-25 19:21 - 2013-11-25 19:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2013-11-25 10:13 - 2013-11-25 10:13 - 00000000 ____D C:\Users\Baltz\AppData\Local\{B2727E6A-80F2-48B2-BA65-974A8A6DE987}
    2013-11-25 10:10 - 2013-11-25 10:10 - 00000000 ____D C:\Users\Baltz\AppData\Local\{0917D490-012C-47FA-AF0E-D58A537CEF27}
    2013-11-25 10:09 - 2013-11-25 10:09 - 00000000 ____D C:\Users\Baltz\AppData\Local\{18986926-7AB9-4CC5-BE7E-0906EE30580B}
    2013-11-19 04:21 - 2010-11-20 21:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2013-11-13 22:40 - 2012-03-12 12:32 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-11-13 22:38 - 2013-08-04 17:22 - 00000000 ____D C:\Windows\system32\MRT
    2013-11-13 22:37 - 2012-03-13 10:06 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2013-11-12 05:04 - 2009-07-13 20:34 - 00000510 _____ C:\Windows\win.ini
    2013-11-09 16:55 - 2013-11-09 16:55 - 00018457 _____ C:\Users\Baltz\Documents\StoryCorps  Great Questions.txt

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-2079067318-85538360-2968753081-1001\$4a595a894a2c2cd151904d4b4c29ea05

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$4a595a894a2c2cd151904d4b4c29ea05

    Some content of TEMP:
    ====================
    C:\Users\Baltz\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
    C:\Users\Baltz\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\Baltz\AppData\Local\Temp\JuniperSetupClientInstaller.exe
    C:\Users\Baltz\AppData\Local\Temp\lowproc.exe
    C:\Users\Baltz\AppData\Local\Temp\MSN140E.exe
    C:\Users\Baltz\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Baltz\AppData\Local\Temp\ose00000.exe
    C:\Users\Baltz\AppData\Local\Temp\qc_e3f0f3ef_27e6_4ca8_8a7c_a3d761aa54bb_64.exe
    C:\Users\Baltz\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Baltz\AppData\Local\Temp\stubhelper.dll
    C:\Users\Baltz\AppData\Local\Temp\vlc-2.0.4-win32.exe
    C:\Users\Baltz\AppData\Local\Temp\vlc-2.0.6-win32.exe

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2013-11-30 12:42

    ==================== End Of Log ============================



#4 baltzj

baltzj
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 09 December 2013 - 07:08 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2013
Ran by Baltz at 2013-12-09 18:02:05
Running from C:\Users\Baltz\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.9.0.1030)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
BrowseSmart (Version: 2013.12.06.205904)
Conexant HD Audio (Version: 8.50.4.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.61)
Dell DataSafe Local Backup (x32 Version: 9.4.61)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Support Center (Version: 3.1.5803.11)
EPSON Printer Software
FromDocToPDF Internet Explorer Toolbar (x32)
Google Chrome (x32 Version: 31.0.1650.63)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.22.3)
GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880)
H&R Block Arkansas 2011 (x32 Version: 1.11.2601)
H&R Block Arkansas 2012 (x32 Version: 1.12.2201)
H&R Block Deluxe + Efile + State 2011 (x32 Version: 11.05.7102)
H&R Block Deluxe + Efile + State 2012 (x32 Version: 12.05.7802)
HitmanPro 3.7 (Version: 3.7.8.208)
Intel® Processor Graphics (x32 Version: 9.17.10.3347)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java™ 6 Update 27 (64-bit) (Version: 6.0.270)
Juniper Networks Secure Application Manager (x32 Version: 7.1.9.20893)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.9.20595)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.10)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mobogenie (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Pdf995 (installed by H&R Block) (x32)
PdfEdit995 (installed by H&R Block) (x32)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.10 (x32 Version: 6.10.104)
swMSM (x32 Version: 12.0.0.1)
The Complete National Geographic (x32 Version: 1.59 build 1121)
The Complete National Geographic (x32 Version: 1.59.1121)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VideoDownloadConverter Internet Explorer Toolbar (x32)
VLC media player 2.0.6 (x32 Version: 2.0.6)
VNC Free Edition 4.1.3 (x32 Version: 4.1.3)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WPM17.8.0.3159 (x32 Version: 17.8.0.3159)

==================== Restore Points  =========================

05-12-2013 03:37:06 Windows Update
05-12-2013 04:34:03 Windows Update
05-12-2013 10:52:19 Windows Update
05-12-2013 14:01:18 Windows Update
05-12-2013 16:02:01 Windows Update
05-12-2013 17:46:42 Windows Update
05-12-2013 21:23:43 Windows Update
05-12-2013 22:51:18 Windows Update
06-12-2013 02:15:13 Windows Update
06-12-2013 03:56:00 Windows Update
06-12-2013 14:55:07 Windows Update
06-12-2013 15:49:21 Windows Update
06-12-2013 16:04:23 Windows Update
06-12-2013 17:28:44 Windows Update
06-12-2013 20:12:03 Windows Update
06-12-2013 20:26:30 Windows Update
06-12-2013 21:59:51 Windows Update
06-12-2013 22:54:19 Windows Update
07-12-2013 01:02:12 Windows Update
07-12-2013 03:14:41 Windows Update
07-12-2013 14:21:13 Windows Update
07-12-2013 15:37:55 Windows Update
07-12-2013 17:09:56 Windows Update
07-12-2013 17:30:30 Windows Update
07-12-2013 18:05:58 Windows Update
07-12-2013 19:39:29 Windows Update
07-12-2013 21:50:10 Windows Update
08-12-2013 02:44:06 Windows Update
08-12-2013 13:40:50 Windows Update
08-12-2013 18:38:23 Windows Update
08-12-2013 21:32:42 Windows Update
08-12-2013 23:00:09 Windows Update
09-12-2013 01:05:44 Windows Update
09-12-2013 04:08:45 Windows Update
09-12-2013 11:36:10 Windows Update
09-12-2013 15:10:52 Windows Update
09-12-2013 19:54:07 Windows Update

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1C4BA1F9-47FC-4780-859E-543CB7CA58C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12] (Google Inc.)
Task: {748FB00A-EF3A-42BC-9C14-0F6686C2CA82} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {9EC9F90C-FB99-4C84-8E75-79F43EC113F3} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {BCF22F00-E2E1-45CE-BA19-A4190ACF9085} - System32\Tasks\MySearchDial => C:\Users\Baltz\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE
Task: {D5FAD2C0-0E00-4D30-9C59-18BBECC06441} - System32\Tasks\0 => Iexplore.exe
Task: {F37D2847-77C1-465E-9EE7-7C13D936CC02} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {F493C3AC-3AEC-4E10-82E2-0E815F73FA97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Baltz\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2012-01-09 07:14 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Baltz\Documents\Congratulations.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Dave's Departure Pic # 4 Airport.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\February 12, 2006.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Fr. David & Sister Ester.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Fr. David at New Well 10-23-08.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Fr. David on Cub Tractor.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Fr. David's Lodonga Cook.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Fr. David.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Fr. Dqvid & Sister Ester.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\From The Archives,.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Fw Letter From Outback--w-o attachment.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Fw Paul Harvey( I hope ya'll can figure this one out).eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Fwd_ Lawrence 1 of 3.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Fw_ Burial of Fr_ Luigi_ 07 - #2.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\gmail.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Health--Good & Bad_ 07 - #4.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Jerry & Easter_ 07 - #5.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Letter 2.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Letter to Marcia Jackson.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Letter.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Living Life_ 06 - #6.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Missionary Travels_ 06 -- #7.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Mt_ Kei from Lobe trading center.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Pics.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Sara & Thomas Raking Leaves.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Sara and Thomas line drawers.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\sara and thomas line drawings.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\updated  -- Margaret Bacher's House Inventory - 020202.eml:OECustomProperty
AlternateDataStreams: C:\Users\Baltz\Documents\Weight & Dieting_ 04 - #5.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2013 05:52:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 05:03:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 01:16:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 08:49:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 05:19:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 09:33:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 06:40:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (12/08/2013 04:16:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (12/08/2013 04:15:43 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (12/06/2013 00:41:32 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (12/06/2013 00:41:32 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (12/06/2013 00:41:32 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (12/06/2013 00:41:32 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (12/06/2013 00:41:32 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (12/06/2013 00:41:32 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (12/06/2013 00:41:32 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (12/06/2013 00:41:32 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Microsoft Office Sessions:
=========================
Error: (12/09/2013 05:52:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 05:03:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 01:16:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 08:49:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 05:19:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 09:33:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 06:40:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 6056.63 MB
Available physical RAM: 4372.49 MB
Total Pagefile: 12111.44 MB
Available Pagefile: 10478.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:799.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 5C357AEC)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 baltzj

baltzj
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 09 December 2013 - 07:27 PM

I  couldn't find a tdskiller log, so am copying report created:

18:24:19.0733 0x0bb0 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50

18:24:22.0915 0x0bb0 ============================================================

18:24:22.0915 0x0bb0 Current date / time: 2013/12/09 18:24:22.0915

18:24:22.0915 0x0bb0 SystemInfo:

18:24:22.0915 0x0bb0

18:24:22.0915 0x0bb0 OS Version: 6.1.7601 ServicePack: 1.0

18:24:22.0915 0x0bb0 Product type: Workstation

18:24:22.0915 0x0bb0 ComputerName: OFFICEDESKTOP

18:24:22.0915 0x0bb0 UserName: Baltz

18:24:22.0915 0x0bb0 Windows directory: C:\Windows

18:24:22.0915 0x0bb0 System windows directory: C:\Windows

18:24:22.0915 0x0bb0 Running under WOW64

18:24:22.0915 0x0bb0 Processor architecture: Intel x64

18:24:22.0915 0x0bb0 Number of processors: 4

18:24:22.0915 0x0bb0 Page size: 0x1000

18:24:22.0915 0x0bb0 Boot type: Normal boot

18:24:22.0915 0x0bb0 ============================================================

