Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with ZeroAccess - need elevated help


  • This topic is locked This topic is locked
16 replies to this topic

#1 par195

par195

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 PM

Posted 16 December 2013 - 05:26 PM

http://www.bleepingcomputer.com/forums/t/517675/infected-with-zeroaccess-rootkit/

 

Top posted in Malware Removal. I'm getting redirects when I click on a link in yahoo.com.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16526
Run by GESWEIN03 at 17:12:45 on 2013-12-16
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8136.6057 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\GESWEIN03\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Windows\system32\mstsc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
dURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130226105519.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [SkyDrive] "C:\Users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Kensington TrackballWorks] "C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe"
uRun: [Eltion] regsvr32.exe C:\Users\GESWEIN03\AppData\Local\Eltion\ClipPpm80.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Kensington TrackballWorks Helper] C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
StartupFolder: C:\Users\GESWEI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VOICEZ~1.LNK - C:\Program Files (x86)\VoiceZoneConnect\VoiceZoneConnect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NWepo.lnk - C:\Program Files (x86)\Network Associates\NWePO.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: agencyanywhere.agency.ni.nwie.net
Trusted Zone: agencyanywhere.agency.ni.nwie.net
Trusted Zone: agents.nationwide.com
Trusted Zone: agents.nationwide.com
Trusted Zone: appliedonline.net
Trusted Zone: nationwide.com
Trusted Zone: nationwide.com
Trusted Zone: onestop.nationwide.com
Trusted Zone: onestop.nationwide.com
Trusted Zone: skilldialogue.com
Trusted Zone: skilldialogue.com
Trusted Zone: skillport.com
Trusted Zone: skillport.com
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://esource.ohiohealth.com/,DSID=d09236a94813a4387411efcc1861fcf3,DanaInfo=DOMINOM41.ds.ohnet,ST=1+/dwa85W.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://secure.financepro.net/financepro/Reports/ScriptX-ie9.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nationwidetc.webex.com/client/T27LD/training/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 24.95.80.45 24.95.80.45
TCP: Interfaces\{27B4EE3E-E617-464A-92C3-65719D5FD24E} : NameServer = 209.18.47.61,209.18.47.62
TCP: Interfaces\{27B4EE3E-E617-464A-92C3-65719D5FD24E} : DHCPNameServer = 24.95.80.45 24.95.80.45
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130226105518.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [McAfee Host Intrusion Prevention Tray] \FIRETRAY.EXE"
x64-Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE
x64-Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE
x64-Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE
x64-Run: [ScrewDrivers RDP Plugin] C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-30 665768]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-31 303464]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-4-25 93272]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-8-16 75672]
R1 NEOFLTR_720_21697;Juniper Networks TDI Filter Driver (NEOFLTR_720_21697);C:\Windows\System32\drivers\NEOFLTR_720_21697.SYS [2012-12-6 100728]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-12-10 117544]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-1-30 32336]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2011-9-12 641336]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-5-12 324928]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-11-15 132672]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-10-25 201864]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2011-9-14 209760]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-10-25 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-7-30 170440]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-8 5087584]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-20 2656280]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-20 317440]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-7-30 274880]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-10-25 481504]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FireNfcp;McAfee Inc. FireNfcp;C:\Windows\System32\drivers\FireNfcp.sys [2012-10-25 48840]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-25 195024]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-7-30 101200]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-6-20 1147232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-21 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 tbwkern;Kensington TrackballWorks driver;C:\Windows\System32\drivers\tbwkern.sys [2011-6-13 32848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-21 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-21 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-16 20:01:03 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-16 20:00:21 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-13 20:31:29 -------- d-----w- C:\Users\GESWEIN03\AppData\Local\Eltion
2013-12-13 20:31:24 -------- d-----w- C:\ProgramData\6pnhpVr3
2013-12-12 08:04:22 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 08:04:22 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:04:22 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 08:04:21 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 11:37:05 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 11:37:04 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-11 11:37:00 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-10 18:48:25 209192 ----a-w- C:\Windows\SysWow64\atsckernel.exe
2013-12-10 18:48:24 117544 ----a-w- C:\Windows\SysWow64\atashost.exe
.
==================== Find3M  ====================
.
2013-12-16 14:38:50 104280 ----a-w- C:\Users\GESWEIN03\GoToAssistDownloadHelper.exe
2013-12-10 23:10:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 23:10:27 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-15 01:37:29 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-15 01:29:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-11-15 01:28:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-15 01:22:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-15 01:20:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-11-15 01:18:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-14 22:50:50 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-30 13:25:08 928399 ----a-w- C:\Windows\unins000.exe
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 17:13:02.66 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 PM

Posted 17 December 2013 - 06:08 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean! 
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
  • icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #3 par195

    par195
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 18 December 2013 - 09:22 AM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-12-2013 03
    Ran by GESWEIN03 (administrator) on GESWEIN09 on 18-12-2013 09:17:02
    Running from C:\Users\GESWEIN03\Desktop
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
    (McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    (Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
    (Microsoft Corporation) C:\Windows\System32\regsvr32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    (Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Juniper Networks, Inc.) C:\Users\GESWEIN03\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
    HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] - \FIRETRAY.EXE"
    HKLM\...\Run: [IgfxTray] - DOWS\SYSTEM32\IGFXTRAY.EXE
    HKLM\...\Run: [HotKeysCmds] - DOWS\SYSTEM32\HKCMD.EXE
    HKLM\...\Run: [Persistence] - DOWS\SYSTEM32\IGFXPERS.EXE
    HKLM\...\Run: [ScrewDrivers RDP Plugin] - C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [137584 2013-01-09] ()
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9\n. ATTENTION! ====> ZeroAccess?
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [6604568 2013-11-15] (SUPERAntiSpyware)
    HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
    HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
    HKCU\...\Run: [SkyDrive] - C:\Users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
    HKCU\...\Run: [Kensington TrackballWorks] - C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
    HKCU\...\Run: [Eltion] - regsvr32.exe C:\Users\GESWEIN03\AppData\Local\Eltion\ClipPpm80.dll <===== ATTENTION
    HKCU\...\Policies\Explorer: [HideSCAHealth] 1
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe [333376 2011-11-15] (McAfee, Inc.)
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe [215656 2012-08-14] (McAfee, Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [Kensington TrackballWorks Helper] - C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
    AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
    Startup: C:\Users\GESWEIN03\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VoiceZoneConnect.lnk
    ShortcutTarget: VoiceZoneConnect.lnk -> C:\Program Files (x86)\VoiceZoneConnect\VoiceZoneConnect.exe (No File)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - DefaultScope {6B80E057-DEA4-4A1A-A0B4-9E5AE43B72D0} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    SearchScopes: HKCU - {6B80E057-DEA4-4A1A-A0B4-9E5AE43B72D0} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    SearchScopes: HKCU - {9B250290-2C8E-42E2-8BA0-1FEB920DBCB0} URL =
    BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130226105518.dll (McAfee, Inc.)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130226105519.dll (McAfee, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://esource.ohiohealth.com/,DSID=d09236a94813a4387411efcc1861fcf3,DanaInfo=DOMINOM41.ds.ohnet,ST=1+/dwa85W.cab
    DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} https://secure.financepro.net/financepro/Reports/ScriptX-ie9.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {9916D178-71C8-4764-969C-95B9B67A1F76} https://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nationwidetc.webex.com/client/T27LD/training/ieatgpc1.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://agents.nationwide.com/dana-cached/sc/JuniperSetupClient.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 24.95.80.45 24.95.80.45
    Tcpip\..\Interfaces\{27B4EE3E-E617-464A-92C3-65719D5FD24E}: [NameServer]209.18.47.61,209.18.47.62

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-14] (SUPERAntiSpyware.com)
    R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2012-01-30] (Sanford, L.P.)
    R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [641336 2011-09-12] (McAfee, Inc.)
    R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [324928 2011-05-12] (McAfee, Inc.)
    R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
    R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-02-26] (McAfee, Inc.)
    R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-08-09] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-02-26] (McAfee, Inc.)

    ==================== Drivers (Whitelisted) ====================

    S3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [48840 2011-10-06] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [195024 2011-09-12] (McAfee, Inc.)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-02-26] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-02-26] (McAfee, Inc.)
    U3 mfeavfk01; No ImagePath
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481504 2011-08-16] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-02-26] (McAfee, Inc.)
    R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-08-16] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-02-26] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-02-26] (McAfee, Inc.)
    R1 NEOFLTR_720_21697; C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS [100728 2012-08-23] (Juniper Networks)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [32848 2011-06-13] ()
    S3 Firehk; system32\DRIVERS\firehk.sys [x]
    S3 FirehkMP; system32\DRIVERS\firehk.sys [x]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2013-12-18 09:17 - 2013-12-18 09:17 - 00019788 _____ C:\Users\GESWEIN03\Desktop\FRST.txt
    2013-12-18 09:16 - 2013-12-18 09:16 - 00000000 ____D C:\FRST
    2013-12-18 09:15 - 2013-12-18 09:16 - 01929306 _____ (Farbar) C:\Users\GESWEIN03\Desktop\FRST64.exe
    2013-12-16 17:15 - 2013-12-16 17:15 - 00004697 _____ C:\Users\GESWEIN03\Desktop\attach.zip
    2013-12-16 17:13 - 2013-12-16 17:14 - 00028918 _____ C:\Users\GESWEIN03\Desktop\dds.txt
    2013-12-16 17:13 - 2013-12-16 17:14 - 00018627 _____ C:\Users\GESWEIN03\Desktop\attach.txt
    2013-12-16 17:12 - 2013-12-16 17:12 - 00688992 ____R (Swearware) C:\Users\GESWEIN03\Desktop\dds.com
    2013-12-16 15:01 - 2013-12-16 15:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-12-16 15:00 - 2013-12-16 15:00 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2013-12-16 14:59 - 2013-12-16 15:34 - 00000000 ____D C:\Users\GESWEIN03\Desktop\mbar
    2013-12-16 14:44 - 2013-12-16 14:45 - 00030674 _____ C:\Users\GESWEIN03\Desktop\Result.txt
    2013-12-16 14:41 - 2013-12-16 14:41 - 00005254 _____ C:\Users\GESWEIN03\Desktop\FSS.txt
    2013-12-16 14:37 - 2013-12-16 14:37 - 00001116 _____ C:\Users\GESWEIN03\Desktop\checkup.txt
    2013-12-16 14:29 - 2013-12-16 14:30 - 00003680 _____ C:\Users\GESWEIN03\Desktop\Rkill.txt
    2013-12-13 15:37 - 2013-12-13 15:37 - 00000000 ____D C:\Users\GESWEIN03\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
    2013-12-13 15:31 - 2013-12-13 16:31 - 00000000 ____D C:\ProgramData\6pnhpVr3
    2013-12-13 15:31 - 2013-12-13 15:31 - 00000000 ____D C:\Users\GESWEIN03\AppData\Local\Eltion
    2013-12-12 03:04 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2013-12-12 03:04 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2013-12-12 03:04 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2013-12-12 03:04 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2013-12-12 03:02 - 2013-11-14 21:09 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-12-12 03:02 - 2013-11-14 20:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-12-12 03:02 - 2013-11-14 20:37 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-12-12 03:02 - 2013-11-14 20:29 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-12-12 03:02 - 2013-11-14 20:29 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-12-12 03:02 - 2013-11-14 20:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2013-12-12 03:02 - 2013-11-14 20:28 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2013-12-12 03:02 - 2013-11-14 20:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-12-12 03:02 - 2013-11-14 20:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2013-12-12 03:02 - 2013-11-14 20:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2013-12-12 03:02 - 2013-11-14 20:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2013-12-12 03:02 - 2013-11-14 20:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-12-12 03:02 - 2013-11-14 20:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2013-12-12 03:02 - 2013-11-14 20:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-12-12 03:02 - 2013-11-14 20:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2013-12-12 03:02 - 2013-11-14 20:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-12-12 03:02 - 2013-11-14 18:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-12-12 03:02 - 2013-11-14 17:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-12-12 03:02 - 2013-11-14 17:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-12-12 03:02 - 2013-11-14 17:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-12-12 03:02 - 2013-11-14 17:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-12-12 03:02 - 2013-11-14 17:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-12-12 03:02 - 2013-11-14 17:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-12-12 03:02 - 2013-11-14 17:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-12-12 03:02 - 2013-11-14 17:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-12-12 03:02 - 2013-11-14 17:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-12-12 03:02 - 2013-11-14 17:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-12-12 03:02 - 2013-11-14 17:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-12-12 03:02 - 2013-11-14 17:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-12-12 03:02 - 2013-11-14 17:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-12-12 03:02 - 2013-11-14 17:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-12-12 03:02 - 2013-11-14 17:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-12-11 06:37 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
    2013-12-11 06:37 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
    2013-12-11 06:37 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2013-12-11 06:36 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2013-12-11 06:36 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2013-12-11 06:36 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2013-12-11 06:36 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-12-11 06:36 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
    2013-12-11 06:36 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2013-12-11 06:36 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
    2013-12-11 06:36 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
    2013-12-11 06:36 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
    2013-12-11 06:36 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
    2013-12-11 06:36 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
    2013-12-11 06:36 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
    2013-12-11 06:36 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
    2013-12-11 06:36 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
    2013-12-11 06:36 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2013-12-11 06:36 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2013-12-10 13:48 - 2013-12-10 13:48 - 00209192 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe
    2013-12-10 13:48 - 2013-12-10 13:48 - 00117544 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
    2013-12-02 09:14 - 2013-12-17 10:28 - 00003406 _____ C:\Windows\System32\Tasks\IE11

