Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recurring Adware.Agent infection


  • This topic is locked This topic is locked
36 replies to this topic

#1 niav

niav

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 29 December 2013 - 12:19 AM

Hello, my brother asked mr to check out his laptop. It is running Windows 7 Home Premium. I scanned with Malwarebytes Anti-Malware. The log from the scan is:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Paul :: PAUL-LAPTOP [administrator]

28/12/2013 22:19:55
mbam-log-2013-12-28 (22-19-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244306
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Detected: 1
C:\Users\Paul\AppData\Local\Temp\a2gzarsu.jq3\mcyrsjdi.exe (Adware.Agent) -> 2016 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCR\CrossriderApp0035510.Sandbox (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110311551110} (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440344554410} (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550355555510} (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0035510.BHO.1 (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110} (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311551110} (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311551110} (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0035510.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0035510.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\iWebar (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Program Files (x86)\iWebar (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\CT3289075 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\CT3289075\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 151
C:\Users\Paul\AppData\Local\Temp\a2gzarsu.jq3\mcyrsjdi.exe (Adware.Agent) -> Delete on reboot.
C:\Program Files (x86)\iWebar\iWebar-bho.dll (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-bho64.dll (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Windows\System32\rp.dll (Adware.Downloader) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_106596_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_113739_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_136463_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_144428_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_164040_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_16624_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_181425_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_185781_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_202638_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_206495_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_225256_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_263830_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_275487_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_284034_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_288465_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_324600_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_40773_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_420352_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_42206_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_437880_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_445694_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_456020_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_459999_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_463007_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_478984_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_484864_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_494414_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_497565_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_49962_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_504381_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_509088_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_534179_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_535943_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_539732_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_543615_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_549009_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_55651_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_56188_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_608961_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_617398_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_617675_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_62822_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_634894_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_680154_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_694623_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_725821_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_777568_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_809303_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_825305_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_829086_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_865928_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_874476_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_885970_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_905121_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_928246_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_954735_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_972899_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_980478_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_988391_setup.exe (Adware.GoOffer) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\crt8892.tmp.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\0jxruo3g.ozp\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\0l0bnxuv.h1u\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\0subeztl.12y\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\0wbceqp2.cxw\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\1kkkm1yv.qn2\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\1mwlpoiz.zop\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\20hwnlvu.n1c\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\3dbxgkhe.1yo\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\5aqrgva3.wpc\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\bssybtn1.1cr\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\d3ew3mbe.bke\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\djlzeidu.qiu\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\dupbegqh.yct\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\dxjtit3e.zbj\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\dyd1qbfc.h3f\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\eqht5aog.5ig\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\g5l4fjhu.i4q\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\gl5gru4q.fz1\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\gw1ij14q.zyn\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\h3ojpxc0.vzp\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\hkbv2kms.f2g\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\idrrgpt1.2vn\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\ina5grqt.mgw\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\kzxofybm.gas\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\lcvgdhgk.n4t\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\ljbcq30q.mus\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\lzxm1pgg.1bw\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\mdctzhdy.u4c\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\mzh5vofs.h1w\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\nowtsrfs.zz5\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\oncfupvn.3xb\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\ouyupmco.owa\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\p51gojbo.ag3\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\pw4hek1c.33y\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\pwje405g.rrk\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\rkdnlf3r.jwj\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\rnbcqght.yal\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\rp0voiq1.nqz\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\sl04kzyy.qdb\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\soyct2lm.0bk\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\spp2exlb.nif\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\Stub\1367518111\cr.exe (PUP.Optional.AdLyrics) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\tcqaxdj5.mpp\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\tgflsqsp.0pm\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\tk10dv2v.2xc\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\u0v5wehb.lzf\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\ugopkii3.aqv\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\uqku5rzp.fxz\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\vaz1v2nd.poy\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\vzbukepj.0cw\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\wlwhddiz.jfu\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\wwmvzo1v.jp1\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\wyhaqxc3.auh\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\xxorddhc.zf0\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\xyxlyttd.qh1\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\ycjivrvl.f0m\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\zarjuivx.mhn\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\zlvqhpoq.x4p\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\zo1dppvl.l2t\mcyrsjdi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\Were.the.Millers.2013.EXTENDED.BDRip.X264 SPARKS.mkv.flv__3038_i147244480_il2446169.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\background.html (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\35510.crx (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\35510.xpi (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\Installer.log (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-bg.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-buttonutil.dll (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-buttonutil.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-buttonutil64.dll (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-buttonutil64.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-chromeinstaller.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-enabler.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-firefoxinstaller.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-helper.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar-updater.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\iWebar.ico (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\Uninstall.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\iWebar\utils.exe (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\iWebar-chromeinstaller.job (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\iWebar-codedownloader.job (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\iWebar-enabler.job (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\iWebar-firefoxinstaller.job (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\iWebar-updater.job (PUP.Optional.iWebar.A) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\CT3289075\CT3289075.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\CT3289075\initdata.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\CT3289075\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\CT3289075\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
 

 

 

I then scanned with the Eset online scanner. It found:

 

C:\Windows\SysWOW64\rp.dll    Win32/AdWare.HotBar.V application    
C:\Users\Paul\AppData\Local\Temp\gzu52xu2.tcy\mcyrsjdi.exe    a variant of MSIL/Adware.GOffer.A application    cleaned by deleting - quarantined
C:\Users\Paul\Downloads\Prisoners [2013] HDRip XviD\codec-setup.exe    NSIS/TrojanDownloader.Adload.I trojan    cleaned by deleting - quarantined
C:\Users\Paul\Downloads\Prisoners [2013] HDRip XviD\webXvid-setup.exe    NSIS/TrojanDownloader.Adload.I trojan    deleted - quarantined
C:\Windows\System32\rp.dll    Win32/AdWare.HotBar.V application    cleaned by deleting - quarantined
 

 

Then I used Malwarebytes Anti-rootkit tool. It found:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.28.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Paul :: PAUL-LAPTOP [administrator]

29/12/2013 02:18:54
mbar-log-2013-12-29 (02-18-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 263950
Time elapsed: 20 minute(s), 45 second(s)

Memory Processes Detected: 1
C:\Users\Paul\AppData\Local\Temp\is22iudg.3p3\mcyrsjdi.exe (Adware.Agent) -> 4292 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Paul\AppData\Local\Temp\is22iudg.3p3\mcyrsjdi.exe (Adware.Agent) -> Delete on reboot.
C:\Windows\SysWOW64\rp.dll (Adware.Downloader) -> Delete on reboot.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_886306_setup.exe (Adware.GoOffer) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

On reboot I scan again with the Anti-Rootkit tool and the infected files are recreated in AppData.

 