18:24:24.0569 0x0bb0 KLMD registered as C:\Windows\system32\drivers\02862135.sys

18:24:24.0725 0x0bb0 System UUID: {EE660C1F-2FE4-4327-2F0C-1370DA23758D}

18:24:25.0084 0x0bb0 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:24:25.0099 0x0bb0 ============================================================

18:24:25.0099 0x0bb0 \Device\Harddisk0\DR0:

18:24:25.0099 0x0bb0 MBR partitions:

18:24:25.0099 0x0bb0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000

18:24:25.0099 0x0bb0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x72953000

18:24:25.0099 0x0bb0 ============================================================

18:24:25.0115 0x0bb0 C: <-> \Device\Harddisk0\DR0\Partition2

18:24:25.0115 0x0bb0 ============================================================

18:24:25.0115 0x0bb0 Initialize success

18:24:25.0115 0x0bb0 ============================================================

18:24:28.0219 0x0b8c ============================================================

18:24:28.0219 0x0b8c Scan started

18:24:28.0219 0x0b8c Mode: Manual;

18:24:28.0219 0x0b8c ============================================================

18:24:28.0219 0x0b8c KSN ping started

18:24:42.0166 0x0b8c KSN ping finished: true

18:24:42.0696 0x0b8c ================ Scan system memory ========================

18:24:42.0696 0x0b8c System memory - ok

18:24:42.0712 0x0b8c ================ Scan services =============================

18:24:42.0821 0x0b8c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

18:24:42.0821 0x0b8c 1394ohci - ok

18:24:42.0852 0x0b8c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys

18:24:42.0852 0x0b8c ACPI - ok

18:24:42.0868 0x0b8c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

18:24:42.0868 0x0b8c AcpiPmi - ok

18:24:42.0961 0x0b8c [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

18:24:42.0977 0x0b8c AdobeARMservice - ok

18:24:43.0008 0x0b8c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

18:24:43.0008 0x0b8c adp94xx - ok

18:24:43.0039 0x0b8c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys

18:24:43.0039 0x0b8c adpahci - ok

18:24:43.0039 0x0b8c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

18:24:43.0055 0x0b8c adpu320 - ok

18:24:43.0071 0x0b8c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

18:24:43.0071 0x0b8c AeLookupSvc - ok

18:24:43.0117 0x0b8c [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys

18:24:43.0117 0x0b8c AFD - ok

18:24:43.0133 0x0b8c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys

18:24:43.0133 0x0b8c agp440 - ok

18:24:43.0149 0x0b8c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe

18:24:43.0149 0x0b8c ALG - ok

18:24:43.0180 0x0b8c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys

18:24:43.0180 0x0b8c aliide - ok

18:24:43.0195 0x0b8c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys

18:24:43.0195 0x0b8c amdide - ok

18:24:43.0211 0x0b8c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

18:24:43.0211 0x0b8c AmdK8 - ok

18:24:43.0227 0x0b8c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

18:24:43.0227 0x0b8c AmdPPM - ok

18:24:43.0242 0x0b8c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys

18:24:43.0242 0x0b8c amdsata - ok

18:24:43.0273 0x0b8c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

18:24:43.0273 0x0b8c amdsbs - ok

18:24:43.0289 0x0b8c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys

18:24:43.0289 0x0b8c amdxata - ok

18:24:43.0305 0x0b8c [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys

18:24:43.0305 0x0b8c AppID - ok

18:24:43.0320 0x0b8c [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll

18:24:43.0320 0x0b8c AppIDSvc - ok

18:24:43.0351 0x0b8c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll

18:24:43.0351 0x0b8c Appinfo - ok

18:24:43.0367 0x0b8c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys

18:24:43.0383 0x0b8c arc - ok

18:24:43.0383 0x0b8c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys

18:24:43.0383 0x0b8c arcsas - ok

18:24:43.0476 0x0b8c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

18:24:43.0476 0x0b8c aspnet_state - ok

18:24:43.0507 0x0b8c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

18:24:43.0507 0x0b8c AsyncMac - ok

18:24:43.0523 0x0b8c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys

18:24:43.0523 0x0b8c atapi - ok

18:24:43.0617 0x0b8c [ 96ABF88241F90FF647E55C934C55C2F1, DC9EBDD132BC6A1A79A768C575C962B19DB9805C490F926BE8D4804164A2CD7F ] athr C:\Windows\system32\DRIVERS\athrx.sys

18:24:43.0663 0x0b8c athr - ok

18:24:43.0695 0x0b8c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

18:24:43.0695 0x0b8c AudioEndpointBuilder - ok

18:24:43.0710 0x0b8c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll

18:24:43.0726 0x0b8c AudioSrv - ok

18:24:43.0757 0x0b8c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll

18:24:43.0757 0x0b8c AxInstSV - ok

18:24:43.0773 0x0b8c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

18:24:43.0788 0x0b8c b06bdrv - ok

18:24:43.0804 0x0b8c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

18:24:43.0804 0x0b8c b57nd60a - ok

18:24:43.0835 0x0b8c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll

18:24:43.0835 0x0b8c BDESVC - ok

18:24:43.0851 0x0b8c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys

18:24:43.0851 0x0b8c Beep - ok

18:24:43.0897 0x0b8c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll

18:24:43.0897 0x0b8c BFE - ok

18:24:43.0944 0x0b8c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll

18:24:43.0960 0x0b8c BITS - ok

18:24:43.0975 0x0b8c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

18:24:43.0975 0x0b8c blbdrive - ok

18:24:44.0007 0x0b8c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

18:24:44.0007 0x0b8c bowser - ok

18:24:44.0038 0x0b8c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

18:24:44.0038 0x0b8c BrFiltLo - ok

18:24:44.0053 0x0b8c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

18:24:44.0053 0x0b8c BrFiltUp - ok

18:24:44.0085 0x0b8c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll

18:24:44.0085 0x0b8c Browser - ok

18:24:44.0116 0x0b8c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys

18:24:44.0116 0x0b8c Brserid - ok

18:24:44.0131 0x0b8c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

18:24:44.0131 0x0b8c BrSerWdm - ok

18:24:44.0131 0x0b8c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

18:24:44.0147 0x0b8c BrUsbMdm - ok

18:24:44.0147 0x0b8c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

18:24:44.0147 0x0b8c BrUsbSer - ok

18:24:44.0147 0x0b8c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

18:24:44.0147 0x0b8c BTHMODEM - ok

18:24:44.0163 0x0b8c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll

18:24:44.0163 0x0b8c bthserv - ok

18:24:44.0178 0x0b8c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

18:24:44.0178 0x0b8c cdfs - ok

18:24:44.0225 0x0b8c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

18:24:44.0225 0x0b8c cdrom - ok

18:24:44.0241 0x0b8c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll

18:24:44.0241 0x0b8c CertPropSvc - ok

18:24:44.0287 0x0b8c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys

18:24:44.0287 0x0b8c circlass - ok

18:24:44.0319 0x0b8c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys

18:24:44.0319 0x0b8c CLFS - ok

18:24:44.0381 0x0b8c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:24:44.0381 0x0b8c clr_optimization_v2.0.50727_32 - ok

18:24:44.0412 0x0b8c [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:24:44.0412 0x0b8c clr_optimization_v2.0.50727_64 - ok

18:24:44.0459 0x0b8c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:24:44.0459 0x0b8c clr_optimization_v4.0.30319_32 - ok

18:24:44.0475 0x0b8c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:24:44.0475 0x0b8c clr_optimization_v4.0.30319_64 - ok

18:24:44.0490 0x0b8c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

18:24:44.0490 0x0b8c CmBatt - ok

18:24:44.0506 0x0b8c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys

18:24:44.0506 0x0b8c cmdide - ok

18:24:44.0553 0x0b8c [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys

18:24:44.0568 0x0b8c CNG - ok

18:24:44.0646 0x0b8c [ 5C855932E4DF00B1B6F5F6F57E82B6C5, 6E33BC6E079E883837DA7E625DDFC71A3757B9F15C97A46D405823E1FE45932C ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys

18:24:44.0662 0x0b8c CnxtHdAudService - ok

18:24:44.0677 0x0b8c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

18:24:44.0677 0x0b8c Compbatt - ok

18:24:44.0693 0x0b8c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

18:24:44.0693 0x0b8c CompositeBus - ok

18:24:44.0709 0x0b8c COMSysApp - ok

18:24:44.0755 0x0b8c [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

18:24:44.0771 0x0b8c cphs - ok

18:24:44.0771 0x0b8c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

18:24:44.0771 0x0b8c crcdisk - ok

18:24:44.0802 0x0b8c [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll

18:24:44.0802 0x0b8c CryptSvc - ok

18:24:44.0849 0x0b8c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll

18:24:44.0849 0x0b8c DcomLaunch - ok

18:24:44.0896 0x0b8c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll

18:24:44.0911 0x0b8c defragsvc - ok

18:24:44.0927 0x0b8c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys

18:24:44.0927 0x0b8c DfsC - ok

18:24:44.0943 0x0b8c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll

18:24:44.0958 0x0b8c Dhcp - ok

18:24:44.0958 0x0b8c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys

18:24:44.0958 0x0b8c discache - ok

18:24:44.0974 0x0b8c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys

18:24:44.0974 0x0b8c Disk - ok

18:24:45.0005 0x0b8c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll

18:24:45.0021 0x0b8c Dnscache - ok

18:24:45.0036 0x0b8c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll

18:24:45.0036 0x0b8c dot3svc - ok

18:24:45.0052 0x0b8c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll

18:24:45.0052 0x0b8c DPS - ok

18:24:45.0067 0x0b8c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

18:24:45.0067 0x0b8c drmkaud - ok

18:24:45.0145 0x0b8c [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

18:24:45.0161 0x0b8c DXGKrnl - ok

18:24:45.0177 0x0b8c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll

18:24:45.0192 0x0b8c EapHost - ok

18:24:45.0286 0x0b8c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys

18:24:45.0333 0x0b8c ebdrv - ok

18:24:45.0348 0x0b8c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe

18:24:45.0348 0x0b8c EFS - ok

18:24:45.0426 0x0b8c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

18:24:45.0426 0x0b8c ehRecvr - ok

18:24:45.0442 0x0b8c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe

18:24:45.0442 0x0b8c ehSched - ok

18:24:45.0473 0x0b8c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys

18:24:45.0473 0x0b8c elxstor - ok

18:24:45.0489 0x0b8c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys

18:24:45.0489 0x0b8c ErrDev - ok

18:24:45.0520 0x0b8c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll

18:24:45.0520 0x0b8c EventSystem - ok

18:24:45.0535 0x0b8c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys

18:24:45.0535 0x0b8c exfat - ok

18:24:45.0551 0x0b8c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys

18:24:45.0551 0x0b8c fastfat - ok

18:24:45.0598 0x0b8c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe

18:24:45.0613 0x0b8c Fax - ok

18:24:45.0613 0x0b8c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys

18:24:45.0613 0x0b8c fdc - ok

18:24:45.0629 0x0b8c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll

18:24:45.0629 0x0b8c fdPHost - ok

18:24:45.0629 0x0b8c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll

18:24:45.0629 0x0b8c FDResPub - ok

18:24:45.0645 0x0b8c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

18:24:45.0645 0x0b8c FileInfo - ok

18:24:45.0660 0x0b8c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

18:24:45.0660 0x0b8c Filetrace - ok

18:24:45.0660 0x0b8c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

18:24:45.0660 0x0b8c flpydisk - ok

18:24:45.0676 0x0b8c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

18:24:45.0691 0x0b8c FltMgr - ok

18:24:45.0738 0x0b8c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll

18:24:45.0754 0x0b8c FontCache - ok

18:24:45.0801 0x0b8c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:24:45.0801 0x0b8c FontCache3.0.0.0 - ok

18:24:45.0879 0x0b8c [ B93082863A0AC17B23690611EE59E498, 22C72B3E71554B1666C5C1B7B26BD98D84D738207116B372A03E66837F0943A1 ] FromDocToPDF_65Service C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe

18:24:45.0879 0x0b8c FromDocToPDF_65Service - ok

18:24:45.0879 0x0b8c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

18:24:45.0894 0x0b8c FsDepends - ok

18:24:45.0910 0x0b8c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

18:24:45.0910 0x0b8c Fs_Rec - ok

18:24:45.0941 0x0b8c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

18:24:45.0957 0x0b8c fvevol - ok

18:24:45.0957 0x0b8c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

18:24:45.0957 0x0b8c gagp30kx - ok

18:24:45.0988 0x0b8c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll

18:24:46.0003 0x0b8c gpsvc - ok

18:24:46.0035 0x0b8c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:24:46.0050 0x0b8c gupdate - ok

18:24:46.0066 0x0b8c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:24:46.0066 0x0b8c gupdatem - ok

18:24:46.0097 0x0b8c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

18:24:46.0113 0x0b8c gusvc - ok

18:24:46.0128 0x0b8c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

18:24:46.0128 0x0b8c hcw85cir - ok

18:24:46.0144 0x0b8c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

18:24:46.0144 0x0b8c HDAudBus - ok

18:24:46.0159 0x0b8c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

18:24:46.0159 0x0b8c HidBatt - ok

18:24:46.0175 0x0b8c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys

18:24:46.0175 0x0b8c HidBth - ok

18:24:46.0191 0x0b8c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys

18:24:46.0191 0x0b8c HidIr - ok

18:24:46.0191 0x0b8c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll

18:24:46.0191 0x0b8c hidserv - ok

18:24:46.0222 0x0b8c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys

18:24:46.0222 0x0b8c HidUsb - ok

18:24:46.0269 0x0b8c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll

18:24:46.0269 0x0b8c hkmsvc - ok

18:24:46.0300 0x0b8c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

18:24:46.0300 0x0b8c HomeGroupListener - ok

18:24:46.0315 0x0b8c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

18:24:46.0331 0x0b8c HomeGroupProvider - ok

18:24:46.0347 0x0b8c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

18:24:46.0347 0x0b8c HpSAMD - ok

18:24:46.0378 0x0b8c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys

18:24:46.0378 0x0b8c HTTP - ok

18:24:46.0409 0x0b8c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

18:24:46.0409 0x0b8c hwpolicy - ok

18:24:46.0440 0x0b8c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

18:24:46.0456 0x0b8c i8042prt - ok

18:24:46.0487 0x0b8c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

18:24:46.0503 0x0b8c iaStorV - ok

18:24:46.0565 0x0b8c [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:24:46.0581 0x0b8c idsvc - ok

18:24:46.0612 0x0b8c IEEtwCollectorService - ok

18:24:46.0768 0x0b8c [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

18:24:46.0846 0x0b8c igfx - ok

18:24:46.0861 0x0b8c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys

18:24:46.0877 0x0b8c iirsp - ok

18:24:46.0924 0x0b8c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll

18:24:46.0939 0x0b8c IKEEXT - ok

18:24:46.0955 0x0b8c [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

18:24:46.0971 0x0b8c IntcDAud - ok

18:24:46.0986 0x0b8c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys

18:24:46.0986 0x0b8c intelide - ok

18:24:46.0986 0x0b8c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

18:24:46.0986 0x0b8c intelppm - ok

18:24:47.0017 0x0b8c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll

18:24:47.0017 0x0b8c IPBusEnum - ok

18:24:47.0033 0x0b8c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:24:47.0033 0x0b8c IpFilterDriver - ok

18:24:47.0064 0x0b8c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll

18:24:47.0064 0x0b8c IpHlpSvc - ok

18:24:47.0080 0x0b8c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

18:24:47.0080 0x0b8c IPMIDRV - ok

18:24:47.0095 0x0b8c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys

18:24:47.0095 0x0b8c IPNAT - ok

18:24:47.0111 0x0b8c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys

18:24:47.0111 0x0b8c IRENUM - ok

18:24:47.0127 0x0b8c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys

18:24:47.0127 0x0b8c isapnp - ok

18:24:47.0142 0x0b8c [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

18:24:47.0142 0x0b8c iScsiPrt - ok

18:24:47.0158 0x0b8c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

18:24:47.0158 0x0b8c kbdclass - ok

18:24:47.0173 0x0b8c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

18:24:47.0173 0x0b8c kbdhid - ok

18:24:47.0205 0x0b8c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe

18:24:47.0205 0x0b8c KeyIso - ok

18:24:47.0236 0x0b8c [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

18:24:47.0236 0x0b8c KSecDD - ok

18:24:47.0251 0x0b8c [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

18:24:47.0251 0x0b8c KSecPkg - ok

18:24:47.0267 0x0b8c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

18:24:47.0267 0x0b8c ksthunk - ok

18:24:47.0298 0x0b8c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll

18:24:47.0298 0x0b8c KtmRm - ok

18:24:47.0345 0x0b8c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll

18:24:47.0345 0x0b8c LanmanServer - ok

18:24:47.0361 0x0b8c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

18:24:47.0361 0x0b8c LanmanWorkstation - ok

18:24:47.0392 0x0b8c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

18:24:47.0392 0x0b8c lltdio - ok

18:24:47.0423 0x0b8c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll

18:24:47.0423 0x0b8c lltdsvc - ok

18:24:47.0439 0x0b8c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll

18:24:47.0439 0x0b8c lmhosts - ok

18:24:47.0454 0x0b8c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

18:24:47.0454 0x0b8c LSI_FC - ok

18:24:47.0470 0x0b8c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

18:24:47.0470 0x0b8c LSI_SAS - ok

18:24:47.0485 0x0b8c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

18:24:47.0485 0x0b8c LSI_SAS2 - ok

18:24:47.0517 0x0b8c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

18:24:47.0517 0x0b8c LSI_SCSI - ok

18:24:47.0532 0x0b8c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys

18:24:47.0532 0x0b8c luafv - ok

18:24:47.0579 0x0b8c [ 0C85B2B6FB74B36A251792D45E0EF860, 2E04204560C1159ABC25F273B0B7F81FDF9BA5E88C17929FD924C4E945DE5020 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

18:24:47.0595 0x0b8c LVRS64 - ok

18:24:47.0735 0x0b8c [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

18:24:47.0813 0x0b8c LVUVC64 - ok

18:24:47.0985 0x0b8c [ 968BFF74AEB683C962960ECE0CAE4135, 3E08B39DE27FE27A27BD3E81486F0FCA1947D4B50BFE0167A0C27CE48DD56793 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe

18:24:47.0985 0x0b8c McComponentHostService - ok

18:24:48.0031 0x0b8c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

18:24:48.0031 0x0b8c Mcx2Svc - ok

18:24:48.0047 0x0b8c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys

18:24:48.0047 0x0b8c megasas - ok

18:24:48.0063 0x0b8c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

18:24:48.0063 0x0b8c MegaSR - ok

18:24:48.0094 0x0b8c [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

18:24:48.0094 0x0b8c MEIx64 - ok

18:24:48.0156 0x0b8c Microsoft SharePoint Workspace Audit Service - ok

18:24:48.0172 0x0b8c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll

18:24:48.0172 0x0b8c MMCSS - ok

18:24:48.0203 0x0b8c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys

18:24:48.0203 0x0b8c Modem - ok

18:24:48.0203 0x0b8c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

18:24:48.0203 0x0b8c monitor - ok

18:24:48.0219 0x0b8c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

18:24:48.0219 0x0b8c mouclass - ok

18:24:48.0250 0x0b8c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

18:24:48.0250 0x0b8c mouhid - ok

18:24:48.0250 0x0b8c [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

18:24:48.0250 0x0b8c mountmgr - ok

18:24:48.0297 0x0b8c [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

18:24:48.0297 0x0b8c MpFilter - ok

18:24:48.0312 0x0b8c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys

18:24:48.0312 0x0b8c mpio - ok

18:24:48.0343 0x0b8c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

18:24:48.0343 0x0b8c mpsdrv - ok

18:24:48.0375 0x0b8c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll

18:24:48.0375 0x0b8c MpsSvc - ok

18:24:48.0406 0x0b8c [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

18:24:48.0406 0x0b8c MRxDAV - ok

18:24:48.0437 0x0b8c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

18:24:48.0437 0x0b8c mrxsmb - ok

18:24:48.0468 0x0b8c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:24:48.0468 0x0b8c mrxsmb10 - ok

18:24:48.0468 0x0b8c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:24:48.0484 0x0b8c mrxsmb20 - ok

18:24:48.0515 0x0b8c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys

18:24:48.0515 0x0b8c msahci - ok

18:24:48.0531 0x0b8c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys

18:24:48.0531 0x0b8c msdsm - ok

18:24:48.0562 0x0b8c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe

18:24:48.0562 0x0b8c MSDTC - ok

18:24:48.0577 0x0b8c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys

18:24:48.0577 0x0b8c Msfs - ok

18:24:48.0593 0x0b8c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

18:24:48.0593 0x0b8c mshidkmdf - ok

18:24:48.0609 0x0b8c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

18:24:48.0609 0x0b8c msisadrv - ok

18:24:48.0640 0x0b8c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

18:24:48.0640 0x0b8c MSiSCSI - ok

18:24:48.0640 0x0b8c msiserver - ok

18:24:48.0655 0x0b8c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

18:24:48.0655 0x0b8c MSKSSRV - ok

18:24:48.0733 0x0b8c [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

18:24:48.0733 0x0b8c MsMpSvc - ok

18:24:48.0765 0x0b8c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

18:24:48.0765 0x0b8c MSPCLOCK - ok

18:24:48.0765 0x0b8c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

18:24:48.0780 0x0b8c MSPQM - ok

18:24:48.0796 0x0b8c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

18:24:48.0796 0x0b8c MsRPC - ok

18:24:48.0811 0x0b8c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

18:24:48.0811 0x0b8c mssmbios - ok

18:24:48.0827 0x0b8c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

18:24:48.0827 0x0b8c MSTEE - ok

18:24:48.0858 0x0b8c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

18:24:48.0858 0x0b8c MTConfig - ok

18:24:48.0874 0x0b8c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys

18:24:48.0874 0x0b8c Mup - ok

18:24:48.0905 0x0b8c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll

18:24:48.0905 0x0b8c napagent - ok

18:24:48.0936 0x0b8c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

18:24:48.0936 0x0b8c NativeWifiP - ok

18:24:48.0983 0x0b8c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys

18:24:48.0999 0x0b8c NDIS - ok

18:24:49.0014 0x0b8c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

18:24:49.0014 0x0b8c NdisCap - ok

18:24:49.0014 0x0b8c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

18:24:49.0014 0x0b8c NdisTapi - ok

18:24:49.0030 0x0b8c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

18:24:49.0030 0x0b8c Ndisuio - ok

18:24:49.0045 0x0b8c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

18:24:49.0045 0x0b8c NdisWan - ok

18:24:49.0061 0x0b8c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

18:24:49.0061 0x0b8c NDProxy - ok

18:24:49.0092 0x0b8c [ 54315426DC99D7A42AD498121397FDE5, 7B0FB0F140EB752F376CB978868341707952A9F2BCB44916B40CCAACEDF24DAC ] NEOFLTR_719_20893 C:\Windows\system32\Drivers\NEOFLTR_719_20893.SYS

18:24:49.0092 0x0b8c NEOFLTR_719_20893 - ok

18:24:49.0108 0x0b8c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

18:24:49.0108 0x0b8c NetBIOS - ok

18:24:49.0123 0x0b8c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

18:24:49.0139 0x0b8c NetBT - ok

18:24:49.0139 0x0b8c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe

18:24:49.0139 0x0b8c Netlogon - ok

18:24:49.0155 0x0b8c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll

18:24:49.0170 0x0b8c Netman - ok

18:24:49.0217 0x0b8c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:24:49.0217 0x0b8c NetMsmqActivator - ok

18:24:49.0233 0x0b8c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:24:49.0233 0x0b8c NetPipeActivator - ok

18:24:49.0264 0x0b8c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll

18:24:49.0279 0x0b8c netprofm - ok

18:24:49.0279 0x0b8c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:24:49.0279 0x0b8c NetTcpActivator - ok

18:24:49.0295 0x0b8c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:24:49.0295 0x0b8c NetTcpPortSharing - ok

18:24:49.0326 0x0b8c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

18:24:49.0326 0x0b8c nfrd960 - ok

18:24:49.0357 0x0b8c [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

18:24:49.0357 0x0b8c NisDrv - ok

18:24:49.0404 0x0b8c [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

18:24:49.0420 0x0b8c NisSrv - ok

18:24:49.0451 0x0b8c [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll

18:24:49.0467 0x0b8c NlaSvc - ok

18:24:49.0467 0x0b8c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys

18:24:49.0467 0x0b8c Npfs - ok

18:24:49.0482 0x0b8c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll

18:24:49.0482 0x0b8c nsi - ok

18:24:49.0498 0x0b8c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

18:24:49.0498 0x0b8c nsiproxy - ok

18:24:49.0545 0x0b8c [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

18:24:49.0576 0x0b8c Ntfs - ok

18:24:49.0576 0x0b8c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys

18:24:49.0576 0x0b8c Null - ok

18:24:49.0638 0x0b8c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys

18:24:49.0638 0x0b8c nvraid - ok

18:24:49.0669 0x0b8c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys

18:24:49.0669 0x0b8c nvstor - ok

18:24:49.0685 0x0b8c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

18:24:49.0685 0x0b8c nv_agp - ok

18:24:49.0701 0x0b8c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

18:24:49.0701 0x0b8c ohci1394 - ok

18:24:49.0763 0x0b8c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:24:49.0763 0x0b8c ose - ok

18:24:49.0919 0x0b8c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:24:49.0997 0x0b8c osppsvc - ok