    ==================== One Month Modified Files and Folders =======

    2013-12-18 09:17 - 2013-12-18 09:17 - 00019788 _____ C:\Users\GESWEIN03\Desktop\FRST.txt
    2013-12-18 09:16 - 2013-12-18 09:16 - 00000000 ____D C:\FRST
    2013-12-18 09:16 - 2013-12-18 09:15 - 01929306 _____ (Farbar) C:\Users\GESWEIN03\Desktop\FRST64.exe
    2013-12-18 09:10 - 2012-04-11 09:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-12-18 08:57 - 2013-01-08 12:21 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-12-18 05:37 - 2013-07-25 09:51 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
    2013-12-17 18:26 - 2013-01-08 12:22 - 00000000 ___RD C:\Users\GESWEIN03\Google Drive
    2013-12-17 17:09 - 2013-05-06 08:16 - 00003406 _____ C:\Windows\System32\Tasks\IE10
    2013-12-17 17:06 - 2012-01-17 15:45 - 00009268 _____ C:\Windows\DBSEARCH.INI
    2013-12-17 12:58 - 2013-01-08 12:21 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-12-17 10:31 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-12-17 10:31 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-12-17 10:28 - 2013-12-02 09:14 - 00003406 _____ C:\Windows\System32\Tasks\IE11
    2013-12-17 10:27 - 2009-07-14 00:13 - 00730448 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-12-17 10:26 - 2013-06-17 10:24 - 00000000 ___RD C:\Users\GESWEIN03\SkyDrive
    2013-12-17 10:23 - 2010-11-20 22:47 - 00062564 _____ C:\Windows\PFRO.log
    2013-12-17 10:23 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-12-17 10:23 - 2009-07-13 23:51 - 00064047 _____ C:\Windows\setupact.log
    2013-12-16 17:15 - 2013-12-16 17:15 - 00004697 _____ C:\Users\GESWEIN03\Desktop\attach.zip
    2013-12-16 17:14 - 2013-12-16 17:13 - 00028918 _____ C:\Users\GESWEIN03\Desktop\dds.txt
    2013-12-16 17:14 - 2013-12-16 17:13 - 00018627 _____ C:\Users\GESWEIN03\Desktop\attach.txt
    2013-12-16 17:12 - 2013-12-16 17:12 - 00688992 ____R (Swearware) C:\Users\GESWEIN03\Desktop\dds.com
    2013-12-16 15:34 - 2013-12-16 15:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-12-16 15:34 - 2013-12-16 14:59 - 00000000 ____D C:\Users\GESWEIN03\Desktop\mbar
    2013-12-16 15:00 - 2013-12-16 15:00 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2013-12-16 14:45 - 2013-12-16 14:44 - 00030674 _____ C:\Users\GESWEIN03\Desktop\Result.txt
    2013-12-16 14:41 - 2013-12-16 14:41 - 00005254 _____ C:\Users\GESWEIN03\Desktop\FSS.txt
    2013-12-16 14:37 - 2013-12-16 14:37 - 00001116 _____ C:\Users\GESWEIN03\Desktop\checkup.txt
    2013-12-16 14:30 - 2013-12-16 14:29 - 00003680 _____ C:\Users\GESWEIN03\Desktop\Rkill.txt
    2013-12-16 09:38 - 2012-09-20 11:43 - 00104280 _____ C:\Users\GESWEIN03\GoToAssistDownloadHelper.exe
    2013-12-16 09:32 - 2012-01-16 10:32 - 01166052 _____ C:\Windows\WindowsUpdate.log
    2013-12-13 17:07 - 2012-08-13 08:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-12-13 16:31 - 2013-12-13 15:31 - 00000000 ____D C:\ProgramData\6pnhpVr3
    2013-12-13 16:12 - 2012-07-05 09:23 - 00000000 ____D C:\Quarantine
    2013-12-13 15:37 - 2013-12-13 15:37 - 00000000 ____D C:\Users\GESWEIN03\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Guard Protection
    2013-12-13 15:31 - 2013-12-13 15:31 - 00000000 ____D C:\Users\GESWEIN03\AppData\Local\Eltion
    2013-12-12 10:14 - 2012-01-17 11:00 - 00000000 ____D C:\Users\GESWEIN03\Desktop\For Docubase
    2013-12-12 03:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2013-12-12 03:21 - 2009-07-13 23:45 - 00426912 _____ C:\Windows\system32\FNTCACHE.DAT
    2013-12-12 03:04 - 2012-01-20 09:18 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-12-11 11:17 - 2012-01-17 10:59 - 00000000 ____D C:\Users\GESWEIN03\Documents\Debbie
    2013-12-10 18:10 - 2012-04-11 09:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-12-10 18:10 - 2012-04-11 09:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2013-12-10 18:10 - 2012-01-18 10:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-12-10 14:15 - 2012-04-16 08:52 - 00000000 ____D C:\ProgramData\WebEx
    2013-12-10 13:48 - 2013-12-10 13:48 - 00209192 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe
    2013-12-10 13:48 - 2013-12-10 13:48 - 00117544 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
    2013-12-05 12:53 - 2013-01-08 12:21 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-12-05 12:53 - 2013-01-08 12:21 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2013-11-23 13:26 - 2013-12-11 06:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2013-11-23 12:47 - 2013-12-11 06:36 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

    Some content of TEMP:
    ====================
    C:\Users\GESWEIN03\AppData\Local\Temp\7b0af5185707cb92.exe
    C:\Users\GESWEIN03\AppData\Local\Temp\dsHostCheckerSetup.exe
    C:\Users\GESWEIN03\AppData\Local\Temp\FileZilla_3.5.3_win32-setup.exe
    C:\Users\GESWEIN03\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2013-12-10 00:09

    ==================== End Of Log ============================

    Attached Files



    #4 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 18 December 2013 - 08:22 PM

    Please do this next:

    icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt
     

    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9\n. ATTENTION! ====> ZeroAccess?
    HKCU\...\Run: [Eltion] - regsvr32.exe C:\Users\GESWEIN03\AppData\Local\Eltion\ClipPpm80.dll <===== ATTENTION
    2013-12-13 15:31 - 2013-12-13 16:31 - 00000000 ____D C:\ProgramData\6pnhpVr3
    2013-12-13 15:31 - 2013-12-13 15:31 - 00000000 ____D C:\Users\GESWEIN03\AppData\Local\Eltion
    C:\Users\GESWEIN03\AppData\Local\Temp\7b0af5185707cb92.exe

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now run FRST again.


    • When the tool opens click Yes to disclaimer.
    • Press the Fix button just once and wait.
    • The tool will make a log (Fixlog.txt) please post it to your reply.

    Edited by RPMcMurphy, 18 December 2013 - 08:23 PM.

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #5 par195

    par195
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 19 December 2013 - 09:20 AM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-12-2013 05
    Ran by GESWEIN03 at 2013-12-19 09:19:34 Run:1
    Running from C:\Users\GESWEIN03\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$934f382ee646b1119c9c88b5c1e746e9\n. ATTENTION! ====> ZeroAccess?
    HKCU\...\Run: [Eltion] - regsvr32.exe C:\Users\GESWEIN03\AppData\Local\Eltion\ClipPpm80.dll <===== ATTENTION
    2013-12-13 15:31 - 2013-12-13 16:31 - 00000000 ____D C:\ProgramData\6pnhpVr3
    2013-12-13 15:31 - 2013-12-13 15:31 - 00000000 ____D C:\Users\GESWEIN03\AppData\Local\Eltion
    C:\Users\GESWEIN03\AppData\Local\Temp\7b0af5185707cb92.exe
    *****************

    HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Eltion => Value deleted successfully.
    C:\ProgramData\6pnhpVr3 => Moved successfully.
    C:\Users\GESWEIN03\AppData\Local\Eltion => Moved successfully.
    C:\Users\GESWEIN03\AppData\Local\Temp\7b0af5185707cb92.exe => Moved successfully.

    ==== End of Fixlog ====



    #6 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 19 December 2013 - 12:01 PM

    Please do this next:

    icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

    • Execute TDSSKiller.exe by doubleclicking on it.
    • when the window opens, click on Change Parameters
    • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
    • click OK
    • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
    • Then click Continue > Reboot now
    • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
    • Post that log, please.

    icon11.gif  Download Combofix from HERE, and save it to your desktop.  

    **Note:  It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------
    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
    --------------------------------------------------------------------

    Double click on ComboFix.exe & follow the prompts.
    • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
    • When finished, it will produce a report for you.
    .
    Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

    Please include the following in your next post:
    • TDSSKiller log
    • ComboFix log


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #7 par195

    par195
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 19 December 2013 - 12:34 PM

    ComboFix still says I have McAfee running and I uninstalled all McAfee. Now what?

    A reboot fixed the error. Log posted below TDSS.