Here is the DDS output:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Paul at 5:14:23 on 2013-12-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.353.1033.18.4010.2103 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\YTDownloader\YTDownloader.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Users\Paul\AppData\Local\Temp\g2xdpgi4.2g4\mcyrsjdi.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Rootkit (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes' Anti-Malware (portable)\cleanup.dll",ProcessCleanupScript "C:\ProgramData\Malwarebytes' Anti-Malware (portable)"
mRunOnce: [ (A0)] cmd /c "C:\Users\Paul\Desktop\mbar\mbar.exe" /rdv /s
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
TCP: NameServer = 8.8.8.8 156.154.70.1 208.67.220.220
TCP: Interfaces\{04FEB1A8-E0F0-40A8-A91D-FF45BD8CD02C} : DHCPNameServer = 172.30.224.65
TCP: Interfaces\{3150F40B-C02B-411E-922F-BD968180A763} : DHCPNameServer = 8.8.8.8 156.154.70.1 208.67.220.220
TCP: Interfaces\{BC799F82-FA06-4220-BEE6-6DC00EA27355} : DHCPNameServer = 8.8.8.8 62.40.32.33
TCP: Interfaces\{F648791C-E755-4121-BCF7-87B2FB4BE7DD} : DHCPNameServer = 8.8.8.8 156.154.70.1 208.67.220.220
TCP: Interfaces\{F648791C-E755-4121-BCF7-87B2FB4BE7DD}\16F6966656723702960586F6E656 : DHCPNameServer = 8.8.8.8 62.40.32.33
TCP: Interfaces\{F648791C-E755-4121-BCF7-87B2FB4BE7DD}\65F6461666F6E656F524246364 : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: iWebar: {11111111-1111-1111-1111-110311551110} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\42ixuimo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Paul\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-11-25 25960]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-11-25 13824]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
R2 sbmntr;sbmntr;C:\PROGRA~2\YTDOWN~1\sbmntr.sys [2013-11-25 58728]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-7-25 681056]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-25 2656536]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-5-19 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-5-19 53248]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-8-17 31216]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-11-26 138024]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-26 317440]
R3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-12-29 89304]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-11-25 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
S3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-7-25 289704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 PSI;PSI;C:\windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-7-22 19456]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-11-26 166704]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-7-25 1326176]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-7-22 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-7-22 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-31 1255736]
.
=============== Created Last 30 ================
.
2013-12-29 05:04:16    79064    ----a-w-    C:\windows\System32\drivers\imofugc.sys
2013-12-29 04:46:53    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-29 04:46:51    117464    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2013-12-29 01:38:28    89304    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2013-12-28 22:16:27    --------    d-----w-    C:\Users\Paul\AppData\Roaming\MPC-HC
2013-12-28 21:57:05    --------    d-----w-    C:\windows\Migration
2013-12-28 21:51:28    99840    ----a-w-    C:\windows\System32\drivers\usbccgp.sys
2013-12-28 21:51:28    7808    ----a-w-    C:\windows\System32\drivers\usbd.sys
2013-12-28 21:51:28    52736    ----a-w-    C:\windows\System32\drivers\usbehci.sys
2013-12-28 21:51:28    343040    ----a-w-    C:\windows\System32\drivers\usbhub.sys
2013-12-28 21:51:28    325120    ----a-w-    C:\windows\System32\drivers\usbport.sys
2013-12-28 21:51:28    30720    ----a-w-    C:\windows\System32\drivers\usbuhci.sys
2013-12-28 21:51:28    25600    ----a-w-    C:\windows\System32\drivers\usbohci.sys
2013-12-28 21:49:09    --------    d-----w-    C:\Program Files\MPC-HC
2013-12-28 21:43:46    --------    d-----w-    C:\Program Files\iPod
2013-12-28 21:43:45    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-28 21:43:45    --------    d-----w-    C:\Program Files\iTunes
2013-12-28 21:43:45    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-12-28 21:18:12    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57243449-FB44-46D6-95B3-7A235FF22386}\mpengine.dll
2013-12-23 18:41:28    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-12 18:30:41    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 18:30:41    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 18:30:40    12625920    ----a-w-    C:\windows\System32\wmploc.DLL
2013-12-12 18:30:39    12625408    ----a-w-    C:\windows\SysWow64\wmploc.DLL
2013-12-12 18:29:03    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2013-12-12 18:29:02    293072    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2013-12-12 18:29:02    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-12-12 18:29:02    235216    ----a-w-    C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-12-12 18:29:01    353280    ----a-w-    C:\Program Files\Internet Explorer\IEShims.dll
2013-12-12 18:29:01    270848    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-12-12 18:29:01    251392    ----a-w-    C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-12-12 18:29:00    482816    ----a-w-    C:\Program Files\Internet Explorer\ieinstal.exe
2013-12-12 18:29:00    469504    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2013-12-12 18:29:00    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2013-12-11 19:14:11    335360    ----a-w-    C:\windows\System32\msieftp.dll
2013-12-11 19:14:11    301568    ----a-w-    C:\windows\SysWow64\msieftp.dll
2013-12-11 19:14:08    3155968    ----a-w-    C:\windows\System32\win32k.sys
2013-12-11 19:14:02    465920    ----a-w-    C:\windows\System32\WMPhoto.dll
2013-12-11 19:14:02    417792    ----a-w-    C:\windows\SysWow64\WMPhoto.dll
2013-12-11 19:13:55    81408    ----a-w-    C:\windows\System32\imagehlp.dll
2013-12-11 19:13:55    159232    ----a-w-    C:\windows\SysWow64\imagehlp.dll
2013-12-11 19:12:26    2048    ----a-w-    C:\windows\System32\tzres.dll
2013-12-11 19:12:25    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2013-12-11 19:12:15    230400    ----a-w-    C:\windows\System32\drivers\portcls.sys
2013-12-11 19:12:14    116736    ----a-w-    C:\windows\System32\drivers\drmk.sys
2013-12-11 19:12:12    202752    ----a-w-    C:\windows\System32\scrrun.dll
2013-12-11 19:12:12    156160    ----a-w-    C:\windows\System32\cscript.exe
2013-12-11 19:12:12    150016    ----a-w-    C:\windows\System32\wshom.ocx
2013-12-11 19:12:12    141824    ----a-w-    C:\windows\SysWow64\wscript.exe
2013-12-11 19:12:12    121856    ----a-w-    C:\windows\SysWow64\wshom.ocx
2013-12-11 19:12:11    168960    ----a-w-    C:\windows\System32\wscript.exe
2013-12-11 19:12:11    163840    ----a-w-    C:\windows\SysWow64\scrrun.dll
2013-12-11 19:12:11    126976    ----a-w-    C:\windows\SysWow64\cscript.exe
2013-12-06 18:11:16    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89A6541D-CFE0-4E36-8E9C-8975625E10BB}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-12-10 23:33:47    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 23:33:47    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 09:48:07    66048    ----a-w-    C:\windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:18:39    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-11-19 10:21:41    267936    ------w-    C:\windows\System32\MpSigStub.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-08 07:50:37    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35    1474048    ----a-w-    C:\windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\windows\SysWow64\gdi32.dll
.
============= FINISH:  5:15:26.65 ===============
 

 

I would be very grateful for any assistance.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:45 PM

Posted 02 January 2014 - 10:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
==============

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 niav

niav
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 02 January 2014 - 12:34 PM

Thanks for the help nasdaq. Here are the logs you requested:

 

RogueKiller:

 

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Remove -- Date : 01/02/2014 16:45:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] mcyrsjdi.exe -- C:\Users\Paul\AppData\Local\Temp\1glj4wcs.wek\mcyrsjdi.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] 3de4fa2baa490802165839dccee7ea29
[BSP] 3b160a79ba9ff0b6cfafb6ecf0e0173e : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 181248 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 371402752 | Size: 271568 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 927574016 | Size: 24023 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01022014_164554.txt >>
RKreport[0]_S_01022014_164338.txt;RKreport[0]_S_01022014_164547.txt


AdwCleaner:  (This log popped up at the scan finish):

 

# AdwCleaner v3.016 - Report created 02/01/2014 at 17:01:42
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Paul - PAUL-LAPTOP
# Running from : C:\Users\Paul\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Paul\AppData\Local\Conduit
Folder Deleted : C:\Users\Paul\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Paul\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\42ixuimo.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
File Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\42ixuimo.default\user.js
File Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322552210}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556610}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322552210}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556610}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\42ixuimo.default\prefs.js ]

Line Deleted : user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A183015%2C%22ver%22%3A2%2[...]
Line Deleted : user_pref("extensions.crossrider.bic", "1433b183d2cb79db5770e0426c48e8cf");

-\\ Google Chrome v

[ File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4408 octets] - [02/01/2014 16:59:20]
AdwCleaner[S0].txt - [4302 octets] - [02/01/2014 17:01:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4362 octets] ##########

 

C:\AdwCleaner[S1].txt:

 

# AdwCleaner v2.105 - Logfile created 01/11/2013 at 01:55:50
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Paul - PAUL-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Paul\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\42ixuimo.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [877 octets] - [11/01/2013 01:55:50]

########## EOF - C:\AdwCleaner[S1].txt - [936 octets] ##########
 

 

Junkware Removal Tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Paul on 02/01/2014 at 17:08:20.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311551110}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Paul\appdata\local\cre"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\42ixuimo.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com
Emptied folder: C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\42ixuimo.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/01/2014 at 17:14:21.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ComboFix:

 