18:24:50.0044 0x0b8c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

18:24:50.0044 0x0b8c p2pimsvc - ok

18:24:50.0059 0x0b8c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll

18:24:50.0059 0x0b8c p2psvc - ok

18:24:50.0075 0x0b8c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys

18:24:50.0091 0x0b8c Parport - ok

18:24:50.0106 0x0b8c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

18:24:50.0106 0x0b8c partmgr - ok

18:24:50.0122 0x0b8c [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll

18:24:50.0122 0x0b8c PcaSvc - ok

18:24:50.0137 0x0b8c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys

18:24:50.0137 0x0b8c pci - ok

18:24:50.0169 0x0b8c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys

18:24:50.0169 0x0b8c pciide - ok

18:24:50.0184 0x0b8c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

18:24:50.0184 0x0b8c pcmcia - ok

18:24:50.0215 0x0b8c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

18:24:50.0215 0x0b8c pcw - ok

18:24:50.0231 0x0b8c [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys

18:24:50.0247 0x0b8c PEAUTH - ok

18:24:50.0293 0x0b8c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

18:24:50.0293 0x0b8c PerfHost - ok

18:24:50.0340 0x0b8c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll

18:24:50.0371 0x0b8c pla - ok

18:24:50.0403 0x0b8c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

18:24:50.0403 0x0b8c PlugPlay - ok

18:24:50.0418 0x0b8c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

18:24:50.0418 0x0b8c PNRPAutoReg - ok

18:24:50.0418 0x0b8c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

18:24:50.0434 0x0b8c PNRPsvc - ok

18:24:50.0449 0x0b8c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

18:24:50.0449 0x0b8c PolicyAgent - ok

18:24:50.0481 0x0b8c [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll

18:24:50.0481 0x0b8c Power - ok

18:24:50.0496 0x0b8c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

18:24:50.0496 0x0b8c PptpMiniport - ok

18:24:50.0512 0x0b8c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys

18:24:50.0527 0x0b8c Processor - ok

18:24:50.0543 0x0b8c [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll

18:24:50.0543 0x0b8c ProfSvc - ok

18:24:50.0559 0x0b8c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe

18:24:50.0559 0x0b8c ProtectedStorage - ok

18:24:50.0574 0x0b8c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

18:24:50.0590 0x0b8c Psched - ok

18:24:50.0605 0x0b8c [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

18:24:50.0605 0x0b8c PxHlpa64 - ok

18:24:50.0652 0x0b8c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

18:24:50.0683 0x0b8c ql2300 - ok

18:24:50.0683 0x0b8c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

18:24:50.0699 0x0b8c ql40xx - ok

18:24:50.0715 0x0b8c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll

18:24:50.0715 0x0b8c QWAVE - ok

18:24:50.0730 0x0b8c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

18:24:50.0730 0x0b8c QWAVEdrv - ok

18:24:50.0730 0x0b8c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

18:24:50.0730 0x0b8c RasAcd - ok

18:24:50.0746 0x0b8c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

18:24:50.0746 0x0b8c RasAgileVpn - ok

18:24:50.0761 0x0b8c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll

18:24:50.0761 0x0b8c RasAuto - ok

18:24:50.0777 0x0b8c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

18:24:50.0777 0x0b8c Rasl2tp - ok

18:24:50.0808 0x0b8c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll

18:24:50.0808 0x0b8c RasMan - ok

18:24:50.0824 0x0b8c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

18:24:50.0824 0x0b8c RasPppoe - ok

18:24:50.0855 0x0b8c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

18:24:50.0855 0x0b8c RasSstp - ok

18:24:50.0855 0x0b8c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

18:24:50.0871 0x0b8c rdbss - ok

18:24:50.0886 0x0b8c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

18:24:50.0886 0x0b8c rdpbus - ok

18:24:50.0902 0x0b8c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

18:24:50.0902 0x0b8c RDPCDD - ok

18:24:50.0917 0x0b8c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

18:24:50.0917 0x0b8c RDPENCDD - ok

18:24:50.0933 0x0b8c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

18:24:50.0933 0x0b8c RDPREFMP - ok

18:24:50.0949 0x0b8c [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

18:24:50.0949 0x0b8c RDPWD - ok

18:24:50.0964 0x0b8c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

18:24:50.0980 0x0b8c rdyboost - ok

18:24:50.0995 0x0b8c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll

18:24:50.0995 0x0b8c RemoteAccess - ok

18:24:51.0011 0x0b8c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll

18:24:51.0011 0x0b8c RemoteRegistry - ok

18:24:51.0027 0x0b8c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

18:24:51.0027 0x0b8c RpcEptMapper - ok

18:24:51.0042 0x0b8c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe

18:24:51.0042 0x0b8c RpcLocator - ok

18:24:51.0073 0x0b8c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll

18:24:51.0073 0x0b8c RpcSs - ok

18:24:51.0089 0x0b8c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

18:24:51.0089 0x0b8c rspndr - ok

18:24:51.0120 0x0b8c [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

18:24:51.0136 0x0b8c RTL8167 - ok

18:24:51.0136 0x0b8c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe

18:24:51.0151 0x0b8c SamSs - ok

18:24:51.0151 0x0b8c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

18:24:51.0167 0x0b8c sbp2port - ok

18:24:51.0183 0x0b8c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll

18:24:51.0183 0x0b8c SCardSvr - ok

18:24:51.0198 0x0b8c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

18:24:51.0198 0x0b8c scfilter - ok

18:24:51.0229 0x0b8c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll

18:24:51.0245 0x0b8c Schedule - ok

18:24:51.0276 0x0b8c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll

18:24:51.0276 0x0b8c SCPolicySvc - ok

18:24:51.0276 0x0b8c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll

18:24:51.0292 0x0b8c SDRSVC - ok

18:24:51.0292 0x0b8c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys

18:24:51.0307 0x0b8c secdrv - ok

18:24:51.0307 0x0b8c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll

18:24:51.0307 0x0b8c seclogon - ok

18:24:51.0323 0x0b8c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll

18:24:51.0323 0x0b8c SENS - ok

18:24:51.0323 0x0b8c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll

18:24:51.0323 0x0b8c SensrSvc - ok

18:24:51.0339 0x0b8c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys

18:24:51.0339 0x0b8c Serenum - ok

18:24:51.0354 0x0b8c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys

18:24:51.0354 0x0b8c Serial - ok

18:24:51.0385 0x0b8c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys

18:24:51.0385 0x0b8c sermouse - ok

18:24:51.0401 0x0b8c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll

18:24:51.0401 0x0b8c SessionEnv - ok

18:24:51.0417 0x0b8c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

18:24:51.0417 0x0b8c sffdisk - ok

18:24:51.0417 0x0b8c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

18:24:51.0417 0x0b8c sffp_mmc - ok

18:24:51.0417 0x0b8c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

18:24:51.0417 0x0b8c sffp_sd - ok

18:24:51.0432 0x0b8c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

18:24:51.0432 0x0b8c sfloppy - ok

18:24:51.0495 0x0b8c [ 29DDEA72C5BDF61D62F4D438DC0E497C, 6A125EBC8B1377C1F5DFC441B843B0D6933C57678248CE1D23BF8D7A862F93FB ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

18:24:51.0526 0x0b8c SftService - ok

18:24:51.0557 0x0b8c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll

18:24:51.0557 0x0b8c SharedAccess - ok

18:24:51.0588 0x0b8c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

18:24:51.0588 0x0b8c ShellHWDetection - ok

18:24:51.0588 0x0b8c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

18:24:51.0588 0x0b8c SiSRaid2 - ok

18:24:51.0604 0x0b8c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

18:24:51.0604 0x0b8c SiSRaid4 - ok

18:24:51.0775 0x0b8c [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

18:24:51.0822 0x0b8c Skype C2C Service - ok

18:24:51.0885 0x0b8c [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

18:24:51.0885 0x0b8c SkypeUpdate - ok

18:24:51.0900 0x0b8c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys

18:24:51.0916 0x0b8c Smb - ok

18:24:51.0931 0x0b8c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

18:24:51.0931 0x0b8c SNMPTRAP - ok

18:24:51.0931 0x0b8c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys

18:24:51.0931 0x0b8c spldr - ok

18:24:51.0978 0x0b8c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe

18:24:51.0978 0x0b8c Spooler - ok

18:24:52.0087 0x0b8c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe

18:24:52.0150 0x0b8c sppsvc - ok

18:24:52.0181 0x0b8c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll

18:24:52.0181 0x0b8c sppuinotify - ok

18:24:52.0212 0x0b8c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys

18:24:52.0228 0x0b8c srv - ok

18:24:52.0243 0x0b8c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

18:24:52.0259 0x0b8c srv2 - ok

18:24:52.0275 0x0b8c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

18:24:52.0275 0x0b8c srvnet - ok

18:24:52.0290 0x0b8c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

18:24:52.0290 0x0b8c SSDPSRV - ok

18:24:52.0306 0x0b8c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll

18:24:52.0306 0x0b8c SstpSvc - ok

18:24:52.0321 0x0b8c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys

18:24:52.0321 0x0b8c stexstor - ok

18:24:52.0368 0x0b8c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll

18:24:52.0384 0x0b8c stisvc - ok

18:24:52.0399 0x0b8c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

18:24:52.0399 0x0b8c swenum - ok

18:24:52.0415 0x0b8c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll

18:24:52.0415 0x0b8c swprv - ok

18:24:52.0462 0x0b8c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll

18:24:52.0493 0x0b8c SysMain - ok

18:24:52.0509 0x0b8c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

18:24:52.0509 0x0b8c TabletInputService - ok

18:24:52.0524 0x0b8c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll

18:24:52.0540 0x0b8c TapiSrv - ok

18:24:52.0540 0x0b8c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll

18:24:52.0540 0x0b8c TBS - ok

18:24:52.0618 0x0b8c [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys

18:24:52.0649 0x0b8c Tcpip - ok

18:24:52.0711 0x0b8c [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

18:24:52.0743 0x0b8c TCPIP6 - ok

18:24:52.0743 0x0b8c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

18:24:52.0743 0x0b8c tcpipreg - ok

18:24:52.0758 0x0b8c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

18:24:52.0758 0x0b8c TDPIPE - ok

18:24:52.0774 0x0b8c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

18:24:52.0774 0x0b8c TDTCP - ok

18:24:52.0789 0x0b8c [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

18:24:52.0789 0x0b8c tdx - ok

18:24:52.0805 0x0b8c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

18:24:52.0805 0x0b8c TermDD - ok

18:24:52.0821 0x0b8c [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll

18:24:52.0836 0x0b8c TermService - ok

18:24:52.0852 0x0b8c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll

18:24:52.0852 0x0b8c Themes - ok

18:24:52.0867 0x0b8c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll

18:24:52.0867 0x0b8c THREADORDER - ok

18:24:52.0899 0x0b8c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll

18:24:52.0899 0x0b8c TrkWks - ok

18:24:52.0930 0x0b8c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

18:24:52.0930 0x0b8c TrustedInstaller - ok

18:24:52.0961 0x0b8c [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

18:24:52.0961 0x0b8c tssecsrv - ok

18:24:52.0977 0x0b8c [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

18:24:52.0977 0x0b8c TsUsbFlt - ok

18:24:52.0977 0x0b8c [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

18:24:52.0977 0x0b8c TsUsbGD - ok

18:24:53.0008 0x0b8c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

18:24:53.0008 0x0b8c tunnel - ok

18:24:53.0023 0x0b8c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

18:24:53.0023 0x0b8c uagp35 - ok

18:24:53.0039 0x0b8c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

18:24:53.0055 0x0b8c udfs - ok

18:24:53.0070 0x0b8c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe

18:24:53.0070 0x0b8c UI0Detect - ok

18:24:53.0070 0x0b8c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

18:24:53.0070 0x0b8c uliagpkx - ok

18:24:53.0070 0x0b8c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys

18:24:53.0070 0x0b8c umbus - ok

18:24:53.0086 0x0b8c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys

18:24:53.0086 0x0b8c UmPass - ok

18:24:53.0133 0x0b8c [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

18:24:53.0148 0x0b8c UMVPFSrv - ok

18:24:53.0164 0x0b8c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll

18:24:53.0164 0x0b8c upnphost - ok

18:24:53.0211 0x0b8c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

18:24:53.0211 0x0b8c usbaudio - ok

18:24:53.0242 0x0b8c [ 19AD7990C0B67E48DAC5B26F99628223, 2225A887A4723D2FF306ED9FF1249DA7177699EBE84A89FF040A35D3DB6382E4 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