    12:14:34.0125 0x1548 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
    12:14:46.0617 0x1548 ============================================================
    12:14:46.0617 0x1548 Current date / time: 2013/12/19 12:14:46.0617
    12:14:46.0617 0x1548 SystemInfo:
    12:14:46.0617 0x1548
    12:14:46.0617 0x1548 OS Version: 6.1.7601 ServicePack: 1.0
    12:14:46.0617 0x1548 Product type: Workstation
    12:14:46.0617 0x1548 ComputerName: GESWEIN09
    12:14:46.0618 0x1548 UserName: GESWEIN03
    12:14:46.0618 0x1548 Windows directory: C:\Windows
    12:14:46.0618 0x1548 System windows directory: C:\Windows
    12:14:46.0618 0x1548 Running under WOW64
    12:14:46.0618 0x1548 Processor architecture: Intel x64
    12:14:46.0618 0x1548 Number of processors: 4
    12:14:46.0618 0x1548 Page size: 0x1000
    12:14:46.0618 0x1548 Boot type: Normal boot
    12:14:46.0618 0x1548 ============================================================
    12:14:49.0075 0x1548 KLMD registered as C:\Windows\system32\drivers\73851482.sys
    12:14:49.0177 0x1548 System UUID: {99E3139E-37C4-5888-8630-0C32968E7E75}
    12:14:49.0760 0x1548 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    12:14:49.0772 0x1548 ============================================================
    12:14:49.0772 0x1548 \Device\Harddisk0\DR0:
    12:14:49.0772 0x1548 MBR partitions:
    12:14:49.0772 0x1548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
    12:14:49.0772 0x1548 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x65F9A, BlocksNum 0xE8DA2116
    12:14:49.0772 0x1548 ============================================================
    12:14:49.0806 0x1548 C: <-> \Device\Harddisk0\DR0\Partition2
    12:14:49.0806 0x1548 ============================================================
    12:14:49.0806 0x1548 Initialize success
    12:14:49.0806 0x1548 ============================================================
    12:15:49.0443 0x0ca8 ============================================================
    12:15:49.0443 0x0ca8 Scan started
    12:15:49.0443 0x0ca8 Mode: Manual; TDLFS;
    12:15:49.0443 0x0ca8 ============================================================
    12:15:49.0443 0x0ca8 KSN ping started
    12:15:51.0855 0x0ca8 KSN ping finished: true
    12:15:53.0166 0x0ca8 ================ Scan system memory ========================
    12:15:53.0166 0x0ca8 System memory - ok
    12:15:53.0166 0x0ca8 ================ Scan services =============================
    12:15:53.0272 0x0ca8 [ 581D88B25C4D4121824FED2CA38E562F, 838FFC4270ED32858A4AC14B389DEA1ECCCAAFC94BEAF683F8976B5F5A91DD15 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    12:15:53.0275 0x0ca8 !SASCORE - ok
    12:15:53.0437 0x0ca8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    12:15:53.0470 0x0ca8 1394ohci - ok
    12:15:53.0499 0x0ca8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    12:15:53.0504 0x0ca8 ACPI - ok
    12:15:53.0517 0x0ca8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    12:15:53.0544 0x0ca8 AcpiPmi - ok
    12:15:53.0681 0x0ca8 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    12:15:53.0716 0x0ca8 AdobeARMservice - ok
    12:15:53.0812 0x0ca8 [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    12:15:53.0816 0x0ca8 AdobeFlashPlayerUpdateSvc - ok
    12:15:53.0854 0x0ca8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    12:15:53.0867 0x0ca8 adp94xx - ok
    12:15:53.0900 0x0ca8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
    12:15:53.0909 0x0ca8 adpahci - ok
    12:15:53.0937 0x0ca8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    12:15:53.0942 0x0ca8 adpu320 - ok
    12:15:53.0962 0x0ca8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    12:15:53.0964 0x0ca8 AeLookupSvc - ok
    12:15:54.0037 0x0ca8 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
    12:15:54.0091 0x0ca8 AFD - ok
    12:15:54.0105 0x0ca8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
    12:15:54.0108 0x0ca8 agp440 - ok
    12:15:54.0120 0x0ca8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
    12:15:54.0123 0x0ca8 ALG - ok
    12:15:54.0149 0x0ca8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
    12:15:54.0150 0x0ca8 aliide - ok
    12:15:54.0174 0x0ca8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
    12:15:54.0176 0x0ca8 amdide - ok
    12:15:54.0192 0x0ca8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    12:15:54.0195 0x0ca8 AmdK8 - ok
    12:15:54.0200 0x0ca8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    12:15:54.0203 0x0ca8 AmdPPM - ok
    12:15:54.0241 0x0ca8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    12:15:54.0273 0x0ca8 amdsata - ok
    12:15:54.0295 0x0ca8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    12:15:54.0301 0x0ca8 amdsbs - ok
    12:15:54.0316 0x0ca8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
    12:15:54.0345 0x0ca8 amdxata - ok
    12:15:54.0367 0x0ca8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
    12:15:54.0395 0x0ca8 AppID - ok
    12:15:54.0422 0x0ca8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    12:15:54.0424 0x0ca8 AppIDSvc - ok
    12:15:54.0498 0x0ca8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
    12:15:54.0518 0x0ca8 Appinfo - ok
    12:15:54.0611 0x0ca8 [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    12:15:54.0645 0x0ca8 Apple Mobile Device - ok
    12:15:54.0721 0x0ca8 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
    12:15:54.0726 0x0ca8 AppMgmt - ok
    12:15:54.0744 0x0ca8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
    12:15:54.0747 0x0ca8 arc - ok
    12:15:54.0772 0x0ca8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
    12:15:54.0775 0x0ca8 arcsas - ok
    12:15:54.0808 0x0ca8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    12:15:54.0810 0x0ca8 AsyncMac - ok
    12:15:54.0842 0x0ca8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
    12:15:54.0843 0x0ca8 atapi - ok
    12:15:54.0889 0x0ca8 [ 0FAE56BB0DAC5101161663CBCBFF2902, B34CC7AC9B2A2E1DAE12D268280F5443D99AB112F145B6760A685A05A73C65B9 ] atashost C:\Windows\SysWOW64\atashost.exe
    12:15:54.0927 0x0ca8 atashost - ok
    12:15:54.0952 0x0ca8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    12:15:54.0987 0x0ca8 AudioEndpointBuilder - ok
    12:15:55.0002 0x0ca8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    12:15:55.0012 0x0ca8 AudioSrv - ok
    12:15:55.0029 0x0ca8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
    12:15:55.0050 0x0ca8 AxInstSV - ok
    12:15:55.0082 0x0ca8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    12:15:55.0094 0x0ca8 b06bdrv - ok
    12:15:55.0145 0x0ca8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    12:15:55.0153 0x0ca8 b57nd60a - ok
    12:15:55.0194 0x0ca8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
    12:15:55.0198 0x0ca8 BDESVC - ok
    12:15:55.0217 0x0ca8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
    12:15:55.0219 0x0ca8 Beep - ok
    12:15:55.0250 0x0ca8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
    12:15:55.0263 0x0ca8 BITS - ok
    12:15:55.0295 0x0ca8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    12:15:55.0298 0x0ca8 blbdrive - ok
    12:15:55.0340 0x0ca8 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    12:15:55.0377 0x0ca8 Bonjour Service - ok
    12:15:55.0417 0x0ca8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    12:15:55.0454 0x0ca8 bowser - ok
    12:15:55.0514 0x0ca8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    12:15:55.0516 0x0ca8 BrFiltLo - ok
    12:15:55.0540 0x0ca8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    12:15:55.0542 0x0ca8 BrFiltUp - ok
    12:15:55.0592 0x0ca8 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    12:15:55.0596 0x0ca8 BridgeMP - ok
    12:15:55.0648 0x0ca8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
    12:15:55.0669 0x0ca8 Browser - ok
    12:15:55.0693 0x0ca8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    12:15:55.0700 0x0ca8 Brserid - ok
    12:15:55.0713 0x0ca8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    12:15:55.0715 0x0ca8 BrSerWdm - ok
    12:15:55.0743 0x0ca8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    12:15:55.0762 0x0ca8 BrUsbMdm - ok
    12:15:55.0799 0x0ca8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    12:15:55.0801 0x0ca8 BrUsbSer - ok
    12:15:55.0812 0x0ca8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    12:15:55.0815 0x0ca8 BTHMODEM - ok
    12:15:55.0831 0x0ca8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
    12:15:55.0834 0x0ca8 bthserv - ok
    12:15:55.0860 0x0ca8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    12:15:55.0864 0x0ca8 cdfs - ok
    12:15:55.0912 0x0ca8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    12:15:55.0942 0x0ca8 cdrom - ok
    12:15:55.0979 0x0ca8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
    12:15:56.0000 0x0ca8 CertPropSvc - ok
    12:15:56.0018 0x0ca8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
    12:15:56.0020 0x0ca8 circlass - ok
    12:15:56.0038 0x0ca8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
    12:15:56.0047 0x0ca8 CLFS - ok
    12:15:56.0144 0x0ca8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:15:56.0148 0x0ca8 clr_optimization_v2.0.50727_32 - ok
    12:15:56.0208 0x0ca8 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    12:15:56.0212 0x0ca8 clr_optimization_v2.0.50727_64 - ok
    12:15:56.0303 0x0ca8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:15:56.0319 0x0ca8 clr_optimization_v4.0.30319_32 - ok
    12:15:56.0345 0x0ca8 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    12:15:56.0348 0x0ca8 clr_optimization_v4.0.30319_64 - ok
    12:15:56.0362 0x0ca8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    12:15:56.0364 0x0ca8 CmBatt - ok
    12:15:56.0418 0x0ca8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
    12:15:56.0420 0x0ca8 cmdide - ok
    12:15:56.0462 0x0ca8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
    12:15:56.0490 0x0ca8 CNG - ok
    12:15:56.0516 0x0ca8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    12:15:56.0518 0x0ca8 Compbatt - ok
    12:15:56.0543 0x0ca8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    12:15:56.0671 0x0ca8 CompositeBus - ok
    12:15:56.0673 0x0ca8 COMSysApp - ok
    12:15:56.0715 0x0ca8 [ 815F3180B5117E42E422188E9CCC89C6, 69E539D33F3B9F3562FE4B21D853EEBB15DBD2106509FEBD476D04562F34AC08 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
    12:15:56.0774 0x0ca8 cphs - ok
    12:15:56.0784 0x0ca8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    12:15:56.0786 0x0ca8 crcdisk - ok
    12:15:56.0818 0x0ca8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
    12:15:56.0847 0x0ca8 CryptSvc - ok
    12:15:56.0878 0x0ca8 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
    12:15:56.0927 0x0ca8 CSC - ok
    12:15:56.0952 0x0ca8 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
    12:15:56.0962 0x0ca8 CscService - ok
    12:15:56.0988 0x0ca8 [ F02D7FD231AF76C69A8F09C619DEE384, 8A491BB0BFBD99804262A23E2687C58323A4042748CF201A32E35079FEDAF218 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
    12:15:57.0017 0x0ca8 ctxusbm - ok
    12:15:57.0082 0x0ca8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
    12:15:57.0090 0x0ca8 DcomLaunch - ok
    12:15:57.0129 0x0ca8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
    12:15:57.0138 0x0ca8 defragsvc - ok
    12:15:57.0155 0x0ca8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    12:15:57.0183 0x0ca8 DfsC - ok
    12:15:57.0207 0x0ca8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
    12:15:57.0233 0x0ca8 Dhcp - ok
    12:15:57.0243 0x0ca8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
    12:15:57.0245 0x0ca8 discache - ok
    12:15:57.0303 0x0ca8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
    12:15:57.0305 0x0ca8 Disk - ok
    12:15:57.0317 0x0ca8 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
    12:15:57.0345 0x0ca8 dmvsc - ok
    12:15:57.0383 0x0ca8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    12:15:57.0426 0x0ca8 Dnscache - ok
    12:15:57.0459 0x0ca8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
    12:15:57.0499 0x0ca8 dot3svc - ok
    12:15:57.0513 0x0ca8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
    12:15:57.0516 0x0ca8 DPS - ok
    12:15:57.0548 0x0ca8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    12:15:57.0549 0x0ca8 drmkaud - ok
    12:15:57.0589 0x0ca8 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    12:15:57.0637 0x0ca8 DXGKrnl - ok
    12:15:57.0682 0x0ca8 [ 8CCDCA22D95D41EFC79F23B4356F2A5F, B4AD1603109543701B414178D8284208FCFD389FD71F710D1F67D4B5F08FA8A9 ] DymoPnpService C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
    12:15:57.0714 0x0ca8 DymoPnpService - ok
    12:15:57.0739 0x0ca8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
    12:15:57.0743 0x0ca8 EapHost - ok
    12:15:57.0835 0x0ca8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
    12:15:57.0907 0x0ca8 ebdrv - ok
    12:15:57.0936 0x0ca8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
    12:15:57.0966 0x0ca8 EFS - ok
    12:15:58.0014 0x0ca8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    12:15:58.0065 0x0ca8 ehRecvr - ok
    12:15:58.0085 0x0ca8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
    12:15:58.0090 0x0ca8 ehSched - ok
    12:15:58.0122 0x0ca8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    12:15:58.0136 0x0ca8 elxstor - ok
    12:15:58.0210 0x0ca8 [ 7A4254E8AF3243F866FA629D64EBB2FE, 6F1E7E0A1168EF83B7156AD4D4167D64337968F733327691D0688873B763C90D ] enterceptAgent C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    12:15:58.0251 0x0ca8 enterceptAgent - ok
    12:15:58.0282 0x0ca8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    12:15:58.0284 0x0ca8 ErrDev - ok
    12:15:58.0325 0x0ca8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
    12:15:58.0332 0x0ca8 EventSystem - ok
    12:15:58.0385 0x0ca8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
    12:15:58.0391 0x0ca8 exfat - ok
    12:15:58.0406 0x0ca8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    12:15:58.0412 0x0ca8 fastfat - ok
    12:15:58.0461 0x0ca8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
    12:15:58.0471 0x0ca8 Fax - ok
    12:15:58.0483 0x0ca8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
    12:15:58.0485 0x0ca8 fdc - ok
    12:15:58.0504 0x0ca8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