ComboFix 14-01-01.01 - Paul 02/01/2014  17:16:38.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.353.1033.18.4010.2751 [GMT 0:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cigiagpbkapepgklncnajbakkpkopmam_0
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cigiagpbkapepgklncnajbakkpkopmam_0\9
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\background.html
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\crossriderManifest.json
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\manifest.xml
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins.json
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\1_base.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\17_jQuery.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\182_openUrl.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\183_tabsWrapper.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\21_debug.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\22_resources.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\28_initializer.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\47_resources_background.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\64_appApiMessage.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\72_appApiValidation.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\userCode\background.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\extensionData\userCode\extension.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\icons\actions\1.png
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\icons\icon128.png
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\icons\icon16.png
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\icons\icon48.png
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\api\chrome.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\api\cookie.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\api\message.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\api\pageAction.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\api\pageActionBG.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\background.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\app_api.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\bg_app_api.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\consts.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\cookie_store.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\crossriderAPI.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\delegate.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\events.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\extensionDataStore.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\installer.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\logFile.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\logging.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\onBGDocumentLoad.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\popupResource\newPopup.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\popupResource\popup.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\reports.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\storageWrapper.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\updateManager.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\util.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\lib\xhr.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\js\main.js
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\manifest.json
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\popup.html
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\1.26.194_0\version.json
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\000286.ldb
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\000288.ldb
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\000298.log
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\CURRENT
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\LOCK
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\LOG
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\LOG.old
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cigiagpbkapepgklncnajbakkpkopmam\MANIFEST-000296
c:\users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cigiagpbkapepgklncnajbakkpkopmam_0.localstorage
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-02 to 2014-01-02  )))))))))))))))))))))))))))))))
.
.
2014-01-02 17:08 . 2014-01-02 17:08    --------    d-----w-    c:\windows\ERUNT
2014-01-02 16:59 . 2014-01-02 17:02    --------    d-----w-    C:\AdwCleaner
2014-01-02 16:43 . 2014-01-02 16:44    49216    ----a-w-    c:\windows\system32\drivers\mouclass.sys.bak
2014-01-02 16:42 . 2014-01-02 16:44    82944    ----a-w-    c:\windows\system32\drivers\ipfltdrv.sys.bak
2014-01-02 16:39 . 2014-01-02 17:08    78336    ----a-w-    c:\windows\SysWow64\rp.dll
2013-12-29 05:23 . 2013-12-29 05:23    --------    d-----w-    c:\users\Paul\AppData\Roaming\TeamViewer
2013-12-29 01:38 . 2013-12-29 04:46    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-28 22:16 . 2013-12-28 22:16    --------    d-----w-    c:\users\Paul\AppData\Roaming\MPC-HC
2013-12-28 22:08 . 2013-12-28 22:08    --------    d-----w-    c:\program files (x86)\Google
2013-12-28 21:57 . 2013-12-28 21:57    --------    d-----w-    c:\windows\Migration
2013-12-28 21:51 . 2013-09-04 12:12    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-12-28 21:51 . 2013-09-04 12:11    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-12-28 21:51 . 2013-09-04 12:11    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-12-28 21:51 . 2013-09-04 12:11    52736    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-12-28 21:51 . 2013-09-04 12:11    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-12-28 21:51 . 2013-09-04 12:11    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-12-28 21:51 . 2013-09-04 12:11    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-12-28 21:49 . 2013-12-28 21:49    --------    d-----w-    c:\program files\MPC-HC
2013-12-28 21:43 . 2013-12-28 21:43    --------    d-----w-    c:\program files\iPod
2013-12-28 21:43 . 2013-12-28 21:44    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-28 21:43 . 2013-12-28 21:44    --------    d-----w-    c:\program files\iTunes
2013-12-28 21:43 . 2013-12-28 21:44    --------    d-----w-    c:\program files (x86)\iTunes
2013-12-28 21:18 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-12 18:30 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 18:30 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 18:30 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-12 18:30 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2013-12-12 18:30 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2013-12-12 18:29 . 2013-11-26 10:19    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-12-12 18:29 . 2013-11-27 00:52    293072    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2013-12-12 18:29 . 2013-11-27 00:20    235216    ----a-w-    c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-12-12 18:29 . 2013-11-26 09:23    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-12-12 18:29 . 2013-11-26 06:48    353280    ----a-w-    c:\program files\Internet Explorer\IEShims.dll
2013-12-12 18:29 . 2013-11-26 06:41    251392    ----a-w-    c:\program files (x86)\Internet Explorer\IEShims.dll
2013-12-12 18:29 . 2013-11-26 06:22    270848    ----a-w-    c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-12-12 18:29 . 2013-11-26 10:18    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-12-12 18:29 . 2013-11-26 08:34    482816    ----a-w-    c:\program files\Internet Explorer\ieinstal.exe
2013-12-12 18:29 . 2013-11-26 07:55    469504    ----a-w-    c:\program files (x86)\Internet Explorer\ieinstal.exe
2013-12-11 19:14 . 2013-10-30 02:32    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-11 19:14 . 2013-10-30 02:19    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-12-11 19:14 . 2013-10-30 01:24    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-12-11 19:14 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-12-11 19:14 . 2013-11-23 17:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-11 19:13 . 2013-10-19 02:18    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-11 19:13 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-12-11 19:12 . 2013-11-12 02:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-11 19:12 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-12-11 19:12 . 2013-10-04 01:36    230400    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-11 19:12 . 2013-10-04 02:16    116736    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 19:12 . 2013-10-12 02:32    150016    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 19:12 . 2013-10-12 02:31    202752    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 19:12 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\SysWow64\wshom.ocx
2013-12-11 19:12 . 2013-10-12 01:33    156160    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 19:12 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\SysWow64\wscript.exe
2013-12-11 19:12 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\SysWow64\scrrun.dll
2013-12-11 19:12 . 2013-10-12 01:33    168960    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 19:12 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\SysWow64\cscript.exe
2013-12-07 12:50 . 2013-10-14 18:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-12-06 18:11 . 2013-10-23 16:45    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89A6541D-CFE0-4E36-8E9C-8975625E10BB}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 23:10 . 2012-08-31 20:03    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-12-10 23:33 . 2012-08-31 19:50    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 23:33 . 2012-08-31 19:50    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-23 16:45 . 2012-10-14 16:35    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:30 . 2013-11-17 14:26    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-17 14:26    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-17 14:26    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-17 14:26    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-17 14:26    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-08 07:50 . 2013-11-20 18:31    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25 . 2013-11-17 14:26    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-17 14:26    1168384    ----a-w-    c:\windows\SysWow64\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-05 23:32    220632    ----a-w-    c:\users\Paul\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-05 23:32    220632    ----a-w-    c:\users\Paul\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-05 23:32    220632    ----a-w-    c:\users\Paul\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-27 138096]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"YTDownloader"="c:\program files (x86)\YTDownloader\YTDownloader.exe" [2013-11-25 2050408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 sbmntr;sbmntr;c:\progra~2\YTDOWN~1\sbmntr.sys;c:\progra~2\YTDOWN~1\sbmntr.sys [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 23:33]
.
2013-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-887285577-1908728387-2409366433-1001Core.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-27 17:08]
.
2013-12-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-887285577-1908728387-2409366433-1001UA.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-27 17:08]
.
2013-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-887285577-1908728387-2409366433-1001Core.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 19:49]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-887285577-1908728387-2409366433-1001UA.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 19:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-05 23:32    244696    ----a-w-    c:\users\Paul\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-05 23:32    244696    ----a-w-    c:\users\Paul\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-05 23:32    244696    ----a-w-    c:\users\Paul\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    164016    ----a-w-    c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    164016    ----a-w-    c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    164016    ----a-w-    c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    164016    ----a-w-    c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ie/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 8.8.8.8 156.154.70.1 208.67.220.220
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\42ixuimo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{11111111-1111-1111-1111-110311551110} - c:\program files (x86)\iWebar\iWebar-bho64.dll
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Dropbox - c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-02  17:23:24
ComboFix-quarantined-files.txt  2014-01-02 17:23
.
Pre-Run: 132,840,419,328 bytes free
Post-Run: 132,294,320,128 bytes free
.
- - End Of File - - 3604BDBF71E35EA7299C3FEB856B3FD8


 



#4 niav

niav
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 02 January 2014 - 12:49 PM

nasdaq I just rebooted the machine and I got a popup to install realplayer. I checked task manager and it was a file from AppData again:

 

C:\Users\Paul\AppData\Local\Temp\afgytdrp_938842_setup.exe

 

I ended the process using the task manager and the popup disappeared.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:45 PM

Posted 02 January 2014 - 01:10 PM

I suggrest your Run the RogueKiller tool and delete this.

[SUSP PATH] mcyrsjdi.exe -- C:\Users\Paul\AppData\Local\Temp\1glj4wcs.wek\mcyrsjdi.exe [-] -> KILLED [TermProc]

===

nasdaq I just rebooted the machine and I got a popup to install realplayer. I checked task manager and it was a file from AppData again:


Delete the files in the \temp folder not the folder.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_938842_setup.exe


Restart the computer normally.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#6 niav

niav
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 02 January 2014 - 02:00 PM

I ran the RogueKiller tool. It killed the .exe. I pressed delete in RogueKiller and let it finish. I then tried to manually delete the contents of the \Temp folder. Two items would not delete giving a message that they were open in another program. One was a 0KB .txt file, the other a folder named smfgporj.3o4 which contains the mcyrsjdi.exe file.

 

Here are the RogueKiller logs:

 

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Scan -- Date : 01/02/2014 18:18:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] mcyrsjdi.exe -- C:\Users\Paul\AppData\Local\Temp\hf2ftons.dna\mcyrsjdi.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] 3de4fa2baa490802165839dccee7ea29
[BSP] 3b160a79ba9ff0b6cfafb6ecf0e0173e : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 181248 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 371402752 | Size: 271568 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 927574016 | Size: 24023 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01022014_181853.txt >>
RKreport[0]_D_01022014_164554.txt;RKreport[0]_S_01022014_164338.txt;RKreport[0]_S_01022014_164547.txt




RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Remove -- Date : 01/02/2014 18:19:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] mcyrsjdi.exe -- C:\Users\Paul\AppData\Local\Temp\hf2ftons.dna\mcyrsjdi.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] 3de4fa2baa490802165839dccee7ea29
[BSP] 3b160a79ba9ff0b6cfafb6ecf0e0173e : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 181248 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 371402752 | Size: 271568 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 927574016 | Size: 24023 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01022014_181933.txt >>
RKreport[0]_D_01022014_164554.txt;RKreport[0]_S_01022014_164338.txt;RKreport[0]_S_01022014_164547.txt
RKreport[0]_S_01022014_181853.txt



checkup.txt

 

 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.3001)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.170  
 Mozilla Firefox (26.0)
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:45 PM

Posted 02 January 2014 - 02:32 PM

C:\Users\Paul\AppData\Local\Temp\hf2ftons.dna\mcyrsjdi.exe

Boot to safe mode and delete the file in bold.

How to boot to Safe Mode, Vista - Windows 7
http://www.computerhope.com/issues/chsafe.htm#03

Restart the computer when the file is deleted.

How is the computer performing now?

#8 niav

niav
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 02 January 2014 - 04:27 PM

I deleted everything in the \Temp folder. Everything deleted bar the 0KB .txt file. On reboot in the \Temp folder there is a file called afgytdrp_380096_setup.exe which gets 27/47 positive on Virustotal. There is also a folder called 441xaokl.ujk which contains the mcyrsjdi.exe file.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:45 PM

Posted 03 January 2014 - 08:59 AM


You probably have a rootkit infection.