18:24:53.0242 0x0b8c usbccgp - ok

18:24:53.0273 0x0b8c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys

18:24:53.0289 0x0b8c usbcir - ok

18:24:53.0289 0x0b8c [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

18:24:53.0289 0x0b8c usbehci - ok

18:24:53.0320 0x0b8c [ 8B892002D7B79312821169A14317AB86, CE722F48254152961E69FF83FBC25ED0E3AC73ECBA1625CA3E81E7B52817389B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

18:24:53.0320 0x0b8c usbhub - ok

18:24:53.0335 0x0b8c [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci C:\Windows\system32\drivers\usbohci.sys

18:24:53.0335 0x0b8c usbohci - ok

18:24:53.0367 0x0b8c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

18:24:53.0367 0x0b8c usbprint - ok

18:24:53.0382 0x0b8c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

18:24:53.0382 0x0b8c usbscan - ok

18:24:53.0382 0x0b8c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:24:53.0382 0x0b8c USBSTOR - ok

18:24:53.0398 0x0b8c [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

18:24:53.0398 0x0b8c usbuhci - ok

18:24:53.0413 0x0b8c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

18:24:53.0429 0x0b8c usbvideo - ok

18:24:53.0445 0x0b8c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll

18:24:53.0445 0x0b8c UxSms - ok

18:24:53.0460 0x0b8c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe

18:24:53.0460 0x0b8c VaultSvc - ok

18:24:53.0460 0x0b8c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

18:24:53.0460 0x0b8c vdrvroot - ok

18:24:53.0491 0x0b8c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe

18:24:53.0491 0x0b8c vds - ok

18:24:53.0507 0x0b8c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

18:24:53.0507 0x0b8c vga - ok

18:24:53.0523 0x0b8c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys

18:24:53.0523 0x0b8c VgaSave - ok

18:24:53.0554 0x0b8c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

18:24:53.0554 0x0b8c vhdmp - ok

18:24:53.0569 0x0b8c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys

18:24:53.0569 0x0b8c viaide - ok

18:24:53.0679 0x0b8c [ 42B9D6E7B18F7AD09CF47323E592D421, 94ED6430067AB2DCE286DD7673AB0EEF5C547B5113ACEC9E162970592AE8A935 ] VideoDownloadConverter_4zService C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe

18:24:53.0679 0x0b8c VideoDownloadConverter_4zService - ok

18:24:53.0694 0x0b8c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys

18:24:53.0694 0x0b8c volmgr - ok

18:24:53.0725 0x0b8c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

18:24:53.0725 0x0b8c volmgrx - ok

18:24:53.0757 0x0b8c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys

18:24:53.0757 0x0b8c volsnap - ok

18:24:53.0772 0x0b8c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

18:24:53.0772 0x0b8c vsmraid - ok

18:24:53.0881 0x0b8c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe

18:24:53.0913 0x0b8c VSS - ok

18:24:53.0928 0x0b8c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

18:24:53.0928 0x0b8c vwifibus - ok

18:24:53.0944 0x0b8c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

18:24:53.0959 0x0b8c vwififlt - ok

18:24:53.0959 0x0b8c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

18:24:53.0959 0x0b8c vwifimp - ok

18:24:53.0991 0x0b8c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll

18:24:53.0991 0x0b8c W32Time - ok

18:24:53.0991 0x0b8c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

18:24:53.0991 0x0b8c WacomPen - ok

18:24:54.0006 0x0b8c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

18:24:54.0006 0x0b8c WANARP - ok

18:24:54.0022 0x0b8c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

18:24:54.0022 0x0b8c Wanarpv6 - ok

18:24:54.0084 0x0b8c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

18:24:54.0100 0x0b8c WatAdminSvc - ok

18:24:54.0193 0x0b8c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe

18:24:54.0225 0x0b8c wbengine - ok

18:24:54.0256 0x0b8c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

18:24:54.0256 0x0b8c WbioSrvc - ok

18:24:54.0271 0x0b8c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll

18:24:54.0287 0x0b8c wcncsvc - ok

18:24:54.0287 0x0b8c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

18:24:54.0287 0x0b8c WcsPlugInService - ok

18:24:54.0303 0x0b8c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys

18:24:54.0303 0x0b8c Wd - ok

18:24:54.0334 0x0b8c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

18:24:54.0349 0x0b8c Wdf01000 - ok

18:24:54.0396 0x0b8c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll

18:24:54.0396 0x0b8c WdiServiceHost - ok

18:24:54.0396 0x0b8c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll

18:24:54.0396 0x0b8c WdiSystemHost - ok

18:24:54.0427 0x0b8c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll

18:24:54.0427 0x0b8c WebClient - ok

18:24:54.0443 0x0b8c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll

18:24:54.0443 0x0b8c Wecsvc - ok

18:24:54.0459 0x0b8c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll

18:24:54.0459 0x0b8c wercplsupport - ok

18:24:54.0474 0x0b8c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll

18:24:54.0474 0x0b8c WerSvc - ok

18:24:54.0490 0x0b8c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

18:24:54.0490 0x0b8c WfpLwf - ok

18:24:54.0521 0x0b8c [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

18:24:54.0521 0x0b8c WimFltr - ok

18:24:54.0537 0x0b8c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys

18:24:54.0537 0x0b8c WIMMount - ok

18:24:54.0552 0x0b8c WinDefend - ok

18:24:54.0583 0x0b8c WinHttpAutoProxySvc - ok

18:24:54.0630 0x0b8c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

18:24:54.0630 0x0b8c Winmgmt - ok

18:24:54.0693 0x0b8c [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll

18:24:54.0724 0x0b8c WinRM - ok

18:24:54.0771 0x0b8c [ F3EDC9909A02E6BCA863EB702D37B505, 7C102302884825366DFA9B58FBC8A686185C7A9BD47F83B6698B886E57DF6218 ] WinVNC4 C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe

18:24:54.0786 0x0b8c WinVNC4 - ok

18:24:54.0833 0x0b8c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll

18:24:54.0849 0x0b8c Wlansvc - ok

18:24:54.0895 0x0b8c [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

18:24:54.0895 0x0b8c wlcrasvc - ok

18:24:55.0020 0x0b8c [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:24:55.0051 0x0b8c wlidsvc - ok

18:24:55.0067 0x0b8c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

18:24:55.0067 0x0b8c WmiAcpi - ok

18:24:55.0083 0x0b8c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

18:24:55.0098 0x0b8c wmiApSrv - ok

18:24:55.0098 0x0b8c WMPNetworkSvc - ok

18:24:55.0098 0x0b8c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll

18:24:55.0114 0x0b8c WPCSvc - ok

18:24:55.0129 0x0b8c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

18:24:55.0129 0x0b8c WPDBusEnum - ok

18:24:55.0129 0x0b8c Wpm - ok

18:24:55.0145 0x0b8c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

18:24:55.0145 0x0b8c ws2ifsl - ok

18:24:55.0176 0x0b8c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll

18:24:55.0176 0x0b8c wscsvc - ok

18:24:55.0176 0x0b8c WSearch - ok

18:24:55.0270 0x0b8c [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll

18:24:55.0301 0x0b8c wuauserv - ok

18:24:55.0332 0x0b8c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

18:24:55.0332 0x0b8c WudfPf - ok

18:24:55.0348 0x0b8c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

18:24:55.0348 0x0b8c WUDFRd - ok

18:24:55.0363 0x0b8c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

18:24:55.0363 0x0b8c wudfsvc - ok

18:24:55.0395 0x0b8c [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll

18:24:55.0395 0x0b8c WwanSvc - ok

18:24:55.0410 0x0b8c ================ Scan global ===============================

18:24:55.0426 0x0b8c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll

18:24:55.0457 0x0b8c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

18:24:55.0457 0x0b8c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

18:24:55.0473 0x0b8c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

18:24:55.0488 0x0b8c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe

18:24:55.0504 0x0b8c [ Global ] - ok

18:24:55.0504 0x0b8c ================ Scan MBR ==================================

18:24:55.0519 0x0b8c [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

18:24:55.0644 0x0b8c \Device\Harddisk0\DR0 - ok

18:24:55.0644 0x0b8c ================ Scan VBR ==================================

18:24:55.0644 0x0b8c [ 72AA128FA7D39B62722ABA797A133287 ] \Device\Harddisk0\DR0\Partition1

18:24:55.0660 0x0b8c \Device\Harddisk0\DR0\Partition1 - ok

18:24:55.0660 0x0b8c [ 9874246E4F3355B25CFEF9E2EBD44084 ] \Device\Harddisk0\DR0\Partition2

18:24:55.0660 0x0b8c \Device\Harddisk0\DR0\Partition2 - ok

18:24:55.0675 0x0b8c Waiting for KSN requests completion. In queue: 287

18:24:56.0689 0x0b8c Waiting for KSN requests completion. In queue: 287

18:24:57.0703 0x0b8c Waiting for KSN requests completion. In queue: 287

18:24:58.0717 0x0b8c Waiting for KSN requests completion. In queue: 287

18:24:59.0731 0x0b8c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )

18:24:59.0731 0x0b8c Win FW state via NFP2: enabled

18:25:02.0664 0x0b8c ============================================================

18:25:02.0664 0x0b8c Scan finished

18:25:02.0664 0x0b8c ============================================================

18:25:02.0664 0x0f30 Detected object count: 0

18:25:02.0664 0x0f30 Actual detected object count: 0



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 10 December 2013 - 03:09 AM