    12:15:58.0506 0x0ca8 fdPHost - ok
    12:15:58.0520 0x0ca8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
    12:15:58.0522 0x0ca8 FDResPub - ok
    12:15:58.0530 0x0ca8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    12:15:58.0533 0x0ca8 FileInfo - ok
    12:15:58.0545 0x0ca8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    12:15:58.0547 0x0ca8 Filetrace - ok
    12:15:58.0604 0x0ca8 Firehk - ok
    12:15:58.0608 0x0ca8 FirehkMP - ok
    12:15:58.0657 0x0ca8 [ 528EB2FCEBA6B12E28159DCD2DE97763, 8A0F91425A2ACEB3AC8E66202A6B67A57B46D872BFA0694F6E9F4BBEF8AC1EE7 ] FireNfcp C:\Windows\system32\drivers\FireNfcp.sys
    12:15:58.0686 0x0ca8 FireNfcp - ok
    12:15:58.0698 0x0ca8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    12:15:58.0700 0x0ca8 flpydisk - ok
    12:15:58.0724 0x0ca8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    12:15:58.0757 0x0ca8 FltMgr - ok
    12:15:58.0836 0x0ca8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
    12:15:58.0913 0x0ca8 FontCache - ok
    12:15:58.0963 0x0ca8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    12:15:58.0997 0x0ca8 FontCache3.0.0.0 - ok
    12:15:59.0014 0x0ca8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    12:15:59.0017 0x0ca8 FsDepends - ok
    12:15:59.0036 0x0ca8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    12:15:59.0075 0x0ca8 Fs_Rec - ok
    12:15:59.0128 0x0ca8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    12:15:59.0161 0x0ca8 fvevol - ok
    12:15:59.0190 0x0ca8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    12:15:59.0192 0x0ca8 gagp30kx - ok
    12:15:59.0255 0x0ca8 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    12:15:59.0292 0x0ca8 GEARAspiWDM - ok
    12:15:59.0321 0x0ca8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
    12:15:59.0334 0x0ca8 gpsvc - ok
    12:15:59.0443 0x0ca8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:15:59.0445 0x0ca8 gupdate - ok
    12:15:59.0449 0x0ca8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:15:59.0452 0x0ca8 gupdatem - ok
    12:15:59.0462 0x0ca8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    12:15:59.0464 0x0ca8 hcw85cir - ok
    12:15:59.0514 0x0ca8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    12:15:59.0565 0x0ca8 HdAudAddService - ok
    12:15:59.0590 0x0ca8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    12:15:59.0592 0x0ca8 HDAudBus - ok
    12:15:59.0624 0x0ca8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    12:15:59.0626 0x0ca8 HidBatt - ok
    12:15:59.0648 0x0ca8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    12:15:59.0667 0x0ca8 HidBth - ok
    12:15:59.0691 0x0ca8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
    12:15:59.0694 0x0ca8 HidIr - ok
    12:15:59.0754 0x0ca8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
    12:15:59.0756 0x0ca8 hidserv - ok
    12:15:59.0793 0x0ca8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    12:15:59.0821 0x0ca8 HidUsb - ok
    12:15:59.0870 0x0ca8 [ B18B4AB7012EF2304546DF6D0D6C656D, A873280DEB60CF3D1401960A4CF388CD2B48733B4E3DC9F7EF191B7F062CBC73 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
    12:15:59.0902 0x0ca8 HipShieldK - ok
    12:15:59.0933 0x0ca8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
    12:15:59.0971 0x0ca8 hkmsvc - ok
    12:15:59.0993 0x0ca8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    12:16:00.0033 0x0ca8 HomeGroupListener - ok
    12:16:00.0066 0x0ca8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    12:16:00.0070 0x0ca8 HomeGroupProvider - ok
    12:16:00.0176 0x0ca8 [ CE0FCEC4D4D860F36D972759B11EAF0F, 81F9E391A71D9FB9DD41BC35BD5136B3A851C231BE5A6E936B84E49CDAAF0B67 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    12:16:00.0180 0x0ca8 hpqcxs08 - ok
    12:16:00.0222 0x0ca8 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B, D3D1EA40833157386E83EAC3B730E043BE0ED831106972625E285263ADB968C3 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    12:16:00.0225 0x0ca8 hpqddsvc - ok
    12:16:00.0278 0x0ca8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    12:16:00.0319 0x0ca8 HpSAMD - ok
    12:16:00.0447 0x0ca8 [ 298A6890A7AC415DABB35047D168F13B, 6889A7DB3363194C36C2DF827AA6E5CED0ADB28275FF118C561D8477961C68BC ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    12:16:00.0461 0x0ca8 HPSLPSVC - ok
    12:16:00.0537 0x0ca8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    12:16:00.0589 0x0ca8 HTTP - ok
    12:16:00.0606 0x0ca8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    12:16:00.0625 0x0ca8 hwpolicy - ok
    12:16:00.0662 0x0ca8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    12:16:00.0665 0x0ca8 i8042prt - ok
    12:16:00.0710 0x0ca8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    12:16:00.0749 0x0ca8 iaStorV - ok
    12:16:00.0837 0x0ca8 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    12:16:00.0886 0x0ca8 idsvc - ok
    12:16:01.0031 0x0ca8 [ 348214F96642FD4FEF630DE021BA3540, B6A7D2EA41F6866F5AFF5022BB459E5AFF683FF2FF470B84F3E911C8AEC47C30 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    12:16:01.0155 0x0ca8 igfx - ok
    12:16:01.0187 0x0ca8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    12:16:01.0189 0x0ca8 iirsp - ok
    12:16:01.0256 0x0ca8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
    12:16:01.0294 0x0ca8 IKEEXT - ok
    12:16:01.0392 0x0ca8 [ 88798B4381FD58FAE2DA07880C177C5C, AA63C9E4DCCDF7810EFFEB82FFDEA9BD2E97A52574BC0B7802D3C4E6ADF500A0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    12:16:01.0466 0x0ca8 IntcAzAudAddService - ok
    12:16:01.0500 0x0ca8 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    12:16:01.0534 0x0ca8 IntcDAud - ok
    12:16:01.0577 0x0ca8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
    12:16:01.0579 0x0ca8 intelide - ok
    12:16:01.0610 0x0ca8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    12:16:01.0611 0x0ca8 intelppm - ok
    12:16:01.0660 0x0ca8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    12:16:01.0664 0x0ca8 IPBusEnum - ok
    12:16:01.0717 0x0ca8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:16:01.0753 0x0ca8 IpFilterDriver - ok
    12:16:01.0781 0x0ca8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    12:16:01.0809 0x0ca8 IPMIDRV - ok
    12:16:01.0819 0x0ca8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    12:16:01.0823 0x0ca8 IPNAT - ok
    12:16:01.0874 0x0ca8 [ 4EFFC8FF6D349E971E94B1C670C0C66A, E92DA19CE9725BB4CC34DF94873C6B441AE61679A8C615780E1A1E9404C8FA26 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    12:16:01.0883 0x0ca8 iPod Service - ok
    12:16:01.0933 0x0ca8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
    12:16:01.0935 0x0ca8 IRENUM - ok
    12:16:01.0961 0x0ca8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    12:16:01.0963 0x0ca8 isapnp - ok
    12:16:01.0991 0x0ca8 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    12:16:02.0042 0x0ca8 iScsiPrt - ok
    12:16:02.0051 0x0ca8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    12:16:02.0053 0x0ca8 kbdclass - ok
    12:16:02.0085 0x0ca8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    12:16:02.0113 0x0ca8 kbdhid - ok
    12:16:02.0131 0x0ca8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
    12:16:02.0132 0x0ca8 KeyIso - ok
    12:16:02.0175 0x0ca8 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    12:16:02.0197 0x0ca8 KSecDD - ok
    12:16:02.0223 0x0ca8 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    12:16:02.0255 0x0ca8 KSecPkg - ok
    12:16:02.0304 0x0ca8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    12:16:02.0306 0x0ca8 ksthunk - ok
    12:16:02.0342 0x0ca8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
    12:16:02.0352 0x0ca8 KtmRm - ok
    12:16:02.0387 0x0ca8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
    12:16:02.0412 0x0ca8 LanmanServer - ok
    12:16:02.0428 0x0ca8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    12:16:02.0468 0x0ca8 LanmanWorkstation - ok
    12:16:02.0526 0x0ca8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    12:16:02.0528 0x0ca8 lltdio - ok
    12:16:02.0564 0x0ca8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    12:16:02.0572 0x0ca8 lltdsvc - ok
    12:16:02.0605 0x0ca8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
    12:16:02.0607 0x0ca8 lmhosts - ok
    12:16:02.0679 0x0ca8 [ 50C7CE53EF461870410355F1F2E7D515, D6E84C63D74E4603D37FD7CC88BF51DE23CD17DB1D1AD4ADBED62F949F3C470C ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    12:16:02.0684 0x0ca8 LMS - ok
    12:16:02.0715 0x0ca8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    12:16:02.0719 0x0ca8 LSI_FC - ok
    12:16:02.0745 0x0ca8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    12:16:02.0749 0x0ca8 LSI_SAS - ok
    12:16:02.0802 0x0ca8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    12:16:02.0804 0x0ca8 LSI_SAS2 - ok
    12:16:02.0835 0x0ca8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    12:16:02.0839 0x0ca8 LSI_SCSI - ok
    12:16:02.0853 0x0ca8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
    12:16:02.0856 0x0ca8 luafv - ok
    12:16:02.0976 0x0ca8 [ 4F2D526298CBC517EDB82501E8041112, 1ACF383235FBC3500B50859A31AD39D5FDF4579F98631EE74AE96E38697D0D3B ] McAfee SiteAdvisor Enterprise Service C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
    12:16:03.0019 0x0ca8 McAfee SiteAdvisor Enterprise Service - ok
    12:16:03.0089 0x0ca8 [ 3EF9511390F9106DD8CF0747BAEB335C, 5D3007EEC615B1D66B71A5160346BD70FA464D51BE90E7A03786582BF7521631 ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    12:16:03.0091 0x0ca8 McAfeeFramework - ok
    12:16:03.0185 0x0ca8 [ 01408F1985BD65D0EFDCBFA02D4EDEF7, DD4F437465B6412DDE370BB2D59BEFC10EECB4DC41ECEF23F0FE749ADCF21D45 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    12:16:03.0230 0x0ca8 McShield - ok
    12:16:03.0285 0x0ca8 [ 462EB5733C52471DB574727B5D1F77E4, 6D3310DC667F6480B2496B27188E69834E467FCC025B2DE6BB550B1B76D77EF1 ] McTaskManager C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
    12:16:03.0325 0x0ca8 McTaskManager - ok
    12:16:03.0346 0x0ca8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    12:16:03.0368 0x0ca8 Mcx2Svc - ok
    12:16:03.0388 0x0ca8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
    12:16:03.0390 0x0ca8 megasas - ok
    12:16:03.0408 0x0ca8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    12:16:03.0416 0x0ca8 MegaSR - ok
    12:16:03.0432 0x0ca8 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
    12:16:03.0472 0x0ca8 MEIx64 - ok
    12:16:03.0494 0x0ca8 [ 581AFAFA23A61CE6C4D96EFB2A28DE8C, DAAB3F2E4249B8F6A0119A31F893ECD86FA23EFC3038022FBECDEAD5C071AA70 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
    12:16:03.0497 0x0ca8 mfeapfk - ok
    12:16:03.0510 0x0ca8 [ DCC7ACD0A249B0952A7C73BA85CF5DC4, 88624F86EC3D55F110055F77CEE1790090D0A1C75234578CD898C48A0ACB9554 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
    12:16:03.0545 0x0ca8 mfeavfk - ok
    12:16:03.0568 0x0ca8 mfeavfk01 - ok
    12:16:03.0593 0x0ca8 [ EA535633E48683F1E35AF86A921E74EA, B47DF475A1A8CBE4B6E272FF87AB7C90B1DADFCCFE1B0F6F085B73D6D2ECF250 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    12:16:03.0625 0x0ca8 mfefire - ok
    12:16:03.0654 0x0ca8 [ DF470D7B1F7E17998C352F8215AF2C37, C294DE8BD9B7CE312BE172D20B4C9857FE9319C83811720C842DE2CF0BB792F8 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
    12:16:03.0691 0x0ca8 mfefirek - ok
    12:16:03.0724 0x0ca8 [ 3EF12141921EDEC8D83C644759AD7F00, DBFCBAEDDBAD9DC12B9202CE12F7A4798EFB6F2ED3F00395604D8E0FAB5075B1 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
    12:16:03.0776 0x0ca8 mfehidk - ok
    12:16:03.0798 0x0ca8 [ C18DDD3B83E941571634DB0D82A70023, FF1B64A8FC8CE8FB9322A1561EFF15FE33734D6DC6DF9D10CA11A6AB6548C5D2 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
    12:16:03.0826 0x0ca8 mfenlfk - ok
    12:16:03.0868 0x0ca8 [ 92FD2EB7C52B4A8504BCE111F5810B55, C1FCC26A42C46EE38406C5BAF2B0E33263AD5171E6285B40B4AE3C3CB4C787B7 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
    12:16:03.0899 0x0ca8 mferkdet - ok
    12:16:03.0920 0x0ca8 [ C05AEF314C65C435BD25FF99AC5DA8CC, 46FBD7DAEF87F7690BDDCF3B5152B5D42F138DA67EAEE9089C6629E28B0D9512 ] mfevtp C:\Windows\system32\mfevtps.exe
    12:16:03.0953 0x0ca8 mfevtp - ok
    12:16:03.0981 0x0ca8 [ 173751FF26D45B462D0D27E1561912C2, D9C0545C350803A7DCC53DA9363742E6C8E61910BEE7912F12B967F9B094A723 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
    12:16:04.0029 0x0ca8 mfewfpk - ok
    12:16:04.0089 0x0ca8 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    12:16:04.0124 0x0ca8 Microsoft Office Groove Audit Service - ok
    12:16:04.0146 0x0ca8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
    12:16:04.0148 0x0ca8 MMCSS - ok
    12:16:04.0166 0x0ca8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
    12:16:04.0169 0x0ca8 Modem - ok
    12:16:04.0205 0x0ca8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    12:16:04.0205 0x0ca8 monitor - ok
    12:16:04.0233 0x0ca8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    12:16:04.0235 0x0ca8 mouclass - ok
    12:16:04.0268 0x0ca8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    12:16:04.0270 0x0ca8 mouhid - ok
    12:16:04.0292 0x0ca8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    12:16:04.0334 0x0ca8 mountmgr - ok
    12:16:04.0347 0x0ca8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
    12:16:04.0380 0x0ca8 mpio - ok
    12:16:04.0411 0x0ca8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    12:16:04.0414 0x0ca8 mpsdrv - ok
    12:16:04.0461 0x0ca8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    12:16:04.0496 0x0ca8 MRxDAV - ok
    12:16:04.0520 0x0ca8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:16:04.0563 0x0ca8 mrxsmb - ok
    12:16:04.0577 0x0ca8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:16:04.0611 0x0ca8 mrxsmb10 - ok
    12:16:04.0629 0x0ca8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:16:04.0659 0x0ca8 mrxsmb20 - ok
    12:16:04.0678 0x0ca8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
    12:16:04.0722 0x0ca8 msahci - ok
    12:16:04.0740 0x0ca8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    12:16:04.0791 0x0ca8 msdsm - ok
    12:16:04.0810 0x0ca8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
    12:16:04.0815 0x0ca8 MSDTC - ok
    12:16:04.0837 0x0ca8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    12:16:04.0838 0x0ca8 Msfs - ok