Run these tools.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#10 niav

niav
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 03 January 2014 - 10:19 AM

When I opened the version of TDSSKiller you linked it prompted me to update to version 3.0.0.19 so that is what I used for the scan. Here is the log:

 

 

14:10:54.0409 0x0b40  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
14:10:59.0120 0x0b40  ============================================================
14:10:59.0120 0x0b40  Current date / time: 2014/01/03 14:10:59.0120
14:10:59.0120 0x0b40  SystemInfo:
14:10:59.0120 0x0b40  
14:10:59.0120 0x0b40  OS Version: 6.1.7601 ServicePack: 1.0
14:10:59.0120 0x0b40  Product type: Workstation
14:10:59.0120 0x0b40  ComputerName: PAUL-LAPTOP
14:10:59.0120 0x0b40  UserName: Paul
14:10:59.0120 0x0b40  Windows directory: C:\windows
14:10:59.0120 0x0b40  System windows directory: C:\windows
14:10:59.0120 0x0b40  Running under WOW64
14:10:59.0120 0x0b40  Processor architecture: Intel x64
14:10:59.0120 0x0b40  Number of processors: 2
14:10:59.0120 0x0b40  Page size: 0x1000
14:10:59.0120 0x0b40  Boot type: Normal boot
14:10:59.0120 0x0b40  ============================================================
14:11:02.0646 0x0b40  KLMD registered as C:\windows\system32\drivers\63298535.sys
14:11:03.0130 0x0b40  System UUID: {F809E2EF-6ADE-A9BF-74CD-27EEA5C2D07B}
14:11:03.0769 0x0b40  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:11:03.0769 0x0b40  ============================================================
14:11:03.0769 0x0b40  \Device\Harddisk0\DR0:
14:11:03.0769 0x0b40  MBR partitions:
14:11:03.0769 0x0b40  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:11:03.0769 0x0b40  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16200000
14:11:03.0800 0x0b40  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16233000, BlocksNum 0x21267800
14:11:03.0800 0x0b40  ============================================================
14:11:03.0832 0x0b40  C: <-> \Device\Harddisk0\DR0\Partition2
14:11:03.0863 0x0b40  D: <-> \Device\Harddisk0\DR0\Partition3
14:11:03.0863 0x0b40  ============================================================
14:11:03.0863 0x0b40  Initialize success
14:11:03.0863 0x0b40  ============================================================
14:11:38.0885 0x0db8  ============================================================
14:11:38.0885 0x0db8  Scan started
14:11:38.0885 0x0db8  Mode: Manual; SigCheck; TDLFS;
14:11:38.0885 0x0db8  ============================================================
14:11:38.0885 0x0db8  KSN ping started
14:11:52.0816 0x0db8  KSN ping finished: true
14:11:53.0440 0x0db8  ================ Scan system memory ========================
14:11:53.0440 0x0db8  System memory - ok
14:11:53.0440 0x0db8  ================ Scan services =============================
14:11:53.0986 0x0db8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
14:11:54.0095 0x0db8  1394ohci - ok
14:11:54.0142 0x0db8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
14:11:54.0267 0x0db8  ACPI - ok
14:11:54.0282 0x0db8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
14:11:54.0360 0x0db8  AcpiPmi - ok
14:11:54.0579 0x0db8  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:11:54.0594 0x0db8  AdobeFlashPlayerUpdateSvc - ok
14:11:54.0657 0x0db8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
14:11:54.0688 0x0db8  adp94xx - ok
14:11:54.0719 0x0db8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
14:11:54.0750 0x0db8  adpahci - ok
14:11:54.0781 0x0db8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
14:11:54.0797 0x0db8  adpu320 - ok
14:11:54.0828 0x0db8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
14:11:54.0969 0x0db8  AeLookupSvc - ok
14:11:55.0015 0x0db8  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\windows\system32\drivers\afd.sys
14:11:55.0093 0x0db8  AFD - ok
14:11:55.0125 0x0db8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
14:11:55.0140 0x0db8  agp440 - ok
14:11:55.0171 0x0db8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
14:11:55.0203 0x0db8  ALG - ok
14:11:55.0249 0x0db8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
14:11:55.0265 0x0db8  aliide - ok
14:11:55.0281 0x0db8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
14:11:55.0296 0x0db8  amdide - ok
14:11:55.0312 0x0db8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
14:11:55.0343 0x0db8  AmdK8 - ok
14:11:55.0359 0x0db8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
14:11:55.0390 0x0db8  AmdPPM - ok
14:11:55.0437 0x0db8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
14:11:55.0452 0x0db8  amdsata - ok
14:11:55.0483 0x0db8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
14:11:55.0499 0x0db8  amdsbs - ok
14:11:55.0515 0x0db8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
14:11:55.0515 0x0db8  amdxata - ok
14:11:55.0561 0x0db8  [ 9921E78BC29634235F4BF5809E7E8CDE, 194FFE228923D267A3CCDCF371BDAE6ECB72E4B559C0716FC3A6D6113C2A9B48 ] AMPPAL          C:\windows\system32\DRIVERS\AMPPAL.sys
14:11:55.0608 0x0db8  AMPPAL - ok
14:11:55.0608 0x0db8  [ 9921E78BC29634235F4BF5809E7E8CDE, 194FFE228923D267A3CCDCF371BDAE6ECB72E4B559C0716FC3A6D6113C2A9B48 ] AMPPALP         C:\windows\system32\DRIVERS\amppal.sys
14:11:55.0639 0x0db8  AMPPALP - ok
14:11:55.0889 0x0db8  [ 83A0E7BA4AE616D3654E700D9C5FF9DB, 4FE28E51C77C417CEB9F724CCFB9A9ABF521C599E6B2AFD5A822CBEAF2AD0E4E ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
14:11:55.0936 0x0db8  AMPPALR3 - ok
14:11:55.0967 0x0db8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
14:11:56.0170 0x0db8  AppID - ok
14:11:56.0170 0x0db8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
14:11:56.0232 0x0db8  AppIDSvc - ok
14:11:56.0295 0x0db8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
14:11:56.0341 0x0db8  Appinfo - ok
14:11:56.0451 0x0db8  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:11:56.0466 0x0db8  Apple Mobile Device - ok
14:11:56.0529 0x0db8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
14:11:56.0529 0x0db8  arc - ok
14:11:56.0560 0x0db8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
14:11:56.0575 0x0db8  arcsas - ok
14:11:56.0778 0x0db8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:11:56.0794 0x0db8  aspnet_state - ok
14:11:56.0825 0x0db8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
14:11:56.0872 0x0db8  AsyncMac - ok
14:11:56.0903 0x0db8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
14:11:56.0919 0x0db8  atapi - ok
14:11:56.0981 0x0db8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
14:11:57.0090 0x0db8  AudioEndpointBuilder - ok
14:11:57.0137 0x0db8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
14:11:57.0184 0x0db8  AudioSrv - ok
14:11:57.0262 0x0db8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
14:11:57.0355 0x0db8  AxInstSV - ok
14:11:57.0418 0x0db8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
14:11:57.0480 0x0db8  b06bdrv - ok
14:11:57.0527 0x0db8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
14:11:57.0558 0x0db8  b57nd60a - ok
14:11:57.0621 0x0db8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
14:11:57.0652 0x0db8  BDESVC - ok
14:11:57.0667 0x0db8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
14:11:57.0714 0x0db8  Beep - ok
14:11:57.0761 0x0db8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
14:11:57.0839 0x0db8  BFE - ok
14:11:57.0901 0x0db8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\system32\qmgr.dll
14:11:57.0995 0x0db8  BITS - ok
14:11:58.0026 0x0db8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
14:11:58.0057 0x0db8  blbdrive - ok
14:11:58.0229 0x0db8  [ 5FF7B9916A10E8E69E7C0D16F0B4787A, BD4DCCFF789A1899A7A97BCDEB0EF4A448AB2E49FD586742DDBA33905A6D1875 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
14:11:58.0276 0x0db8  Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic ( 1 )
14:12:01.0224 0x0db8  Detect skipped due to KSN trusted
14:12:01.0224 0x0db8  Bluetooth Device Monitor - ok
14:12:01.0427 0x0db8  [ E43D73CAF1023976EFBA1D0F0E69E271, 65E721A6FBB5A4E652E34241E7C9A921A9BB76D6C68F20F4BFAC03BC7F87AEF8 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
14:12:01.0957 0x0db8  Bluetooth Media Service - detected UnsignedFile.Multi.Generic ( 1 )
14:12:04.0953 0x0db8  Detect skipped due to KSN trusted
14:12:04.0953 0x0db8  Bluetooth Media Service - ok
14:12:05.0077 0x0db8  [ 20427929646784A482DF34EF8C4FED23, CC57C0ECDA99630F2315C2450EE2CB5A3525A2F825E5344988841710A4DD2BB2 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
14:12:05.0670 0x0db8  Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic ( 1 )
14:12:08.0572 0x0db8  Detect skipped due to KSN trusted
14:12:08.0572 0x0db8  Bluetooth OBEX Service - ok
14:12:08.0681 0x0db8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:12:08.0697 0x0db8  Bonjour Service - ok
14:12:08.0743 0x0db8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
14:12:08.0775 0x0db8  bowser - ok
14:12:08.0806 0x0db8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
14:12:08.0837 0x0db8  BrFiltLo - ok
14:12:08.0853 0x0db8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
14:12:08.0868 0x0db8  BrFiltUp - ok
14:12:08.0931 0x0db8  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
14:12:08.0977 0x0db8  BridgeMP - ok
14:12:09.0009 0x0db8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
14:12:09.0040 0x0db8  Browser - ok
14:12:09.0071 0x0db8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