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKLM\...\Run: [FromDocToPDF Home Page Guard 64 bit] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe [485448 2013-12-05] ( )
    HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe [485448 2013-12-
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
    HKLM-x32\...\Run: [FromDocToPDF EPM Support] - "C:\PROGRA~2\FROMDO~2\bar\1.bin\65medint.exe" T8EPMSUP.DLL,S
    HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader 64] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon64.exe [71240 2013-12-05] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [VideoDownloadConverter EPM Support] - "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zmedint.exe" T8EPMSUP.DLL,S
    HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader 64] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe [71752 2013-12-06] (VER_COMPANY_NAME)
    AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL [ ] ()
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
    URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKLM-x32 - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^MI0000^us&si=CPPRmcCqmrsCFWRk7AodPnYAuw&ptb=159A4BA7-C9D2-4C9F-992E-EA44649B9997&ind=2013120519&n=77fdc807&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
    BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
    BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
    BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
    Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
    Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
    Toolbar: HKCU - No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} -  No File
    Toolbar: HKCU - No Name - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} -  No File
    CHR HomePage: hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
    CHR RestoreOnStartup: "hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX"
    CHR DefaultSearchKeyword: aartemis
    CHR DefaultSearchProvider:       "name": "First user"
    CHR DefaultSearchURL: http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
    CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Baltz\AppData\Local\mysearchdial-speeddial.crx
    CHR HKLM-x32\...\Chrome\Extension: [ippenodjaoidmkkfdlmdhofiebnpjddb] - C:\Program Files (x86)\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx
    
    R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [89160 2013-12-05] (COMPANYVERS_NAME)
    R2 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [88648 2013-12-06] (COMPANYVERS_NAME)
    
    Task: {BCF22F00-E2E1-45CE-BA19-A4190ACF9085} - System32\Tasks\MySearchDial => C:\Users\Baltz\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE
    Task: {D5FAD2C0-0E00-4D30-9C59-18BBECC06441} - System32\Tasks\0 => Iexplore.exe
    
    C:\Program Files (x86)\VideoDownloadConverter_4z
    C:\Program Files (x86)\FromDocToPDF_65
    C:\Users\Baltz\AppData\Roaming\Optimizer Pro
    C:\Users\Baltz\daemonprocess.txt
    C:\Windows\Tasks\MySearchDial.job
    C:\Program Files (x86)\Mysearchdial
    C:\Windows\System32\Tasks\MySearchDial
    C:\Users\Baltz\AppData\Local\mysearchdial-speeddial.crx
    C:\Users\Baltz\Downloads\mseinstall [1].exe
    C:\Users\Baltz\AppData\Local\VideoDownloadConverter_4z
    C:\Program Files (x86)\VideoDownloadConverter_4z
    C:\Program Files (x86)\VideoDownloadConverter
    C:\Users\Baltz\AppData\Local\IAC
    C:\Users\Baltz\AppData\Local\FromDocToPDF_65
    C:\Users\Baltz\AppData\Roaming\MYSEAR~1
    C:\Program Files (x86)\FromDocToPDF_65
    C:\$Recycle.Bin\S-1-5-21-2079067318-85538360-2968753081-1001\$4a595a894a2c2cd151904d4b4c29ea05
    C:\$Recycle.Bin\S-1-5-18\$4a595a894a2c2cd151904d4b4c29ea05
    C:\Windows\Tasks\MySearchDial.job
    AlternateDataStreams: C:\ProgramData\Temp:373E1720
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 baltzj

baltzj
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 10 December 2013 - 09:18 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2013 01
Ran by Baltz at 2013-12-10 20:15:45 Run:1
Running from C:\Users\Baltz\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
• HKLM\...\Run: [FromDocToPDF Home Page Guard 64 bit] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe [485448 2013-12-05] ( )
• HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe [485448 2013-12-
• HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
• HKLM-x32\...\Run: [FromDocToPDF EPM Support] - "C:\PROGRA~2\FROMDO~2\bar\1.bin\65medint.exe" T8EPMSUP.DLL,S
• HKLM-x32\...\Run: [FromDocToPDF_65
• Browser Plugin Loader 64] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon64.exe [71240 2013-12-05] (VER_COMPANY_NAME)
• HKLM-x32\...\Run: [VideoDownloadConverter EPM Support] - "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zmedint.exe" T8EPMSUP.DLL,S
• HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader 64] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe [71752 2013-12-06] (VER_COMPANY_NAME)
• AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL [ ] ()
• HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
• HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
• http://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
• HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
• HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
• HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
• HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
• URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files
• (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
• URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
• StartMenuInternet: IEXPLORE.EXE - iexplore.exe
• SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
• SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
• SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
• SearchScopes: HKLM-x32 - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL =
• http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^MI0000^us&si=CPPRmcCqmrsCFWRk7AodPnYAuw&ptb=159A4BA7-C9D2-4C9F-992E-EA44649B9997&ind=2013120519&n=77fdc807&psa=&st=sb&searchfor={searchTerms}
• SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
• SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
• SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
• BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
• BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
• BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
• BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files
• (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
• Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
• Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
• Toolbar: HKCU - No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} -  No File
• Toolbar: HKCU - No Name - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} -  No File
• CHR HomePage: hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
• CHR RestoreOnStartup: "hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX"
• CHR DefaultSearchKeyword: aartemis
• CHR DefaultSearchProvider:       "name": "First user"
• CHR DefaultSearchURL:
• http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
• CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Baltz\AppData\Local\mysearchdial-speeddial.crx
• CHR HKLM-x32\...\Chrome\Extension: [ippenodjaoidmkkfdlmdhofiebnpjddb] - C:\Program Files (x86)\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx
• 
• R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [89160 2013-12-05] (COMPANYVERS_NAME)
• R2 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [88648 2013-12-06] (COMPANYVERS_NAME)
• 
• Task: {BCF22F00-E2E1-45CE-BA19-A4190ACF9085} - System32\Tasks\MySearchDial => C:\Users\Baltz\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE
• Task: {D5FAD2C0-0E00-4D30-9C59-18BBECC06441} - System32\Tasks\0 => Iexplore.exe
• 
• C:\Program Files (x86)\VideoDownloadConverter_4z
• C:\Program Files
• (x86)\FromDocToPDF_65
• C:\Users\Baltz\AppData\Roaming\Optimizer Pro
• C:\Users\Baltz\daemonprocess.txt
• C:\Windows\Tasks\MySearchDial.job
• C:\Program Files (x86)\Mysearchdial
• C:\Windows\System32\Tasks\MySearchDial
• C:\Users\Baltz\AppData\Local\mysearchdial-speeddial.crx
• C:\Users\Baltz\Downloads\mseinstall [1].exe
• C:\Users\Baltz\AppData\Local\VideoDownloadConverter_4z
• C:\Program Files (x86)\VideoDownloadConverter_4z
• C:\Program Files (x86)\VideoDownloadConverter
• C:\Users\Baltz\AppData\Local\IAC
• C:\Users\Baltz\AppData\Local\FromDocToPDF_65
• C:\Users\Baltz\AppData\Roaming\MYSEAR~1
• C:\Program Files (x86)\FromDocToPDF_65
• C:\$Recycle.Bin\S-1-5-21-2079067318-85538360-2968753081-1001\$4a595a894a2c2cd151904d4b4c29ea05
• C:\$Recycle.Bin\S-1-5-18\$4a595a894a2c2cd151904d4b4c29ea05
• C:\Windows\Tasks\MySearchDial.job
AlternateDataStreams: C:\ProgramData\Temp:373E1720

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\• FromDocToPDF Home Page Guard 64 bit => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\• VideoDownloadConverter Home Page Guard 64 bit => Value not found.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\• FromDocToPDF EPM Support => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\• HKLM-x32\...\Run: [FromDocToPDF_65 => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\• VideoDownloadConverter EPM Support => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\• VideoDownloadConverter_4z Browser Plugin Loader 64 => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\• {4c60e5ab-5c68-4c59-abaa-885010b24b32} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\• {93a3111f-4f74-4ed8-895e-d9708497629e} => Value not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\• {33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\CLSID\• {33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\• {77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
HKCR\CLSID\• {77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\• {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKCR\Wow6432Node\CLSID\• {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\• {33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\CLSID\• {33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\• {49606DC7-976D-4030-A74E-9FB5C842FA68} => Key not found.
HKCR\CLSID\• {49606DC7-976D-4030-A74E-9FB5C842FA68} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\• {6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCR\CLSID\• {6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} => Value deleted successfully.
HKCR\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} => Value deleted successfully.
HKCR\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} => Key not found.
• CHR HomePage: hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX ==> The Chrome "Settings" can be used to fix the entry.
• CHR RestoreOnStartup: "hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX" ==> The Chrome "Settings" can be used to fix the entry.
• CHR DefaultSearchKeyword: aartemis ==> The Chrome "Settings" can be used to fix the entry.
• CHR DefaultSearchProvider:       "name": "First user" ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
C:\Users\Baltz\AppData\Local\mysearchdial-speeddial.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb => Key deleted successfully.
"C:\Program Files (x86)\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx" => File/Directory not found.
• FromDocToPDF_65Service => Service not found.
• VideoDownloadConverter_4zService => Service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\• {BCF22F00-E2E1-45CE-BA19-A4190ACF9085} => Key not found.
C:\Windows\• System32\Tasks\MySearchDial not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree• \MySearchDial => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\• {D5FAD2C0-0E00-4D30-9C59-18BBECC06441} => Key not found.
C:\Windows\• System32\Tasks\0 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree• \0 => Key not found.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.

==== End of Fixlog ====



#8 baltzj

baltzj
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 10 December 2013 - 10:11 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Baltz :: OFFICEDESKTOP [administrator]

12/10/2013 8:20:55 PM
mbam-log-2013-12-10 (20-20-55).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 429867
Time elapsed: 46 minute(s), 42 second(s)

Memory Processes Detected: 1
C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> 1208 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SYSTEM\CurrentControlSet\Services\Wpm (PUP.Optional.WpManager.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WPM (PUP.Optional.WpManager.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Quarantined and

deleted successfully.

Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\Wpm|ImagePath (PUP.Optional.WpManager.A) -> Data: C:\ProgramData\WPM\wprotectmanager.exe -

service -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> Delete on reboot.
C:\Users\Baltz\AppData\Local\Temp\fullpackage_temp1386439936\tmp\NewGdp.exe (PUP.Optional.WpManager.A) -> Quarantined and deleted

successfully.
C:\Users\Baltz\AppData\Local\Temp\is1275519350\160815_stp\BrowseSmartSetup.exe (PUP.Optional.BrowseSmart.A) -> Quarantined and deleted

successfully.

(end)



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 12 December 2013 - 11:25 AM

That didn´t work - please download the attached fixlist.txt and repeat the procedure, please.

 

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 baltzj

baltzj
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 12 December 2013 - 09:08 PM

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2013 01
Ran by Baltz at 2013-12-12 20:01:49 Run:2
Running from C:\Users\Baltz\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [FromDocToPDF Home Page Guard 64 bit] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe [485448 2013-12-05] ( )
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe [485448 2013-12-
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [FromDocToPDF EPM Support] - "C:\PROGRA~2\FROMDO~2\bar\1.bin\65medint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader 64] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon64.exe [71240 2013-12-05] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [VideoDownloadConverter EPM Support] - "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zmedint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader 64] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon64.exe [71752 2013-12-06] (VER_COMPANY_NAME)
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL [ ] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^MI0000^us&si=CPPRmcCqmrsCFWRk7AodPnYAuw&ptb=159A4BA7-C9D2-4C9F-992E-EA44649B9997&ind=2013120519&n=77fdc807&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (Mindspark)
BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (Mindspark)
Toolbar: HKCU - No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} -  No File
Toolbar: HKCU - No Name - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} -  No File
CHR HomePage: hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX
CHR RestoreOnStartup: "hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX"
CHR DefaultSearchKeyword: aartemis
CHR DefaultSearchProvider:       "name": "First user"
CHR DefaultSearchURL: http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Baltz\AppData\Local\mysearchdial-speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [ippenodjaoidmkkfdlmdhofiebnpjddb] - C:\Program Files (x86)\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx

R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [89160 2013-12-05] (COMPANYVERS_NAME)
R2 VideoDownloadConverter_4zService; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [88648 2013-12-06] (COMPANYVERS_NAME)

Task: {BCF22F00-E2E1-45CE-BA19-A4190ACF9085} - System32\Tasks\MySearchDial => C:\Users\Baltz\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE
Task: {D5FAD2C0-0E00-4D30-9C59-18BBECC06441} - System32\Tasks\0 => Iexplore.exe

C:\Program Files (x86)\VideoDownloadConverter_4z
C:\Program Files (x86)\FromDocToPDF_65
C:\Users\Baltz\AppData\Roaming\Optimizer Pro
C:\Users\Baltz\daemonprocess.txt
C:\Windows\Tasks\MySearchDial.job
C:\Program Files (x86)\Mysearchdial
C:\Windows\System32\Tasks\MySearchDial
C:\Users\Baltz\AppData\Local\mysearchdial-speeddial.crx
C:\Users\Baltz\Downloads\mseinstall [1].exe
C:\Users\Baltz\AppData\Local\VideoDownloadConverter_4z
C:\Program Files (x86)\VideoDownloadConverter_4z
C:\Program Files (x86)\VideoDownloadConverter
C:\Users\Baltz\AppData\Local\IAC
C:\Users\Baltz\AppData\Local\FromDocToPDF_65
C:\Users\Baltz\AppData\Roaming\MYSEAR~1
C:\Program Files (x86)\FromDocToPDF_65
C:\$Recycle.Bin\S-1-5-21-2079067318-85538360-2968753081-1001\$4a595a894a2c2cd151904d4b4c29ea05
C:\$Recycle.Bin\S-1-5-18\$4a595a894a2c2cd151904d4b4c29ea05
C:\Windows\Tasks\MySearchDial.job
AlternateDataStreams: C:\ProgramData\Temp:373E1720
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\FromDocToPDF Home Page Guard 64 bit => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter Home Page Guard 64 bit => Value deleted successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FromDocToPDF EPM Support => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FromDocToPDF_65 Browser Plugin Loader 64 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter EPM Support => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter_4z Browser Plugin Loader 64 => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4c60e5ab-5c68-4c59-abaa-885010b24b32} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{93a3111f-4f74-4ed8-895e-d9708497629e} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} => Key deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} => Key deleted successfully.
HKCR\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} => Key not found.
HKCR\Wow6432Node\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c} => Key not found.
HKCR\Wow6432Node\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} => Key not found.
HKCR\Wow6432Node\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625} => Key not found.
HKCR\Wow6432Node\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} => Value not found.
HKCR\Wow6432Node\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} => Value not found.
HKCR\Wow6432Node\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} => Value not found.
HKCR\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} => Value not found.
HKCR\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} => Key not found.
CHR HomePage: hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://aartemis.com/?type=hp&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: aartemis ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider:       "name": "First user" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://www.aartemis.com/web/?type=ds&ts=1386439986&from=cor&uid=ST31000524AS_5VPAKYWXXXXX5VPAKYWX&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key not found.
"C:\Users\Baltz\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb => Key not found.
"C:\Program Files (x86)\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx" => File/Directory not found.
FromDocToPDF_65Service => Service deleted successfully.
VideoDownloadConverter_4zService => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCF22F00-E2E1-45CE-BA19-A4190ACF9085} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCF22F00-E2E1-45CE-BA19-A4190ACF9085} => Key deleted successfully.
C:\Windows\System32\Tasks\MySearchDial => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5FAD2C0-0E00-4D30-9C59-18BBECC06441} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5FAD2C0-0E00-4D30-9C59-18BBECC06441} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z => Moved successfully.
C:\Program Files (x86)\FromDocToPDF_65 => Moved successfully.
C:\Users\Baltz\AppData\Roaming\Optimizer Pro => Moved successfully.
Could not move "C:\Users\Baltz\daemonprocess.txt" => Scheduled to move on reboot.
C:\Windows\Tasks\MySearchDial.job => Moved successfully.

"C:\Program Files (x86)\Mysearchdial" directory move:

Could not move "C:\Program Files (x86)\Mysearchdial" directory. => Scheduled to move on reboot.

"C:\Windows\System32\Tasks\MySearchDial" => File/Directory not found.
"C:\Users\Baltz\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
C:\Users\Baltz\Downloads\mseinstall [1].exe => Moved successfully.
C:\Users\Baltz\AppData\Local\VideoDownloadConverter_4z => Moved successfully.
"C:\Program Files (x86)\VideoDownloadConverter_4z" => File/Directory not found.
C:\Program Files (x86)\VideoDownloadConverter => Moved successfully.
C:\Users\Baltz\AppData\Local\IAC => Moved successfully.
C:\Users\Baltz\AppData\Local\FromDocToPDF_65 => Moved successfully.
"C:\Users\Baltz\AppData\Roaming\MYSEAR~1" => File/Directory not found.
"C:\Program Files (x86)\FromDocToPDF_65" => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-2079067318-85538360-2968753081-1001\$4a595a894a2c2cd151904d4b4c29ea05 => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$4a595a894a2c2cd151904d4b4c29ea05 => Moved successfully.
"C:\Windows\Tasks\MySearchDial.job" => File/Directory not found.
"C:\ProgramData\Temp" => ":373E1720" ADS not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-12 20:04:39)<=

"C:\Users\Baltz\daemonprocess.txt" => File could not move.
"C:\Program Files (x86)\Mysearchdial" => Directory could not move.

==== End of Fixlog ====



#11 baltzj

baltzj
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 12 December 2013 - 10:00 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Baltz :: OFFICEDESKTOP [administrator]

12/12/2013 8:09:51 PM
mbam-log-2013-12-12 (20-09-51).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 433005
Time elapsed: 49 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 14 December 2013 - 10:10 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 baltzj

baltzj
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 14 December 2013 - 11:07 PM

C:\FRST\Quarantine\FromDocToPDF_65\bar\1.bin\65skin.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\FRST\Quarantine\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe a variant of Win64/Toolbar.MyWebSearch.A application
C:\FRST\Quarantine\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll a variant of Win64/Toolbar.MyWebSearch.A application
C:\FRST\Quarantine\FromDocToPDF_65\bar\1.bin\Hpg64.dll a variant of Win64/Toolbar.MyWebSearch.A application
C:\FRST\Quarantine\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\FRST\Quarantine\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe a variant of Win64/Toolbar.MyWebSearch.A application
C:\FRST\Quarantine\VideoDownloadConverter_4z\bar\1.bin\AppIntegratorStub64.dll a variant of Win64/Toolbar.MyWebSearch.A application
C:\FRST\Quarantine\VideoDownloadConverter_4z\bar\1.bin\Hpg64.dll a variant of Win64/Toolbar.MyWebSearch.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Baltz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SEQQFDOU\chainsaws[1].htm JS/Kryptik.AH trojan
C:\Users\Baltz\AppData\Local\Temp\{C4275ADB-3D5D-4344-9289-53A0E8017F47}\setup.exe multiple threats
 



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 16 December 2013 - 05:05 PM

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    C:\Users\Baltz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SEQQFDOU
    C:\Users\Baltz\AppData\Local\Temp\{C4275ADB-3D5D-4344-9289-53A0E8017F47}\setup.exe
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 baltzj

baltzj
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 16 December 2013 - 05:43 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-12-2013 02
Ran by Baltz at 2013-12-16 16:41:40 Run:3
Running from C:\Users\Baltz\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
• C:\Users\Baltz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SEQQFDOU
C:\Users\Baltz\AppData\Local\Temp\{C4275ADB-3D5D-4344-9289-53A0E8017F47}\setup.exe

*****************

C:\Users\Baltz\AppData\Local\Temp\{C4275ADB-3D5D-4344-9289-53A0E8017F47}\setup.exe => Moved successfully.

==== End of Fixlog ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users