    12:16:04.0889 0x0ca8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    12:16:04.0891 0x0ca8 mshidkmdf - ok
    12:16:04.0898 0x0ca8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    12:16:04.0900 0x0ca8 msisadrv - ok
    12:16:04.0952 0x0ca8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    12:16:04.0957 0x0ca8 MSiSCSI - ok
    12:16:04.0959 0x0ca8 msiserver - ok
    12:16:04.0976 0x0ca8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    12:16:04.0978 0x0ca8 MSKSSRV - ok
    12:16:04.0994 0x0ca8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    12:16:04.0995 0x0ca8 MSPCLOCK - ok
    12:16:05.0005 0x0ca8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    12:16:05.0006 0x0ca8 MSPQM - ok
    12:16:05.0023 0x0ca8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    12:16:05.0049 0x0ca8 MsRPC - ok
    12:16:05.0077 0x0ca8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    12:16:05.0078 0x0ca8 mssmbios - ok
    12:16:05.0092 0x0ca8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    12:16:05.0094 0x0ca8 MSTEE - ok
    12:16:05.0101 0x0ca8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    12:16:05.0103 0x0ca8 MTConfig - ok
    12:16:05.0122 0x0ca8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
    12:16:05.0125 0x0ca8 Mup - ok
    12:16:05.0162 0x0ca8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
    12:16:05.0193 0x0ca8 napagent - ok
    12:16:05.0218 0x0ca8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    12:16:05.0226 0x0ca8 NativeWifiP - ok
    12:16:05.0275 0x0ca8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
    12:16:05.0289 0x0ca8 NDIS - ok
    12:16:05.0320 0x0ca8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    12:16:05.0322 0x0ca8 NdisCap - ok
    12:16:05.0334 0x0ca8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    12:16:05.0336 0x0ca8 NdisTapi - ok
    12:16:05.0350 0x0ca8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    12:16:05.0378 0x0ca8 Ndisuio - ok
    12:16:05.0391 0x0ca8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    12:16:05.0428 0x0ca8 NdisWan - ok
    12:16:05.0436 0x0ca8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    12:16:05.0464 0x0ca8 NDProxy - ok
    12:16:05.0527 0x0ca8 [ A35AE9B54B4C854E4B90940EF7FC0864, B567D7A0571E5CCA0D47A1F316B682C1B5BDA93BB3EE8889FBC90969F2513A8D ] NEOFLTR_720_21697 C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS
    12:16:05.0529 0x0ca8 NEOFLTR_720_21697 - ok
    12:16:05.0558 0x0ca8 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    12:16:05.0594 0x0ca8 Net Driver HPZ12 - ok
    12:16:05.0612 0x0ca8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    12:16:05.0615 0x0ca8 NetBIOS - ok
    12:16:05.0656 0x0ca8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    12:16:05.0708 0x0ca8 NetBT - ok
    12:16:05.0719 0x0ca8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
    12:16:05.0720 0x0ca8 Netlogon - ok
    12:16:05.0752 0x0ca8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
    12:16:05.0758 0x0ca8 Netman - ok
    12:16:05.0769 0x0ca8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
    12:16:05.0777 0x0ca8 netprofm - ok
    12:16:05.0846 0x0ca8 [ F1814E62EB6E50472AFC9903525ECEC1, 36C705AD754225B64506A852C90D3D9BB329969780B9879FDAB98DE903E3EBC5 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
    12:16:05.0896 0x0ca8 netr28x - ok
    12:16:05.0930 0x0ca8 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    12:16:05.0934 0x0ca8 NetTcpPortSharing - ok
    12:16:05.0965 0x0ca8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    12:16:05.0968 0x0ca8 nfrd960 - ok
    12:16:06.0015 0x0ca8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
    12:16:06.0020 0x0ca8 NlaSvc - ok
    12:16:06.0031 0x0ca8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    12:16:06.0033 0x0ca8 Npfs - ok
    12:16:06.0050 0x0ca8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
    12:16:06.0053 0x0ca8 nsi - ok
    12:16:06.0082 0x0ca8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    12:16:06.0084 0x0ca8 nsiproxy - ok
    12:16:06.0137 0x0ca8 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    12:16:06.0193 0x0ca8 Ntfs - ok
    12:16:06.0212 0x0ca8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
    12:16:06.0214 0x0ca8 Null - ok
    12:16:06.0248 0x0ca8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    12:16:06.0298 0x0ca8 nvraid - ok
    12:16:06.0316 0x0ca8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    12:16:06.0360 0x0ca8 nvstor - ok
    12:16:06.0384 0x0ca8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    12:16:06.0388 0x0ca8 nv_agp - ok
    12:16:06.0487 0x0ca8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    12:16:06.0531 0x0ca8 odserv - ok
    12:16:06.0551 0x0ca8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    12:16:06.0554 0x0ca8 ohci1394 - ok
    12:16:06.0622 0x0ca8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    12:16:06.0656 0x0ca8 ose - ok
    12:16:06.0690 0x0ca8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    12:16:06.0696 0x0ca8 p2pimsvc - ok
    12:16:06.0737 0x0ca8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
    12:16:06.0750 0x0ca8 p2psvc - ok
    12:16:06.0763 0x0ca8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
    12:16:06.0767 0x0ca8 Parport - ok
    12:16:06.0791 0x0ca8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    12:16:06.0821 0x0ca8 partmgr - ok
    12:16:06.0838 0x0ca8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
    12:16:06.0845 0x0ca8 PcaSvc - ok
    12:16:06.0850 0x0ca8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
    12:16:06.0884 0x0ca8 pci - ok
    12:16:06.0914 0x0ca8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
    12:16:06.0915 0x0ca8 pciide - ok
    12:16:07.0007 0x0ca8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    12:16:07.0122 0x0ca8 pcmcia - ok
    12:16:07.0147 0x0ca8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
    12:16:07.0149 0x0ca8 pcw - ok
    12:16:07.0171 0x0ca8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    12:16:07.0187 0x0ca8 PEAUTH - ok
    12:16:07.0245 0x0ca8 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    12:16:07.0265 0x0ca8 PeerDistSvc - ok
    12:16:07.0352 0x0ca8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
    12:16:07.0354 0x0ca8 PerfHost - ok
    12:16:07.0405 0x0ca8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
    12:16:07.0453 0x0ca8 pla - ok
    12:16:07.0516 0x0ca8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    12:16:07.0550 0x0ca8 PlugPlay - ok
    12:16:07.0584 0x0ca8 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    12:16:07.0605 0x0ca8 Pml Driver HPZ12 - ok
    12:16:07.0627 0x0ca8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    12:16:07.0629 0x0ca8 PNRPAutoReg - ok
    12:16:07.0638 0x0ca8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    12:16:07.0644 0x0ca8 PNRPsvc - ok
    12:16:07.0688 0x0ca8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    12:16:07.0731 0x0ca8 PolicyAgent - ok
    12:16:07.0764 0x0ca8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
    12:16:07.0767 0x0ca8 Power - ok
    12:16:07.0821 0x0ca8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    12:16:07.0849 0x0ca8 PptpMiniport - ok
    12:16:07.0863 0x0ca8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
    12:16:07.0866 0x0ca8 Processor - ok
    12:16:07.0889 0x0ca8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
    12:16:07.0912 0x0ca8 ProfSvc - ok
    12:16:07.0926 0x0ca8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
    12:16:07.0928 0x0ca8 ProtectedStorage - ok
    12:16:07.0961 0x0ca8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    12:16:07.0964 0x0ca8 Psched - ok
    12:16:08.0045 0x0ca8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    12:16:08.0078 0x0ca8 ql2300 - ok
    12:16:08.0137 0x0ca8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    12:16:08.0157 0x0ca8 ql40xx - ok
    12:16:08.0181 0x0ca8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
    12:16:08.0188 0x0ca8 QWAVE - ok
    12:16:08.0192 0x0ca8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    12:16:08.0194 0x0ca8 QWAVEdrv - ok
    12:16:08.0206 0x0ca8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    12:16:08.0208 0x0ca8 RasAcd - ok
    12:16:08.0252 0x0ca8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    12:16:08.0255 0x0ca8 RasAgileVpn - ok
    12:16:08.0272 0x0ca8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
    12:16:08.0277 0x0ca8 RasAuto - ok
    12:16:08.0286 0x0ca8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:16:08.0315 0x0ca8 Rasl2tp - ok
    12:16:08.0334 0x0ca8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
    12:16:08.0361 0x0ca8 RasMan - ok
    12:16:08.0375 0x0ca8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    12:16:08.0378 0x0ca8 RasPppoe - ok
    12:16:08.0391 0x0ca8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    12:16:08.0395 0x0ca8 RasSstp - ok
    12:16:08.0415 0x0ca8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    12:16:08.0455 0x0ca8 rdbss - ok
    12:16:08.0467 0x0ca8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    12:16:08.0469 0x0ca8 rdpbus - ok
    12:16:08.0479 0x0ca8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:16:08.0480 0x0ca8 RDPCDD - ok
    12:16:08.0511 0x0ca8 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    12:16:08.0542 0x0ca8 RDPDR - ok
    12:16:08.0544 0x0ca8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    12:16:08.0546 0x0ca8 RDPENCDD - ok
    12:16:08.0560 0x0ca8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    12:16:08.0561 0x0ca8 RDPREFMP - ok
    12:16:08.0609 0x0ca8 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    12:16:08.0651 0x0ca8 RdpVideoMiniport - ok
    12:16:08.0685 0x0ca8 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    12:16:08.0716 0x0ca8 RDPWD - ok
    12:16:08.0732 0x0ca8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    12:16:08.0767 0x0ca8 rdyboost - ok
    12:16:08.0805 0x0ca8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
    12:16:08.0825 0x0ca8 RemoteAccess - ok
    12:16:08.0884 0x0ca8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    12:16:08.0889 0x0ca8 RemoteRegistry - ok
    12:16:08.0904 0x0ca8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    12:16:08.0907 0x0ca8 RpcEptMapper - ok
    12:16:08.0923 0x0ca8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
    12:16:08.0925 0x0ca8 RpcLocator - ok
    12:16:08.0948 0x0ca8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
    12:16:08.0957 0x0ca8 RpcSs - ok
    12:16:08.0979 0x0ca8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    12:16:08.0982 0x0ca8 rspndr - ok
    12:16:09.0032 0x0ca8 [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    12:16:09.0082 0x0ca8 RTL8167 - ok
    12:16:09.0107 0x0ca8 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    12:16:09.0163 0x0ca8 s3cap - ok
    12:16:09.0185 0x0ca8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
    12:16:09.0186 0x0ca8 SamSs - ok
    12:16:09.0234 0x0ca8 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    12:16:09.0235 0x0ca8 SASDIFSV - ok
    12:16:09.0275 0x0ca8 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    12:16:09.0275 0x0ca8 SASKUTIL - ok
    12:16:09.0299 0x0ca8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    12:16:09.0341 0x0ca8 sbp2port - ok
    12:16:09.0418 0x0ca8 SBRE - ok
    12:16:09.0449 0x0ca8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    12:16:09.0470 0x0ca8 SCardSvr - ok
    12:16:09.0489 0x0ca8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    12:16:09.0552 0x0ca8 scfilter - ok
    12:16:09.0609 0x0ca8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
    12:16:09.0626 0x0ca8 Schedule - ok
    12:16:09.0700 0x0ca8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
    12:16:09.0702 0x0ca8 SCPolicySvc - ok
    12:16:09.0730 0x0ca8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    12:16:09.0753 0x0ca8 SDRSVC - ok
    12:16:09.0780 0x0ca8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
    12:16:09.0782 0x0ca8 secdrv - ok
    12:16:09.0819 0x0ca8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
    12:16:09.0839 0x0ca8 seclogon - ok
    12:16:09.0854 0x0ca8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
    12:16:09.0856 0x0ca8 SENS - ok
    12:16:09.0875 0x0ca8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
    12:16:09.0878 0x0ca8 SensrSvc - ok
    12:16:09.0881 0x0ca8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
    12:16:09.0882 0x0ca8 Serenum - ok
    12:16:09.0932 0x0ca8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
    12:16:09.0935 0x0ca8 Serial - ok
    12:16:09.0958 0x0ca8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
    12:16:09.0960 0x0ca8 sermouse - ok
    12:16:09.0978 0x0ca8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
    12:16:10.0001 0x0ca8 SessionEnv - ok
    12:16:10.0018 0x0ca8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    12:16:10.0019 0x0ca8 sffdisk - ok
    12:16:10.0045 0x0ca8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    12:16:10.0047 0x0ca8 sffp_mmc - ok
    12:16:10.0079 0x0ca8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    12:16:10.0107 0x0ca8 sffp_sd - ok
    12:16:10.0122 0x0ca8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    12:16:10.0123 0x0ca8 sfloppy - ok
    12:16:10.0149 0x0ca8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    12:16:10.0205 0x0ca8 ShellHWDetection - ok
    12:16:10.0233 0x0ca8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    12:16:10.0235 0x0ca8 SiSRaid2 - ok
    12:16:10.0245 0x0ca8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    12:16:10.0248 0x0ca8 SiSRaid4 - ok
    12:16:10.0274 0x0ca8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    12:16:10.0277 0x0ca8 Smb - ok
    12:16:10.0329 0x0ca8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    12:16:10.0331 0x0ca8 SNMPTRAP - ok
    12:16:10.0337 0x0ca8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
    12:16:10.0338 0x0ca8 spldr - ok
    12:16:10.0384 0x0ca8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
    12:16:10.0422 0x0ca8 Spooler - ok
    12:16:10.0544 0x0ca8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
    12:16:10.0597 0x0ca8 sppsvc - ok
    12:16:10.0613 0x0ca8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    12:16:10.0617 0x0ca8 sppuinotify - ok