14:12:09.0118 0x0db8  Brserid - ok
14:12:09.0133 0x0db8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
14:12:09.0165 0x0db8  BrSerWdm - ok
14:12:09.0180 0x0db8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
14:12:09.0211 0x0db8  BrUsbMdm - ok
14:12:09.0227 0x0db8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
14:12:09.0258 0x0db8  BrUsbSer - ok
14:12:09.0305 0x0db8  [ 9D95F74875491CECBF9E10A5936A570E, 55BDA43FB0C0623CFB7899D0A42BA6696A0A314F9DB5D0EC27A606C2AD9AF34C ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys
14:12:09.0336 0x0db8  BtFilter - detected UnsignedFile.Multi.Generic ( 1 )
14:12:12.0253 0x0db8  Detect skipped due to KSN trusted
14:12:12.0253 0x0db8  BtFilter - ok
14:12:12.0363 0x0db8  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
14:12:12.0394 0x0db8  BthEnum - ok
14:12:12.0425 0x0db8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
14:12:12.0456 0x0db8  BTHMODEM - ok
14:12:12.0487 0x0db8  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
14:12:12.0534 0x0db8  BthPan - ok
14:12:12.0597 0x0db8  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\system32\Drivers\BTHport.sys
14:12:12.0659 0x0db8  BTHPORT - ok
14:12:12.0690 0x0db8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
14:12:12.0753 0x0db8  bthserv - ok
14:12:12.0768 0x0db8  [ A5B3E8B2B78C7B3DA56A0DE490E6718C, 9AA06B18E55679358BE5BFA5D1F3FC1FD790FD74B48E4FFD6517C91734E009EF ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
14:12:12.0784 0x0db8  BTHSSecurityMgr - ok
14:12:12.0799 0x0db8  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\system32\Drivers\BTHUSB.sys
14:12:12.0815 0x0db8  BTHUSB - ok
14:12:12.0862 0x0db8  [ 274E47BD9C1367BDBFA9DF10C2E6C544, 196D7274AE0A461F58E8D18866DFC5C5ED35740EFEE34C348A7B9B225E4ED438 ] btmaudio        C:\windows\system32\drivers\btmaud.sys
14:12:12.0909 0x0db8  btmaudio - ok
14:12:12.0940 0x0db8  [ 75EAB5AAF6E9F83739249CE60B4B9C39, 7D6B4CFEC26C1403558153A2484A07C41CB61E6BBEA41A3D5FDDE0FFBD1C75EC ] btmaux          C:\windows\system32\DRIVERS\btmaux.sys
14:12:12.0987 0x0db8  btmaux - ok
14:12:13.0018 0x0db8  [ 40C6FEC49D1CC4D112368A2BCD2BCBB7, E9ECEAA4F740A667C071EDEA1359491B221E5AA43A990744859CA7CC40E67F6C ] btmhsf          C:\windows\system32\DRIVERS\btmhsf.sys
14:12:13.0080 0x0db8  btmhsf - ok
14:12:13.0143 0x0db8  catchme - ok
14:12:13.0158 0x0db8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
14:12:13.0221 0x0db8  cdfs - ok
14:12:13.0252 0x0db8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
14:12:13.0283 0x0db8  cdrom - ok
14:12:13.0314 0x0db8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
14:12:13.0377 0x0db8  CertPropSvc - ok
14:12:13.0408 0x0db8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
14:12:13.0439 0x0db8  circlass - ok
14:12:13.0470 0x0db8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
14:12:13.0501 0x0db8  CLFS - ok
14:12:13.0564 0x0db8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:12:13.0564 0x0db8  clr_optimization_v2.0.50727_32 - ok
14:12:13.0611 0x0db8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:12:13.0626 0x0db8  clr_optimization_v2.0.50727_64 - ok
14:12:13.0720 0x0db8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:12:13.0735 0x0db8  clr_optimization_v4.0.30319_32 - ok
14:12:13.0751 0x0db8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:12:13.0782 0x0db8  clr_optimization_v4.0.30319_64 - ok
14:12:13.0813 0x0db8  [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
14:12:13.0813 0x0db8  clwvd - ok
14:12:13.0845 0x0db8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
14:12:13.0876 0x0db8  CmBatt - ok
14:12:13.0907 0x0db8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
14:12:13.0923 0x0db8  cmdide - ok
14:12:13.0969 0x0db8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
14:12:14.0032 0x0db8  CNG - ok
14:12:14.0079 0x0db8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
14:12:14.0079 0x0db8  Compbatt - ok
14:12:14.0110 0x0db8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
14:12:14.0141 0x0db8  CompositeBus - ok
14:12:14.0157 0x0db8  COMSysApp - ok
14:12:14.0172 0x0db8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
14:12:14.0188 0x0db8  crcdisk - ok
14:12:14.0235 0x0db8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
14:12:14.0250 0x0db8  CryptSvc - ok
14:12:14.0281 0x0db8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
14:12:14.0375 0x0db8  DcomLaunch - ok
14:12:14.0406 0x0db8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
14:12:14.0469 0x0db8  defragsvc - ok
14:12:14.0500 0x0db8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
14:12:14.0562 0x0db8  DfsC - ok
14:12:14.0609 0x0db8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
14:12:14.0656 0x0db8  Dhcp - ok
14:12:14.0687 0x0db8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
14:12:14.0734 0x0db8  discache - ok
14:12:14.0796 0x0db8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
14:12:14.0812 0x0db8  Disk - ok
14:12:14.0874 0x0db8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
14:12:14.0905 0x0db8  Dnscache - ok
14:12:14.0937 0x0db8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
14:12:14.0999 0x0db8  dot3svc - ok
14:12:15.0030 0x0db8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
14:12:15.0093 0x0db8  DPS - ok
14:12:15.0139 0x0db8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
14:12:15.0186 0x0db8  drmkaud - ok
14:12:15.0249 0x0db8  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
14:12:15.0280 0x0db8  DXGKrnl - ok
14:12:15.0311 0x0db8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
14:12:15.0373 0x0db8  EapHost - ok
14:12:15.0529 0x0db8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
14:12:15.0717 0x0db8  ebdrv - ok
14:12:15.0748 0x0db8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\windows\System32\lsass.exe
14:12:15.0763 0x0db8  EFS - ok
14:12:15.0826 0x0db8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
14:12:15.0888 0x0db8  ehRecvr - ok
14:12:15.0904 0x0db8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
14:12:15.0935 0x0db8  ehSched - ok
14:12:16.0029 0x0db8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
14:12:16.0060 0x0db8  elxstor - ok
14:12:16.0075 0x0db8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
14:12:16.0091 0x0db8  ErrDev - ok
14:12:16.0138 0x0db8  [ 9D8739A2A2173C9D27C499A3FC6EDA3F, DB25F566A071FE935996CF6C63E1CDFB85162A92E9D3D5695A56900D54C83C76 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
14:12:16.0153 0x0db8  ETD - ok
14:12:16.0200 0x0db8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
14:12:16.0278 0x0db8  EventSystem - ok
14:12:16.0325 0x0db8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
14:12:16.0387 0x0db8  exfat - ok
14:12:16.0419 0x0db8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
14:12:16.0481 0x0db8  fastfat - ok
14:12:16.0543 0x0db8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
14:12:16.0621 0x0db8  Fax - ok
14:12:16.0637 0x0db8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
14:12:16.0668 0x0db8  fdc - ok
14:12:16.0715 0x0db8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
14:12:16.0762 0x0db8  fdPHost - ok
14:12:16.0777 0x0db8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
14:12:16.0824 0x0db8  FDResPub - ok
14:12:16.0840 0x0db8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
14:12:16.0855 0x0db8  FileInfo - ok
14:12:16.0871 0x0db8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
14:12:16.0933 0x0db8  Filetrace - ok
14:12:16.0949 0x0db8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
14:12:16.0965 0x0db8  flpydisk - ok
14:12:16.0980 0x0db8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
14:12:17.0011 0x0db8  FltMgr - ok
14:12:17.0074 0x0db8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
14:12:17.0152 0x0db8  FontCache - ok
14:12:17.0199 0x0db8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:12:17.0214 0x0db8  FontCache3.0.0.0 - ok
14:12:17.0230 0x0db8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
14:12:17.0245 0x0db8  FsDepends - ok
14:12:17.0292 0x0db8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
14:12:17.0292 0x0db8  Fs_Rec - ok
14:12:17.0339 0x0db8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
14:12:17.0370 0x0db8  fvevol - ok
14:12:17.0401 0x0db8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
14:12:17.0401 0x0db8  gagp30kx - ok
14:12:17.0464 0x0db8  [ 521A469CAF61F00E1DE081CC2099C1D6, 5BF39C9797A28674203D5C3D5D942978B9C66F658A43D7696B4BE3E8A7880EB9 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
14:12:17.0479 0x0db8  GameConsoleService - ok
14:12:17.0526 0x0db8  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:12:17.0526 0x0db8  GEARAspiWDM - ok
14:12:17.0589 0x0db8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
14:12:17.0682 0x0db8  gpsvc - ok
14:12:17.0713 0x0db8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
14:12:17.0745 0x0db8  hcw85cir - ok
14:12:17.0791 0x0db8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
14:12:17.0838 0x0db8  HdAudAddService - ok
14:12:17.0869 0x0db8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
14:12:17.0916 0x0db8  HDAudBus - ok
14:12:17.0932 0x0db8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
14:12:17.0963 0x0db8  HidBatt - ok
14:12:17.0979 0x0db8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
14:12:18.0010 0x0db8  HidBth - ok
14:12:18.0025 0x0db8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
14:12:18.0041 0x0db8  HidIr - ok
14:12:18.0057 0x0db8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\System32\hidserv.dll
14:12:18.0119 0x0db8  hidserv - ok
14:12:18.0166 0x0db8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
14:12:18.0181 0x0db8  HidUsb - ok
14:12:18.0228 0x0db8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
14:12:18.0275 0x0db8  hkmsvc - ok
14:12:18.0306 0x0db8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
14:12:18.0337 0x0db8  HomeGroupListener - ok
14:12:18.0369 0x0db8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
14:12:18.0400 0x0db8  HomeGroupProvider - ok
14:12:18.0447 0x0db8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
14:12:18.0462 0x0db8  HpSAMD - ok
14:12:18.0509 0x0db8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
14:12:18.0587 0x0db8  HTTP - ok
14:12:18.0618 0x0db8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
14:12:18.0634 0x0db8  hwpolicy - ok
14:12:18.0665 0x0db8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
14:12:18.0681 0x0db8  i8042prt - ok
14:12:18.0727 0x0db8  [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
14:12:18.0759 0x0db8  iaStor - ok
14:12:18.0790 0x0db8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
14:12:18.0821 0x0db8  iaStorV - ok
14:12:18.0837 0x0db8  [ FC47F5CF561BF0FD897EFD1A9604DCCF, C304737F78A772051993A68BB06F860733A8650013A46946A854E47C892C252E ] iBtFltCoex      C:\windows\system32\DRIVERS\iBtFltCoex.sys
14:12:18.0868 0x0db8  iBtFltCoex - ok
14:12:18.0946 0x0db8  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:12:18.0993 0x0db8  idsvc - ok
14:12:19.0024 0x0db8  IEEtwCollectorService - ok
14:12:19.0492 0x0db8  [ 8CB8667F5A3B5515F2585F3254F3AAF7, 068E3E513AFF0ADAAB5EB5C019F13DD6D0BF4E8D69B98CFFCBA0368E04674CA8 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
14:12:20.0100 0x0db8  igfx - ok
14:12:20.0163 0x0db8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
14:12:20.0178 0x0db8  iirsp - ok
14:12:20.0225 0x0db8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
14:12:20.0303 0x0db8  IKEEXT - ok
14:12:20.0443 0x0db8  [ 65F70696BE5ABC11634FCF96AF7D7896, A1950B4A64B25E8F8FA3F905B61B8EE9FE448B8403D9A3632A7214F90276D17A ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
14:12:20.0537 0x0db8  IntcAzAudAddService - ok
14:12:20.0584 0x0db8  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
14:12:20.0646 0x0db8  IntcDAud - ok
14:12:20.0662 0x0db8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
14:12:20.0677 0x0db8  intelide - ok
14:12:20.0709 0x0db8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
14:12:20.0740 0x0db8  intelppm - ok
14:12:20.0787 0x0db8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
14:12:20.0818 0x0db8  IPBusEnum - ok
14:12:20.0849 0x0db8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
14:12:20.0896 0x0db8  IpFilterDriver - ok
14:12:20.0943 0x0db8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
14:12:21.0021 0x0db8  iphlpsvc - ok
14:12:21.0052 0x0db8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
14:12:21.0083 0x0db8  IPMIDRV - ok
14:12:21.0099 0x0db8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
14:12:21.0145 0x0db8  IPNAT - ok
14:12:21.0223 0x0db8  [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:12:21.0239 0x0db8  iPod Service - ok
14:12:21.0270 0x0db8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
14:12:21.0301 0x0db8  IRENUM - ok
14:12:21.0333 0x0db8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
14:12:21.0348 0x0db8  isapnp - ok
14:12:21.0379 0x0db8  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
14:12:21.0395 0x0db8  iScsiPrt - ok
14:12:21.0411 0x0db8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
14:12:21.0426 0x0db8  kbdclass - ok
14:12:21.0442 0x0db8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
14:12:21.0473 0x0db8  kbdhid - ok
14:12:21.0504 0x0db8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\windows\system32\lsass.exe
14:12:21.0520 0x0db8  KeyIso - ok
14:12:21.0535 0x0db8  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
14:12:21.0551 0x0db8  KSecDD - ok
14:12:21.0567 0x0db8  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
14:12:21.0582 0x0db8  KSecPkg - ok
14:12:21.0613 0x0db8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
14:12:21.0660 0x0db8  ksthunk - ok
14:12:21.0691 0x0db8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
14:12:21.0769 0x0db8  KtmRm - ok
14:12:21.0816 0x0db8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
14:12:21.0879 0x0db8  LanmanServer - ok
14:12:21.0894 0x0db8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
14:12:21.0957 0x0db8  LanmanWorkstation - ok
14:12:22.0003 0x0db8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
14:12:22.0066 0x0db8  lltdio - ok
14:12:22.0113 0x0db8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
14:12:22.0175 0x0db8  lltdsvc - ok
14:12:22.0191 0x0db8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
14:12:22.0222 0x0db8  lmhosts - ok
14:12:22.0284 0x0db8  [ F4A17DCAB576267C85663E64F3ACE5A4, 6E1231740492480DB0ACD28BF7168547EA114037E3CF2F3869C5FADF3D859BAE ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:12:22.0300 0x0db8  LMS - ok
14:12:22.0331 0x0db8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
14:12:22.0347 0x0db8  LSI_FC - ok
14:12:22.0362 0x0db8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
14:12:22.0378 0x0db8  LSI_SAS - ok
14:12:22.0378 0x0db8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
14:12:22.0393 0x0db8  LSI_SAS2 - ok
14:12:22.0425 0x0db8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
14:12:22.0425 0x0db8  LSI_SCSI - ok
14:12:22.0471 0x0db8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
14:12:22.0518 0x0db8  luafv - ok
14:12:22.0565 0x0db8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
14:12:22.0581 0x0db8  Mcx2Svc - ok
14:12:22.0581 0x0db8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
14:12:22.0596 0x0db8  megasas - ok
14:12:22.0627 0x0db8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
14:12:22.0659 0x0db8  MegaSR - ok
14:12:22.0705 0x0db8  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
14:12:22.0721 0x0db8  MEIx64 - ok
14:12:22.0737 0x0db8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
14:12:22.0799 0x0db8  MMCSS - ok
14:12:22.0815 0x0db8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
14:12:22.0861 0x0db8  Modem - ok
14:12:22.0908 0x0db8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
14:12:22.0924 0x0db8  monitor - ok
14:12:22.0955 0x0db8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
14:12:22.0971 0x0db8  mouclass - ok
14:12:23.0002 0x0db8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
14:12:23.0017 0x0db8  mouhid - ok
14:12:23.0049 0x0db8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
14:12:23.0064 0x0db8  mountmgr - ok
14:12:23.0111 0x0db8  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:12:23.0127 0x0db8  MozillaMaintenance - ok
14:12:23.0189 0x0db8  [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
14:12:23.0220 0x0db8  MpFilter - ok
14:12:23.0236 0x0db8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
14:12:23.0251 0x0db8  mpio - ok
14:12:23.0267 0x0db8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
14:12:23.0314 0x0db8  mpsdrv - ok
14:12:23.0361 0x0db8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
14:12:23.0470 0x0db8  MpsSvc - ok
14:12:23.0501 0x0db8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
14:12:23.0517 0x0db8  MRxDAV - ok
14:12:23.0532 0x0db8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
14:12:23.0579 0x0db8  mrxsmb - ok
14:12:23.0610 0x0db8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
14:12:23.0626 0x0db8  mrxsmb10 - ok
14:12:23.0641 0x0db8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
14:12:23.0657 0x0db8  mrxsmb20 - ok
14:12:23.0688 0x0db8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
14:12:23.0704 0x0db8  msahci - ok
14:12:23.0735 0x0db8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
14:12:23.0751 0x0db8  msdsm - ok
14:12:23.0766 0x0db8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
14:12:23.0797 0x0db8  MSDTC - ok
14:12:23.0813 0x0db8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
14:12:23.0875 0x0db8  Msfs - ok
14:12:23.0922 0x0db8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
14:12:23.0969 0x0db8  mshidkmdf - ok
14:12:24.0000 0x0db8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
14:12:24.0000 0x0db8  msisadrv - ok
14:12:24.0031 0x0db8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
14:12:24.0094 0x0db8  MSiSCSI - ok
14:12:24.0094 0x0db8  msiserver - ok
14:12:24.0141 0x0db8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
14:12:24.0172 0x0db8  MSKSSRV - ok
14:12:24.0250 0x0db8  [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:12:24.0265 0x0db8  MsMpSvc - ok
14:12:24.0281 0x0db8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
14:12:24.0328 0x0db8  MSPCLOCK - ok
14:12:24.0359 0x0db8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
14:12:24.0406 0x0db8  MSPQM - ok
14:12:24.0421 0x0db8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
14:12:24.0453 0x0db8  MsRPC - ok
14:12:24.0468 0x0db8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
14:12:24.0484 0x0db8  mssmbios - ok
14:12:24.0515 0x0db8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
14:12:24.0546 0x0db8  MSTEE - ok
14:12:24.0562 0x0db8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