    12:16:10.0669 0x0ca8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
    12:16:10.0707 0x0ca8 srv - ok
    12:16:10.0730 0x0ca8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    12:16:10.0767 0x0ca8 srv2 - ok
    12:16:10.0782 0x0ca8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    12:16:10.0825 0x0ca8 srvnet - ok
    12:16:10.0843 0x0ca8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    12:16:10.0847 0x0ca8 SSDPSRV - ok
    12:16:10.0865 0x0ca8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
    12:16:10.0884 0x0ca8 SstpSvc - ok
    12:16:10.0895 0x0ca8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
    12:16:10.0898 0x0ca8 stexstor - ok
    12:16:10.0969 0x0ca8 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\drivers\serscan.sys
    12:16:10.0971 0x0ca8 StillCam - ok
    12:16:11.0013 0x0ca8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
    12:16:11.0067 0x0ca8 stisvc - ok
    12:16:11.0088 0x0ca8 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    12:16:11.0135 0x0ca8 storflt - ok
    12:16:11.0191 0x0ca8 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
    12:16:11.0194 0x0ca8 StorSvc - ok
    12:16:11.0224 0x0ca8 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
    12:16:11.0254 0x0ca8 storvsc - ok
    12:16:11.0291 0x0ca8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
    12:16:11.0292 0x0ca8 swenum - ok
    12:16:11.0342 0x0ca8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
    12:16:11.0356 0x0ca8 swprv - ok
    12:16:11.0411 0x0ca8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
    12:16:11.0438 0x0ca8 SysMain - ok
    12:16:11.0455 0x0ca8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
    12:16:11.0477 0x0ca8 TabletInputService - ok
    12:16:11.0494 0x0ca8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
    12:16:11.0521 0x0ca8 TapiSrv - ok
    12:16:11.0533 0x0ca8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
    12:16:11.0535 0x0ca8 TBS - ok
    12:16:11.0567 0x0ca8 [ 52CB368599B9C857B308A52F080786BB, FDDEC8B4F4273FA7C6820E0092107FA5879512BDDA5D88712CB2B63CF9A1613F ] tbwkern C:\Windows\system32\DRIVERS\tbwkern.sys
    12:16:11.0597 0x0ca8 tbwkern - ok
    12:16:11.0684 0x0ca8 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    12:16:11.0749 0x0ca8 Tcpip - ok
    12:16:11.0800 0x0ca8 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    12:16:11.0828 0x0ca8 TCPIP6 - ok
    12:16:11.0859 0x0ca8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    12:16:11.0896 0x0ca8 tcpipreg - ok
    12:16:11.0908 0x0ca8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    12:16:11.0909 0x0ca8 TDPIPE - ok
    12:16:11.0951 0x0ca8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    12:16:11.0979 0x0ca8 TDTCP - ok
    12:16:11.0994 0x0ca8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    12:16:12.0023 0x0ca8 tdx - ok
    12:16:12.0322 0x0ca8 [ F67C21CC4195F6AFC447418FE163E156, 01D245952C1AF2B365DBA6C36AFE0FFB2332480B6A1D7D4B43A0DE4FB7535B0B ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    12:16:12.0444 0x0ca8 TeamViewer8 - ok
    12:16:12.0464 0x0ca8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
    12:16:12.0494 0x0ca8 TermDD - ok
    12:16:12.0517 0x0ca8 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
    12:16:12.0552 0x0ca8 TermService - ok
    12:16:12.0568 0x0ca8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
    12:16:12.0571 0x0ca8 Themes - ok
    12:16:12.0580 0x0ca8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
    12:16:12.0582 0x0ca8 THREADORDER - ok
    12:16:12.0631 0x0ca8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
    12:16:12.0635 0x0ca8 TrkWks - ok
    12:16:12.0674 0x0ca8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    12:16:12.0712 0x0ca8 TrustedInstaller - ok
    12:16:12.0766 0x0ca8 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:16:12.0794 0x0ca8 tssecsrv - ok
    12:16:12.0828 0x0ca8 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    12:16:12.0857 0x0ca8 TsUsbFlt - ok
    12:16:12.0875 0x0ca8 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    12:16:12.0903 0x0ca8 TsUsbGD - ok
    12:16:12.0931 0x0ca8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    12:16:12.0961 0x0ca8 tunnel - ok
    12:16:12.0993 0x0ca8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    12:16:12.0995 0x0ca8 uagp35 - ok
    12:16:13.0016 0x0ca8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    12:16:13.0050 0x0ca8 udfs - ok
    12:16:13.0068 0x0ca8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
    12:16:13.0071 0x0ca8 UI0Detect - ok
    12:16:13.0085 0x0ca8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    12:16:13.0088 0x0ca8 uliagpkx - ok
    12:16:13.0119 0x0ca8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    12:16:13.0147 0x0ca8 umbus - ok
    12:16:13.0177 0x0ca8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
    12:16:13.0179 0x0ca8 UmPass - ok
    12:16:13.0204 0x0ca8 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
    12:16:13.0234 0x0ca8 UmRdpService - ok
    12:16:13.0399 0x0ca8 [ 374EBDA379A8F38E0CFC2211611E7167, 0D6C3002B28E27C052227488CEE69FA99399421FF777EB48031E6080A759F532 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    12:16:13.0439 0x0ca8 UNS - ok
    12:16:13.0469 0x0ca8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
    12:16:13.0475 0x0ca8 upnphost - ok
    12:16:13.0502 0x0ca8 [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
    12:16:13.0547 0x0ca8 usbccgp - ok
    12:16:13.0576 0x0ca8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
    12:16:13.0621 0x0ca8 usbcir - ok
    12:16:13.0648 0x0ca8 [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci C:\Windows\system32\drivers\usbehci.sys
    12:16:13.0685 0x0ca8 usbehci - ok
    12:16:13.0711 0x0ca8 [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    12:16:13.0754 0x0ca8 usbhub - ok
    12:16:13.0774 0x0ca8 [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci C:\Windows\system32\drivers\usbohci.sys
    12:16:13.0802 0x0ca8 usbohci - ok
    12:16:13.0842 0x0ca8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    12:16:13.0844 0x0ca8 usbprint - ok
    12:16:13.0848 0x0ca8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:16:13.0888 0x0ca8 USBSTOR - ok
    12:16:13.0908 0x0ca8 [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    12:16:13.0953 0x0ca8 usbuhci - ok
    12:16:13.0966 0x0ca8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
    12:16:13.0970 0x0ca8 UxSms - ok
    12:16:13.0986 0x0ca8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
    12:16:13.0988 0x0ca8 VaultSvc - ok
    12:16:14.0014 0x0ca8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    12:16:14.0016 0x0ca8 vdrvroot - ok
    12:16:14.0053 0x0ca8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
    12:16:14.0093 0x0ca8 vds - ok
    12:16:14.0121 0x0ca8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    12:16:14.0141 0x0ca8 vga - ok
    12:16:14.0160 0x0ca8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
    12:16:14.0162 0x0ca8 VgaSave - ok
    12:16:14.0246 0x0ca8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    12:16:14.0305 0x0ca8 vhdmp - ok
    12:16:14.0327 0x0ca8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
    12:16:14.0329 0x0ca8 viaide - ok
    12:16:14.0354 0x0ca8 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
    12:16:14.0387 0x0ca8 vmbus - ok
    12:16:14.0429 0x0ca8 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    12:16:14.0457 0x0ca8 VMBusHID - ok
    12:16:14.0472 0x0ca8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    12:16:14.0503 0x0ca8 volmgr - ok
    12:16:14.0517 0x0ca8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    12:16:14.0569 0x0ca8 volmgrx - ok
    12:16:14.0602 0x0ca8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
    12:16:14.0644 0x0ca8 volsnap - ok
    12:16:14.0692 0x0ca8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    12:16:14.0697 0x0ca8 vsmraid - ok
    12:16:14.0773 0x0ca8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
    12:16:14.0849 0x0ca8 VSS - ok
    12:16:14.0860 0x0ca8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    12:16:14.0862 0x0ca8 vwifibus - ok
    12:16:14.0873 0x0ca8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    12:16:14.0892 0x0ca8 vwififlt - ok
    12:16:14.0912 0x0ca8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
    12:16:14.0919 0x0ca8 W32Time - ok
    12:16:14.0948 0x0ca8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    12:16:14.0950 0x0ca8 WacomPen - ok
    12:16:14.0976 0x0ca8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    12:16:15.0004 0x0ca8 WANARP - ok
    12:16:15.0008 0x0ca8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    12:16:15.0010 0x0ca8 Wanarpv6 - ok
    12:16:15.0148 0x0ca8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    12:16:15.0227 0x0ca8 WatAdminSvc - ok
    12:16:15.0272 0x0ca8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
    12:16:15.0361 0x0ca8 wbengine - ok
    12:16:15.0385 0x0ca8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    12:16:15.0392 0x0ca8 WbioSrvc - ok
    12:16:15.0425 0x0ca8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    12:16:15.0453 0x0ca8 wcncsvc - ok
    12:16:15.0461 0x0ca8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    12:16:15.0481 0x0ca8 WcsPlugInService - ok
    12:16:15.0507 0x0ca8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
    12:16:15.0509 0x0ca8 Wd - ok
    12:16:15.0563 0x0ca8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    12:16:15.0625 0x0ca8 Wdf01000 - ok
    12:16:15.0665 0x0ca8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
    12:16:15.0669 0x0ca8 WdiServiceHost - ok
    12:16:15.0673 0x0ca8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
    12:16:15.0675 0x0ca8 WdiSystemHost - ok
    12:16:15.0724 0x0ca8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
    12:16:15.0763 0x0ca8 WebClient - ok
    12:16:15.0781 0x0ca8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    12:16:15.0789 0x0ca8 Wecsvc - ok
    12:16:15.0806 0x0ca8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    12:16:15.0809 0x0ca8 wercplsupport - ok
    12:16:15.0834 0x0ca8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
    12:16:15.0838 0x0ca8 WerSvc - ok
    12:16:15.0848 0x0ca8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    12:16:15.0850 0x0ca8 WfpLwf - ok
    12:16:15.0868 0x0ca8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    12:16:15.0870 0x0ca8 WIMMount - ok
    12:16:15.0880 0x0ca8 WinHttpAutoProxySvc - ok
    12:16:15.0987 0x0ca8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    12:16:15.0994 0x0ca8 Winmgmt - ok
    12:16:16.0107 0x0ca8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
    12:16:16.0198 0x0ca8 WinRM - ok
    12:16:16.0335 0x0ca8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    12:16:16.0393 0x0ca8 WinUsb - ok
    12:16:16.0425 0x0ca8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
    12:16:16.0448 0x0ca8 Wlansvc - ok
    12:16:16.0560 0x0ca8 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    12:16:16.0607 0x0ca8 wlcrasvc - ok
    12:16:16.0750 0x0ca8 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    12:16:16.0834 0x0ca8 wlidsvc - ok
    12:16:16.0846 0x0ca8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    12:16:16.0848 0x0ca8 WmiAcpi - ok
    12:16:16.0885 0x0ca8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    12:16:16.0892 0x0ca8 wmiApSrv - ok
    12:16:16.0931 0x0ca8 WMPNetworkSvc - ok
    12:16:16.0948 0x0ca8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    12:16:16.0951 0x0ca8 WPCSvc - ok
    12:16:16.0963 0x0ca8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    12:16:16.0985 0x0ca8 WPDBusEnum - ok
    12:16:16.0998 0x0ca8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    12:16:17.0000 0x0ca8 ws2ifsl - ok
    12:16:17.0003 0x0ca8 WSearch - ok
    12:16:17.0079 0x0ca8 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
    12:16:17.0149 0x0ca8 wuauserv - ok
    12:16:17.0175 0x0ca8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    12:16:17.0204 0x0ca8 WudfPf - ok
    12:16:17.0255 0x0ca8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:16:17.0286 0x0ca8 WUDFRd - ok
    12:16:17.0321 0x0ca8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    12:16:17.0355 0x0ca8 wudfsvc - ok
    12:16:17.0387 0x0ca8 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
    12:16:17.0412 0x0ca8 WwanSvc - ok
    12:16:17.0424 0x0ca8 ================ Scan global ===============================
    12:16:17.0450 0x0ca8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    12:16:17.0520 0x0ca8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    12:16:17.0566 0x0ca8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
    12:16:17.0620 0x0ca8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    12:16:17.0666 0x0ca8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    12:16:17.0672 0x0ca8 [ Global ] - ok
    12:16:17.0672 0x0ca8 ================ Scan MBR ==================================
    12:16:17.0693 0x0ca8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    12:16:18.0000 0x0ca8 \Device\Harddisk0\DR0 - ok
    12:16:18.0001 0x0ca8 ================ Scan VBR ==================================
    12:16:18.0002 0x0ca8 [ 7657EB493C782ECCF13703BE83DF0527 ] \Device\Harddisk0\DR0\Partition1
    12:16:18.0003 0x0ca8 \Device\Harddisk0\DR0\Partition1 - ok
    12:16:18.0030 0x0ca8 [ D05FF0D8B3A6F78D81942C81CB76DC1A ] \Device\Harddisk0\DR0\Partition2
    12:16:18.0032 0x0ca8 \Device\Harddisk0\DR0\Partition2 - ok
    12:16:18.0032 0x0ca8 Waiting for KSN requests completion. In queue: 65
    12:16:19.0032 0x0ca8 Waiting for KSN requests completion. In queue: 65
    12:16:20.0032 0x0ca8 Waiting for KSN requests completion. In queue: 65
    12:16:21.0066 0x0ca8 AV detected via SS2: McAfee VirusScan Enterprise, "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /!REMEDIATE ( ), 0x41000 ( enabled : updated )
    12:16:21.0067 0x0ca8 FW detected via SS2: McAfee Host Intrusion Prevention Firewall, ( ), 0x41010 ( enabled )
    12:16:23.0559 0x0ca8 ============================================================
    12:16:23.0559 0x0ca8 Scan finished
    12:16:23.0559 0x0ca8 ============================================================
    12:16:23.0564 0x0b6c Detected object count: 0
    12:16:23.0564 0x0b6c Actual detected object count: 0