14:12:24.0577 0x0db8  MTConfig - ok
14:12:24.0609 0x0db8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
14:12:24.0624 0x0db8  Mup - ok
14:12:24.0655 0x0db8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
14:12:24.0718 0x0db8  napagent - ok
14:12:24.0796 0x0db8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
14:12:24.0843 0x0db8  NativeWifiP - ok
14:12:24.0905 0x0db8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
14:12:24.0967 0x0db8  NDIS - ok
14:12:25.0030 0x0db8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
14:12:25.0077 0x0db8  NdisCap - ok
14:12:25.0108 0x0db8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
14:12:25.0139 0x0db8  NdisTapi - ok
14:12:25.0155 0x0db8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
14:12:25.0217 0x0db8  Ndisuio - ok
14:12:25.0233 0x0db8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
14:12:25.0295 0x0db8  NdisWan - ok
14:12:25.0311 0x0db8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
14:12:25.0357 0x0db8  NDProxy - ok
14:12:25.0404 0x0db8  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\windows\system32\DRIVERS\netaapl64.sys
14:12:25.0435 0x0db8  Netaapl - ok
14:12:25.0451 0x0db8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
14:12:25.0513 0x0db8  NetBIOS - ok
14:12:25.0545 0x0db8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
14:12:25.0591 0x0db8  NetBT - ok
14:12:25.0623 0x0db8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\windows\system32\lsass.exe
14:12:25.0623 0x0db8  Netlogon - ok
14:12:25.0669 0x0db8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
14:12:25.0732 0x0db8  Netman - ok
14:12:25.0794 0x0db8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:12:25.0810 0x0db8  NetMsmqActivator - ok
14:12:25.0825 0x0db8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:12:25.0841 0x0db8  NetPipeActivator - ok
14:12:25.0888 0x0db8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
14:12:25.0981 0x0db8  netprofm - ok
14:12:25.0981 0x0db8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:12:25.0997 0x0db8  NetTcpActivator - ok
14:12:26.0013 0x0db8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:12:26.0028 0x0db8  NetTcpPortSharing - ok
14:12:26.0340 0x0db8  [ AC69618DE5BCCE8747C9AB0AAE1003C1, D975963FA338AB58684BE0556633F3A846D5360FAD1A5E11BB7A273474DFB64D ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
14:12:26.0746 0x0db8  NETwNs64 - ok
14:12:26.0808 0x0db8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
14:12:26.0824 0x0db8  nfrd960 - ok
14:12:26.0855 0x0db8  [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
14:12:26.0871 0x0db8  NisDrv - ok
14:12:26.0917 0x0db8  [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
14:12:26.0933 0x0db8  NisSrv - ok
14:12:26.0964 0x0db8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
14:12:27.0011 0x0db8  NlaSvc - ok
14:12:27.0011 0x0db8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
14:12:27.0058 0x0db8  Npfs - ok
14:12:27.0073 0x0db8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
14:12:27.0136 0x0db8  nsi - ok
14:12:27.0167 0x0db8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
14:12:27.0214 0x0db8  nsiproxy - ok
14:12:27.0307 0x0db8  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
14:12:27.0401 0x0db8  Ntfs - ok
14:12:27.0417 0x0db8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
14:12:27.0448 0x0db8  Null - ok
14:12:27.0947 0x0db8  [ 7328528DAF9B8A486E16595A35043DB0, 3E4BA4DD865BCC77C86E3FA2830921DA04DCE867682712143D99F76404B57B10 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
14:12:28.0493 0x0db8  nvlddmkm - ok
14:12:28.0633 0x0db8  [ 8AE5A124F3B65C3EC531D251A3E9C87F, 240815FA4BBC94F94BC0B5DA3D60CE3FDD74DE24DEE6B3036FB99C5111DB2FEA ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
14:12:28.0633 0x0db8  nvpciflt - ok
14:12:28.0680 0x0db8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
14:12:28.0696 0x0db8  nvraid - ok
14:12:28.0711 0x0db8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
14:12:28.0727 0x0db8  nvstor - ok
14:12:28.0789 0x0db8  [ CEA3416907C17BB6623D9CB1E015B3C4, EE8FA872BBEF18C3D44805B93CC59AB76C8EC3B513CE4FBB252BCE696EB3CFB9 ] NVSvc           C:\windows\system32\nvvsvc.exe
14:12:28.0836 0x0db8  NVSvc - ok
14:12:28.0945 0x0db8  [ 741688E5A65CC43567BCC329AE130075, 2DFEB526B55D2FA32C207FC5D4E2B82CD49E8E7226FC40DDD867834B5F6EBE02 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:12:29.0023 0x0db8  nvUpdatusService - ok
14:12:29.0070 0x0db8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
14:12:29.0086 0x0db8  nv_agp - ok
14:12:29.0101 0x0db8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
14:12:29.0117 0x0db8  ohci1394 - ok
14:12:29.0148 0x0db8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
14:12:29.0179 0x0db8  p2pimsvc - ok
14:12:29.0226 0x0db8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
14:12:29.0273 0x0db8  p2psvc - ok
14:12:29.0320 0x0db8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
14:12:29.0351 0x0db8  Parport - ok
14:12:29.0367 0x0db8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
14:12:29.0382 0x0db8  partmgr - ok
14:12:29.0413 0x0db8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
14:12:29.0460 0x0db8  PcaSvc - ok
14:12:29.0491 0x0db8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
14:12:29.0507 0x0db8  pci - ok
14:12:29.0538 0x0db8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
14:12:29.0554 0x0db8  pciide - ok
14:12:29.0569 0x0db8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
14:12:29.0585 0x0db8  pcmcia - ok
14:12:29.0601 0x0db8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
14:12:29.0616 0x0db8  pcw - ok
14:12:29.0647 0x0db8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
14:12:29.0741 0x0db8  PEAUTH - ok
14:12:29.0835 0x0db8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
14:12:29.0850 0x0db8  PerfHost - ok
14:12:29.0928 0x0db8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
14:12:30.0069 0x0db8  pla - ok
14:12:30.0115 0x0db8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
14:12:30.0162 0x0db8  PlugPlay - ok
14:12:30.0193 0x0db8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
14:12:30.0225 0x0db8  PNRPAutoReg - ok
14:12:30.0256 0x0db8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
14:12:30.0271 0x0db8  PNRPsvc - ok
14:12:30.0318 0x0db8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
14:12:30.0396 0x0db8  PolicyAgent - ok
14:12:30.0459 0x0db8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
14:12:30.0505 0x0db8  Power - ok
14:12:30.0552 0x0db8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
14:12:30.0583 0x0db8  PptpMiniport - ok
14:12:30.0615 0x0db8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
14:12:30.0646 0x0db8  Processor - ok
14:12:30.0677 0x0db8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
14:12:30.0708 0x0db8  ProfSvc - ok
14:12:30.0739 0x0db8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
14:12:30.0739 0x0db8  ProtectedStorage - ok
14:12:30.0771 0x0db8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
14:12:30.0833 0x0db8  Psched - ok
14:12:30.0895 0x0db8  [ FB46E9A827A8799EBD7BFA9128C91F37, 7C40E9C1720522D76AF45A588DFF47BDF0E2A99AF3A396854A00F1273EA13193 ] PSI             C:\windows\system32\DRIVERS\psi_mf.sys
14:12:30.0911 0x0db8  PSI - ok
14:12:31.0005 0x0db8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
14:12:31.0083 0x0db8  ql2300 - ok
14:12:31.0098 0x0db8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
14:12:31.0114 0x0db8  ql40xx - ok
14:12:31.0145 0x0db8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
14:12:31.0176 0x0db8  QWAVE - ok
14:12:31.0192 0x0db8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
14:12:31.0223 0x0db8  QWAVEdrv - ok
14:12:31.0239 0x0db8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
14:12:31.0285 0x0db8  RasAcd - ok
14:12:31.0317 0x0db8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
14:12:31.0363 0x0db8  RasAgileVpn - ok
14:12:31.0395 0x0db8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
14:12:31.0441 0x0db8  RasAuto - ok
14:12:31.0473 0x0db8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
14:12:31.0535 0x0db8  Rasl2tp - ok
14:12:31.0566 0x0db8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
14:12:31.0629 0x0db8  RasMan - ok
14:12:31.0660 0x0db8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
14:12:31.0707 0x0db8  RasPppoe - ok
14:12:31.0738 0x0db8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
14:12:31.0785 0x0db8  RasSstp - ok
14:12:31.0816 0x0db8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
14:12:31.0878 0x0db8  rdbss - ok
14:12:31.0894 0x0db8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
14:12:31.0925 0x0db8  rdpbus - ok
14:12:31.0956 0x0db8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
14:12:32.0003 0x0db8  RDPCDD - ok
14:12:32.0034 0x0db8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
14:12:32.0081 0x0db8  RDPENCDD - ok
14:12:32.0112 0x0db8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
14:12:32.0175 0x0db8  RDPREFMP - ok
14:12:32.0237 0x0db8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
14:12:32.0253 0x0db8  RdpVideoMiniport - ok
14:12:32.0284 0x0db8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
14:12:32.0331 0x0db8  RDPWD - ok
14:12:32.0362 0x0db8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
14:12:32.0377 0x0db8  rdyboost - ok