    ComboFix 13-12-18.01 - GESWEIN03 12/19/13 12:52:25.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8136.6608 [GMT -5:00]
    Running from: c:\users\GESWEIN03\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\_ctypes.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\_elementtree.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\_hashlib.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\_multiprocessing.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\_socket.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\_ssl.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\pyexpat.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\pysqlite2._sqlite.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\python27.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\pythoncom27.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\PyWinTypes27.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\select.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\unicodedata.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\win32api.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\win32com.shell.shell.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\win32crypt.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\win32event.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\win32file.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\win32inet.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\win32pdh.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\win32pipe.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\win32process.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\win32profile.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\win32security.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\win32ts.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\windows._lib_cacheinvalidation.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wx._controls_.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wx._core_.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wx._gdi_.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wx._html2.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wx._misc_.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wx._windows_.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wx._wizard.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wxbase294u_net_vc90.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wxbase294u_vc90.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wxmsw294u_adv_vc90.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wxmsw294u_core_vc90.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wxmsw294u_html_vc90.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI29682\wxmsw294u_webview_vc90.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\_ctypes.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\_elementtree.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\_hashlib.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\_multiprocessing.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\_socket.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\_ssl.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\pyexpat.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\pysqlite2._sqlite.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\python27.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\pythoncom27.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\PyWinTypes27.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\select.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\unicodedata.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\win32api.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\win32com.shell.shell.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\win32crypt.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\win32event.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\win32file.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\win32inet.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\win32pdh.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\win32pipe.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\win32process.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\win32profile.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\win32security.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\win32ts.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\windows._lib_cacheinvalidation.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wx._controls_.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wx._core_.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wx._gdi_.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wx._html2.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wx._misc_.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wx._windows_.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wx._wizard.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wxbase294u_net_vc90.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wxbase294u_vc90.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wxmsw294u_adv_vc90.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wxmsw294u_core_vc90.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wxmsw294u_html_vc90.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI29682\wxmsw294u_webview_vc90.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-11-19 to 2013-12-19 )))))))))))))))))))))))))))))))
    .
    .
    2013-12-19 17:57 . 2013-12-19 17:57 -------- d-----w- c:\users\Public\AppData\Local\temp
    2013-12-19 17:57 . 2013-12-19 17:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-12-18 14:16 . 2013-12-19 14:17 -------- d-----w- C:\FRST
    2013-12-16 20:01 . 2013-12-16 20:34 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-12-16 20:00 . 2013-12-16 20:00 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2013-12-12 08:04 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2013-12-12 08:04 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2013-12-12 08:04 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
    2013-12-12 08:04 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
    2013-12-12 08:04 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
    2013-12-11 11:37 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
    2013-12-11 11:37 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
    2013-12-11 11:37 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
    2013-12-10 18:48 . 2013-12-10 18:48 209192 ----a-w- c:\windows\SysWow64\atsckernel.exe
    2013-12-10 18:48 . 2013-12-10 18:48 117544 ----a-w- c:\windows\SysWow64\atashost.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-16 14:38 . 2012-09-20 16:43 104280 ----a-w- c:\users\GESWEIN03\GoToAssistDownloadHelper.exe
    2013-12-10 23:10 . 2012-04-11 14:07 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-12-10 23:10 . 2012-01-18 15:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-11-16 08:01 . 2012-01-18 22:12 82896128 ----a-w- c:\windows\system32\MRT.exe
    2013-10-12 02:30 . 2013-11-15 18:59 830464 ----a-w- c:\windows\system32\nshwfp.dll
    2013-10-12 02:29 . 2013-11-15 18:59 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-10-12 02:29 . 2013-11-15 18:59 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-10-12 02:03 . 2013-11-15 18:59 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
    2013-10-12 02:01 . 2013-11-15 18:59 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
    2013-10-05 20:25 . 2013-11-15 18:59 1474048 ----a-w- c:\windows\system32\crypt32.dll
    2013-10-05 19:57 . 2013-11-15 18:59 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
    2013-10-04 02:28 . 2013-11-15 18:59 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
    2013-10-04 02:25 . 2013-11-15 18:59 197120 ----a-w- c:\windows\system32\credui.dll
    2013-10-04 02:24 . 2013-11-15 18:59 1930752 ----a-w- c:\windows\system32\authui.dll
    2013-10-04 01:58 . 2013-11-15 18:59 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
    2013-10-04 01:56 . 2013-11-15 18:59 168960 ----a-w- c:\windows\SysWow64\credui.dll
    2013-10-04 01:56 . 2013-11-15 18:59 1796096 ----a-w- c:\windows\SysWow64\authui.dll
    2013-10-03 02:23 . 2013-11-15 18:59 404480 ----a-w- c:\windows\system32\gdi32.dll
    2013-10-03 02:00 . 2013-11-15 18:59 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2013-09-30 13:25 . 2013-09-30 13:25 928399 ----a-w- c:\windows\unins000.exe
    2013-09-28 01:09 . 2013-11-15 18:59 497152 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-09-25 02:26 . 2013-11-15 18:59 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2013-09-25 02:26 . 2013-11-15 18:59 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-09-25 02:23 . 2013-11-15 18:59 135680 ----a-w- c:\windows\system32\sspicli.dll
    2013-09-25 02:23 . 2013-11-15 18:59 28672 ----a-w- c:\windows\system32\sspisrv.dll
    2013-09-25 02:23 . 2013-11-15 18:59 28160 ----a-w- c:\windows\system32\secur32.dll
    2013-09-25 02:22 . 2013-11-15 18:59 340992 ----a-w- c:\windows\system32\schannel.dll
    2013-09-25 02:21 . 2013-11-15 18:59 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-09-25 02:21 . 2013-11-15 18:59 1447936 ----a-w- c:\windows\system32\lsasrv.dll
    2013-09-25 01:58 . 2013-11-15 18:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2013-09-25 01:57 . 2013-11-15 18:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2013-09-25 01:57 . 2013-11-15 18:59 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2013-09-25 01:56 . 2013-11-15 18:59 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-09-25 01:03 . 2013-11-15 18:59 30720 ----a-w- c:\windows\system32\lsass.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-08-14 15:27 222832 ----a-w- c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-08-14 15:27 222832 ----a-w- c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-08-14 15:27 222832 ----a-w- c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-11-15 6604568]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-12-06 20203904]
    "SkyDrive"="c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-09-03 41336]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-09-03 840568]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
    NWepo.lnk - c:\program files (x86)\Network Associates\NWePO.exe [2012-1-16 40960]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableVirtualization"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys;c:\windows\SYSNATIVE\DRIVERS\firehk.sys [x]
    R3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys;c:\windows\SYSNATIVE\DRIVERS\firehk.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 tbwkern;Kensington TrackballWorks driver;c:\windows\system32\DRIVERS\tbwkern.sys;c:\windows\SYSNATIVE\DRIVERS\tbwkern.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
    S1 NEOFLTR_720_21697;Juniper Networks TDI Filter Driver (NEOFLTR_720_21697);c:\windows\system32\Drivers\NEOFLTR_720_21697.SYS;c:\windows\SYSNATIVE\Drivers\NEOFLTR_720_21697.SYS [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
    S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
    S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 23:10]
    .
    2013-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 17:21]
    .
    2013-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 17:21]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-08-14 15:27 261744 ----a-w- c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-08-14 15:27 261744 ----a-w- c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-08-14 15:27 261744 ----a-w- c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
    "ScrewDrivers RDP Plugin"="c:\program files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe" [2013-01-09 137584]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    Trusted Zone: agencyanywhere.agency.ni.nwie.net
    Trusted Zone: agents.nationwide.com
    Trusted Zone: appliedonline.net
    Trusted Zone: google.com\accounts
    Trusted Zone: google.com\b.mail
    Trusted Zone: google.com\mail
    Trusted Zone: google.com\www
    Trusted Zone: nationwide.com
    Trusted Zone: nationwide.com\agents
    Trusted Zone: onestop.nationwide.com
    Trusted Zone: skilldialogue.com
    Trusted Zone: skillport.com
    Trusted Zone: state.oh.us\ext.dps
    TCP: DhcpNameServer = 24.95.80.45 24.95.80.45
    TCP: Interfaces\{27B4EE3E-E617-464A-92C3-65719D5FD24E}: NameServer = 209.18.47.61,209.18.47.62
    DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://esource.ohiohealth.com/,DSID=d09236a94813a4387411efcc1861fcf3,DanaInfo=DOMINOM41.ds.ohnet,ST=1+/dwa85W.cab
    DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-Kensington TrackballWorks - c:\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-Kensington TrackballWorks Helper - c:\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe
    c:\users\GESWEIN03\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VoiceZoneConnect.lnk - c:\program files (x86)\VoiceZoneConnect\VoiceZoneConnect.exe
    HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE
    HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE
    HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
    c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
    c:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
    .
    **************************************************************************
    .
    Completion time: 2013-12-19 13:06:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-12-19 18:06
    ComboFix2.txt 2012-07-30 17:32
    .
    Pre-Run: 1,921,715,642,368 bytes free
    Post-Run: 1,923,416,121,344 bytes free
    .
    - - End Of File - - FF4DE2CE809ED7989E8EB029A76FF91E
    A36C5E4F47E84449FF07ED3517B43A31

    Edited by par195, 19 December 2013 - 01:16 PM.


    #8 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 19 December 2013 - 05:05 PM

    Don't worry about that McAfee message.  Please do this next:

    icon11.gif  Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard,  then paste it into Notepad, make sure there is no space before and above File::

    Suspect::[131]
    C:\Qoobox\Quarantine\c\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe
    Save this as CFScript to your desktop.

    Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScriptB-4.gif

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

    icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

    icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

    Open MBAM
    • Click the Update tab
    • Click Check for Updates
    • If an update is found, it will download and install the latest version.
    • The program will close to update and reopen.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
    • Make sure that everything else is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

    Please include the following in your next post:
    • ComboFix log
    • adwCleaner log
    • MBAM log

    Edited by RPMcMurphy, 19 December 2013 - 05:15 PM.

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #9 par195

    par195
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 20 December 2013 - 10:54 AM

    ComboFix 13-12-18.01 - GESWEIN03 12/20/13   9:55.3.4 - x64
    Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8136.6459 [GMT -5:00]
    Running from: c:\users\GESWEIN03\Desktop\ComboFix.exe
    Command switches used :: c:\users\GESWEIN03\Desktop\CFScript.txt
    FW: McAfee Host Intrusion Prevention Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\_ctypes.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\_elementtree.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\_hashlib.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\_multiprocessing.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\_socket.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\_ssl.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\pyexpat.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\pysqlite2._sqlite.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\python27.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\pythoncom27.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\PyWinTypes27.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\select.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\unicodedata.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\win32api.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\win32com.shell.shell.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\win32crypt.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\win32event.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\win32file.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\win32inet.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\win32pdh.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\win32pipe.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\win32process.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\win32profile.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\win32security.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\win32ts.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\windows._lib_cacheinvalidation.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wx._controls_.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wx._core_.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wx._gdi_.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wx._html2.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wx._misc_.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wx._windows_.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wx._wizard.pyd
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wxbase294u_net_vc90.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wxbase294u_vc90.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wxmsw294u_adv_vc90.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wxmsw294u_core_vc90.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wxmsw294u_html_vc90.dll
    c:\users\GESWEI~1\AppData\Local\Temp\_MEI30122\wxmsw294u_webview_vc90.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\_ctypes.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\_elementtree.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\_hashlib.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\_multiprocessing.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\_socket.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\_ssl.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\pyexpat.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\pysqlite2._sqlite.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\python27.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\pythoncom27.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\PyWinTypes27.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\select.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\unicodedata.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\win32api.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\win32com.shell.shell.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\win32crypt.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\win32event.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\win32file.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\win32inet.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\win32pdh.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\win32pipe.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\win32process.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\win32profile.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\win32security.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\win32ts.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\windows._lib_cacheinvalidation.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wx._controls_.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wx._core_.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wx._gdi_.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wx._html2.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wx._misc_.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wx._windows_.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wx._wizard.pyd
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wxbase294u_net_vc90.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wxbase294u_vc90.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wxmsw294u_adv_vc90.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wxmsw294u_core_vc90.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wxmsw294u_html_vc90.dll
    c:\users\GESWEIN03\AppData\Local\Temp\_MEI30122\wxmsw294u_webview_vc90.dll
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-11-20 to 2013-12-20  )))))))))))))))))))))))))))))))
    .
    .
    2013-12-20 14:59 . 2013-12-20 14:59 -------- d-----w- c:\users\Public\AppData\Local\temp
    2013-12-20 14:59 . 2013-12-20 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-12-20 14:37 . 2010-06-15 16:49 38968 ----a-w- c:\windows\system32\drivers\firelm01.sys
    2013-12-20 14:37 . 2010-06-15 16:49 254520 ----a-w- c:\windows\system32\drivers\FireTDI.sys
    2013-12-20 14:37 . 2010-06-15 16:49 186784 ----a-w- c:\windows\system32\drivers\FirePM.sys
    2013-12-19 18:34 . 2013-12-19 18:34 -------- d-----w- c:\program files (x86)\Common Files\Java
    2013-12-19 18:34 . 2013-12-19 18:34 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-12-19 18:33 . 2013-12-19 21:59 -------- d-----w- c:\users\GESWEIN03\AppData\Roaming\ICAClient
    2013-12-19 18:33 . 2013-12-19 18:33 -------- d-----w- c:\programdata\Citrix
    2013-12-19 18:33 . 2013-12-19 18:33 -------- d-----w- c:\program files (x86)\Common Files\Citrix
    2013-12-19 18:25 . 2013-12-19 18:25 -------- d-----w- c:\program files (x86)\McAfee, Inc
    2013-12-18 14:16 . 2013-12-19 14:17 -------- d-----w- C:\FRST
    2013-12-16 20:01 . 2013-12-16 20:34 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-12-16 20:00 . 2013-12-16 20:00 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2013-12-12 08:04 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2013-12-12 08:04 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2013-12-12 08:04 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
    2013-12-12 08:04 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
    2013-12-12 08:04 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
    2013-12-11 11:37 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
    2013-12-11 11:37 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
    2013-12-11 11:37 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
    2013-12-10 18:48 . 2013-12-10 18:48 209192 ----a-w- c:\windows\SysWow64\atsckernel.exe
    2013-12-10 18:48 . 2013-12-10 18:48 117544 ----a-w- c:\windows\SysWow64\atashost.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-20 14:35 . 2012-10-25 13:20 99056 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
    2013-12-20 14:35 . 2012-10-25 13:21 74848 ----a-w- c:\windows\SysWow64\MfeOtlkAddin.dll
    2013-12-20 14:35 . 2010-03-26 01:07 22816 ----a-w- c:\windows\SysWow64\MFEOtlk.dll
    2013-12-20 08:00 . 2012-01-18 22:12 90708896 ----a-w- c:\windows\system32\MRT.exe
    2013-12-19 18:34 . 2012-07-31 13:40 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-12-19 18:34 . 2012-01-24 16:56 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-12-16 14:38 . 2012-09-20 16:43 104280 ----a-w- c:\users\GESWEIN03\GoToAssistDownloadHelper.exe
    2013-12-10 23:10 . 2012-04-11 14:07 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-12-10 23:10 . 2012-01-18 15:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-10-12 02:30 . 2013-11-15 18:59 830464 ----a-w- c:\windows\system32\nshwfp.dll
    2013-10-12 02:29 . 2013-11-15 18:59 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-10-12 02:29 . 2013-11-15 18:59 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-10-12 02:03 . 2013-11-15 18:59 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
    2013-10-12 02:01 . 2013-11-15 18:59 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
    2013-10-05 20:25 . 2013-11-15 18:59 1474048 ----a-w- c:\windows\system32\crypt32.dll
    2013-10-05 19:57 . 2013-11-15 18:59 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
    2013-10-04 02:28 . 2013-11-15 18:59 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
    2013-10-04 02:25 . 2013-11-15 18:59 197120 ----a-w- c:\windows\system32\credui.dll
    2013-10-04 02:24 . 2013-11-15 18:59 1930752 ----a-w- c:\windows\system32\authui.dll
    2013-10-04 01:58 . 2013-11-15 18:59 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
    2013-10-04 01:56 . 2013-11-15 18:59 168960 ----a-w- c:\windows\SysWow64\credui.dll
    2013-10-04 01:56 . 2013-11-15 18:59 1796096 ----a-w- c:\windows\SysWow64\authui.dll
    2013-10-03 02:23 . 2013-11-15 18:59 404480 ----a-w- c:\windows\system32\gdi32.dll
    2013-10-03 02:00 . 2013-11-15 18:59 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2013-09-30 13:25 . 2013-09-30 13:25 928399 ----a-w- c:\windows\unins000.exe
    2013-09-28 01:09 . 2013-11-15 18:59 497152 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-09-25 02:26 . 2013-11-15 18:59 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2013-09-25 02:26 . 2013-11-15 18:59 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-09-25 02:23 . 2013-11-15 18:59 135680 ----a-w- c:\windows\system32\sspicli.dll
    2013-09-25 02:23 . 2013-11-15 18:59 28672 ----a-w- c:\windows\system32\sspisrv.dll
    2013-09-25 02:23 . 2013-11-15 18:59 28160 ----a-w- c:\windows\system32\secur32.dll
    2013-09-25 02:22 . 2013-11-15 18:59 340992 ----a-w- c:\windows\system32\schannel.dll
    2013-09-25 02:21 . 2013-11-15 18:59 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-09-25 02:21 . 2013-11-15 18:59 1447936 ----a-w- c:\windows\system32\lsasrv.dll
    2013-09-25 01:58 . 2013-11-15 18:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2013-09-25 01:57 . 2013-11-15 18:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2013-09-25 01:57 . 2013-11-15 18:59 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2013-09-25 01:56 . 2013-11-15 18:59 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-09-25 01:03 . 2013-11-15 18:59 30720 ----a-w- c:\windows\system32\lsass.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-08-14 15:27 222832 ----a-w- c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-08-14 15:27 222832 ----a-w- c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-08-14 15:27 222832 ----a-w- c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-12-20 6563096]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-12-06 20203904]
    "SkyDrive"="c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-09-03 41336]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-09-03 840568]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
    NWepo.lnk - c:\program files (x86)\Network Associates\NWePO.exe [2012-1-16 40960]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableVirtualization"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FIREWALLDISABLENOTIFY"=dword:00000001
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys;c:\windows\SYSNATIVE\DRIVERS\firehk.sys [x]
    R3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys;c:\windows\SYSNATIVE\DRIVERS\firehk.sys [x]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 tbwkern;Kensington TrackballWorks driver;c:\windows\system32\DRIVERS\tbwkern.sys;c:\windows\SYSNATIVE\DRIVERS\tbwkern.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
    S1 NEOFLTR_720_21697;Juniper Networks TDI Filter Driver (NEOFLTR_720_21697);c:\windows\system32\Drivers\NEOFLTR_720_21697.SYS;c:\windows\SYSNATIVE\Drivers\NEOFLTR_720_21697.SYS [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
    S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
    S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - FIREPM
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 23:10]
    .
    2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 17:21]
    .
    2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 17:21]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-08-14 15:27 261744 ----a-w- c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-08-14 15:27 261744 ----a-w- c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-08-14 15:27 261744 ----a-w- c:\users\GESWEIN03\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
    "IgfxTray"="DOWS\SYSTEM32\IGFXTRAY.EXE" [BU]
    "HotKeysCmds"="DOWS\SYSTEM32\HKCMD.EXE" [BU]
    "Persistence"="DOWS\SYSTEM32\IGFXPERS.EXE" [BU]
    "ScrewDrivers RDP Plugin"="c:\program files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe" [2013-01-09 137584]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    Trusted Zone: agencyanywhere.agency.ni.nwie.net
    Trusted Zone: agents.nationwide.com
    Trusted Zone: appliedonline.net
    Trusted Zone: google.com\accounts
    Trusted Zone: google.com\b.mail
    Trusted Zone: google.com\mail
    Trusted Zone: google.com\www
    Trusted Zone: nationwide.com
    Trusted Zone: nationwide.com\agents
    Trusted Zone: onestop.nationwide.com
    Trusted Zone: skilldialogue.com
    Trusted Zone: skillport.com
    Trusted Zone: state.oh.us\ext.dps
    TCP: DhcpNameServer = 24.95.80.45 24.95.80.45
    TCP: Interfaces\{27B4EE3E-E617-464A-92C3-65719D5FD24E}: NameServer = 209.18.47.61,209.18.47.62
    DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://esource.ohiohealth.com/,DSID=d09236a94813a4387411efcc1861fcf3,DanaInfo=DOMINOM41.ds.ohnet,ST=1+/dwa85W.cab
    DPF: {9916D178-71C8-4764-969C-95B9B67A1F76} - hxxps://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
    c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
    c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
    c:\program files (x86)\Citrix\Receiver\Receiver.exe
    c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    .
    **************************************************************************
    .
    Completion time: 2013-12-20  10:09:26 - machine was rebooted
    ComboFix-quarantined-files.txt  2013-12-20 15:09
    ComboFix2.txt  2013-12-19 18:06
    ComboFix3.txt  2012-07-30 17:32
    .
    Pre-Run: 1,923,165,392,896 bytes free
    Post-Run: 1,923,149,160,448 bytes free
    .
    - - End Of File - - 2865ABD7D9ADD34040C7488898ACBE01
    A36C5E4F47E84449FF07ED3517B43A31
     

    # AdwCleaner v3.015 - Report created 20/12/2013 at 10:12:33
    # Updated 10/12/2013 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : GESWEIN03 - GESWEIN09
    # Running from : C:\Users\GESWEIN03\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\user.js
    File Found : C:\Windows\System32\dmwu.exe
    File Found : C:\Windows\System32\ImhxxpComm.dll

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Found : [x64] HKLM\SOFTWARE\IB Updater
    Key Found : [x64] HKLM\SOFTWARE\wnlt
    Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16526

    *************************

    AdwCleaner[R0].txt - [1322 octets] - [20/12/2013 10:12:33]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1382 octets] ##########

     

     

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.20.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    GESWEIN03 :: GESWEIN09 [administrator]

    12/20/13 10:16:57 AM
    mbam-log-2013-12-20 (10-16-57).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 343242
    Time elapsed: 35 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    #10 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 20 December 2013 - 11:49 PM

    Please do this next:

    icon11.gif  Please visit this site

    • In the Link to topic where this file was requested: field, enter the following:

      http://www.bleepingcomputer.com/forums/t/517681/infected-with-zeroaccess-need-elevated-help
    • In the Browse to the file you want to submit: field, click on browse and navigate to the following file:

      C:\Qoobox\Quarantine\c\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe.vir
    • In the comments field enter the following:

      Failed submission
    • Press the send file button.

    icon11.gif  Double click on AdwCleaner.exe to run the tool again.


    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
      <-If you see anything in the list you wish to keep, uncheck it, otherwise please check everythig else in the list->
    • This time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

    Please include the following in your next post:

    • adwCleaner log

     


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #11 par195

    par195
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 23 December 2013 - 09:23 AM

    pppppppppppppppppppppppppppppppp# AdwCleaner v3.016 - Report created 23/12/2013 at 09:13:48
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : GESWEIN03 - GESWEIN09
    # Running from : C:\Users\GESWEIN03\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    File Deleted : C:\Windows\System32\dmwu.exe
    File Deleted : C:\Windows\System32\ImhxxpComm.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Deleted : [x64] HKLM\SOFTWARE\IB Updater
    Key Deleted : [x64] HKLM\SOFTWARE\wnlt

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16526

    *************************

    AdwCleaner[R0].txt - [1474 octets] - [20/12/2013 10:12:33]
    AdwCleaner[R1].txt - [1534 octets] - [23/12/2013 09:11:41]
    AdwCleaner[S0].txt - [1469 octets] - [23/12/2013 09:13:48]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1529 octets] ##########



    #12 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 23 December 2013 - 04:43 PM

    How is your computer running now?  Please do this next:

    icon11.gif  Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard,  then paste it into Notepad, make sure there is no space before and above DEQUARANTINE::

    DEQUARANTINE::
    C:\Qoobox\Quarantine\c\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe.vir
    Quit::
    Save this as CFScript to your desktop.

    Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScriptB-4.gif

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Dequarantine.txt in your next reply.

    icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

    Please include the following in your next post:
    • How is the computer running now?
    • Dequarantine.txt log
    • ESET log

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #13 par195

    par195
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 27 December 2013 - 04:50 PM

    Computer seems to be running fine.

     

    C:\Qoobox\Quarantine\c\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe.vir -> C:\program files (x86)\Kensington\TrackballWorks\TbwHelper.exe
     

     

    ESET found no Threats, therefore no log.



    #14 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 27 December 2013 - 05:29 PM

    Your logs are looking good.  All I have left for you is some important housekeeping:

    icon11.gif  Uninstall ComboFix

    • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
      Combofix /Uninstall

    Combofix_uninstall_image.jpg

    icon11.gif  Delete the following tools along with any other logs you saved from our work:
    • DDS
    • FRST (You may also delete the c:\FRST folder)
    • TDSSKiller

    icon11.gif  Double click on AdwCleaner.exe to run the tool again.
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.

    icon11.gif  Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't,  manually reboot to ensure a complete clean

    icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
    • Restart any anti-malware programs that we disabled while we were cleaning your machine.
    • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
    • Please read this post for some helpful information.

    Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #15 par195

    par195
    • Topic Starter

    • Members
    • 22 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:50 PM

    Posted 02 January 2014 - 12:37 PM

    I uninstalled ComboFix and deleted all the other items.

     

    I updated my Malwarebytes and ran a quick scan. It found something...arghhh!

     

    I hope MBAM took care of it.

     

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.01.02.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    GESWEIN03 :: GESWEIN09 [administrator]

    01/02/14 12:27:49 PM
    mbam-log-2014-01-02 (12-27-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217277
    Time elapsed: 5 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users