14:12:32.0409 0x0db8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
14:12:32.0471 0x0db8  RemoteAccess - ok
14:12:32.0502 0x0db8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
14:12:32.0565 0x0db8  RemoteRegistry - ok
14:12:32.0611 0x0db8  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
14:12:32.0643 0x0db8  RFCOMM - ok
14:12:32.0674 0x0db8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
14:12:32.0736 0x0db8  RpcEptMapper - ok
14:12:32.0752 0x0db8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
14:12:32.0767 0x0db8  RpcLocator - ok
14:12:32.0799 0x0db8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
14:12:32.0845 0x0db8  RpcSs - ok
14:12:32.0892 0x0db8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
14:12:32.0939 0x0db8  rspndr - ok
14:12:32.0970 0x0db8  [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
14:12:33.0001 0x0db8  RTL8167 - ok
14:12:33.0048 0x0db8  [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport          C:\windows\SysWOW64\drivers\rtport.sys
14:12:33.0064 0x0db8  rtport - ok
14:12:33.0111 0x0db8  [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI            C:\windows\system32\Drivers\SABI.sys
14:12:33.0157 0x0db8  SABI - ok
14:12:33.0173 0x0db8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\windows\system32\lsass.exe
14:12:33.0173 0x0db8  SamSs - ok
14:12:33.0220 0x0db8  [ D641337B75B9A9D5AE10687AA1097755, 1495654D9090FDE04EF8605D1C8A4B0ACA1A50A4E0A992DE2F049CB8413E860C ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe
14:12:33.0235 0x0db8  Samsung UPD Service - ok
14:12:33.0282 0x0db8  [ 26336AD960A96375B5435C0D4D16E578, CB1B46695DA2706B5C56FF583A864493BE50768ACE4867694E37C8A3936E4757 ] sbmntr          C:\PROGRA~2\YTDOWN~1\sbmntr.sys
14:12:33.0313 0x0db8  sbmntr - ok
14:12:33.0345 0x0db8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
14:12:33.0360 0x0db8  sbp2port - ok
14:12:33.0391 0x0db8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
14:12:33.0438 0x0db8  SCardSvr - ok
14:12:33.0454 0x0db8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
14:12:33.0501 0x0db8  scfilter - ok
14:12:33.0547 0x0db8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
14:12:33.0657 0x0db8  Schedule - ok
14:12:33.0688 0x0db8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
14:12:33.0735 0x0db8  SCPolicySvc - ok
14:12:33.0735 0x0db8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
14:12:33.0781 0x0db8  SDRSVC - ok
14:12:33.0813 0x0db8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
14:12:33.0859 0x0db8  secdrv - ok
14:12:33.0875 0x0db8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
14:12:33.0906 0x0db8  seclogon - ok
14:12:34.0000 0x0db8  [ 9044795E9D1A912D5F1B8DF6211850FD, 9AFE4E9B5C3E7F911A3E0397678CB1783C99AFB0964D104676B71A0C46CB08A4 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
14:12:34.0234 0x0db8  Secunia PSI Agent - ok
14:12:34.0296 0x0db8  [ 8B1A72E4FB63A9C068B08E1F9B70482A, 32A529B3595C95A4306B7A4C199940F88D56B5563BE040478AF1963BBDED0394 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
14:12:34.0390 0x0db8  Secunia Update Agent - ok
14:12:34.0421 0x0db8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\system32\sens.dll
14:12:34.0483 0x0db8  SENS - ok
14:12:34.0499 0x0db8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
14:12:34.0530 0x0db8  SensrSvc - ok
14:12:34.0561 0x0db8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
14:12:34.0593 0x0db8  Serenum - ok
14:12:34.0624 0x0db8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
14:12:34.0655 0x0db8  Serial - ok
14:12:34.0686 0x0db8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
14:12:34.0702 0x0db8  sermouse - ok
14:12:34.0717 0x0db8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
14:12:34.0764 0x0db8  SessionEnv - ok
14:12:34.0764 0x0db8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
14:12:34.0795 0x0db8  sffdisk - ok
14:12:34.0811 0x0db8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
14:12:34.0842 0x0db8  sffp_mmc - ok
14:12:34.0873 0x0db8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
14:12:34.0905 0x0db8  sffp_sd - ok
14:12:34.0920 0x0db8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
14:12:34.0951 0x0db8  sfloppy - ok
14:12:34.0983 0x0db8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
14:12:35.0061 0x0db8  SharedAccess - ok
14:12:35.0107 0x0db8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:12:35.0154 0x0db8  ShellHWDetection - ok
14:12:35.0201 0x0db8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
14:12:35.0201 0x0db8  SiSRaid2 - ok
14:12:35.0232 0x0db8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
14:12:35.0248 0x0db8  SiSRaid4 - ok
14:12:35.0341 0x0db8  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:12:35.0373 0x0db8  SkypeUpdate - ok
14:12:35.0404 0x0db8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
14:12:35.0466 0x0db8  Smb - ok
14:12:35.0497 0x0db8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
14:12:35.0529 0x0db8  SNMPTRAP - ok
14:12:35.0560 0x0db8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
14:12:35.0560 0x0db8  spldr - ok
14:12:35.0607 0x0db8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
14:12:35.0653 0x0db8  Spooler - ok
14:12:35.0809 0x0db8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
14:12:36.0028 0x0db8  sppsvc - ok
14:12:36.0059 0x0db8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
14:12:36.0106 0x0db8  sppuinotify - ok
14:12:36.0137 0x0db8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
14:12:36.0199 0x0db8  srv - ok
14:12:36.0231 0x0db8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
14:12:36.0277 0x0db8  srv2 - ok
14:12:36.0293 0x0db8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
14:12:36.0324 0x0db8  srvnet - ok
14:12:36.0355 0x0db8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
14:12:36.0418 0x0db8  SSDPSRV - ok
14:12:36.0449 0x0db8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
14:12:36.0496 0x0db8  SstpSvc - ok
14:12:36.0527 0x0db8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
14:12:36.0543 0x0db8  stexstor - ok
14:12:36.0574 0x0db8  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
14:12:36.0605 0x0db8  StillCam - ok
14:12:36.0667 0x0db8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
14:12:36.0730 0x0db8  stisvc - ok
14:12:36.0761 0x0db8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
14:12:36.0777 0x0db8  swenum - ok
14:12:36.0808 0x0db8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
14:12:36.0886 0x0db8  swprv - ok
14:12:36.0964 0x0db8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
14:12:37.0089 0x0db8  SysMain - ok
14:12:37.0104 0x0db8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
14:12:37.0151 0x0db8  TabletInputService - ok
14:12:37.0167 0x0db8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
14:12:37.0229 0x0db8  TapiSrv - ok
14:12:37.0245 0x0db8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
14:12:37.0291 0x0db8  TBS - ok
14:12:37.0385 0x0db8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
14:12:37.0479 0x0db8  Tcpip - ok
14:12:37.0572 0x0db8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
14:12:37.0635 0x0db8  TCPIP6 - ok
14:12:37.0666 0x0db8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
14:12:37.0697 0x0db8  tcpipreg - ok
14:12:37.0728 0x0db8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
14:12:37.0759 0x0db8  TDPIPE - ok
14:12:37.0791 0x0db8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
14:12:37.0806 0x0db8  TDTCP - ok
14:12:37.0822 0x0db8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
14:12:37.0869 0x0db8  tdx - ok
14:12:37.0884 0x0db8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
14:12:37.0900 0x0db8  TermDD - ok
14:12:37.0931 0x0db8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
14:12:38.0009 0x0db8  TermService - ok
14:12:38.0025 0x0db8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
14:12:38.0056 0x0db8  Themes - ok
14:12:38.0087 0x0db8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
14:12:38.0118 0x0db8  THREADORDER - ok
14:12:38.0134 0x0db8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
14:12:38.0181 0x0db8  TrkWks - ok
14:12:38.0227 0x0db8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
14:12:38.0274 0x0db8  TrustedInstaller - ok
14:12:38.0290 0x0db8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
14:12:38.0321 0x0db8  tssecsrv - ok
14:12:38.0352 0x0db8  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
14:12:38.0383 0x0db8  TsUsbFlt - ok
14:12:38.0399 0x0db8  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
14:12:38.0430 0x0db8  TsUsbGD - ok
14:12:38.0477 0x0db8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
14:12:38.0508 0x0db8  tunnel - ok
14:12:38.0524 0x0db8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
14:12:38.0539 0x0db8  uagp35 - ok
14:12:38.0571 0x0db8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
14:12:38.0649 0x0db8  udfs - ok
14:12:38.0695 0x0db8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
14:12:38.0711 0x0db8  UI0Detect - ok
14:12:38.0758 0x0db8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
14:12:38.0773 0x0db8  uliagpkx - ok
14:12:38.0805 0x0db8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
14:12:38.0820 0x0db8  umbus - ok
14:12:38.0836 0x0db8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
14:12:38.0867 0x0db8  UmPass - ok
14:12:39.0007 0x0db8  [ DB641944F7E4B14C13C3FEFC89843F69, C106F10E802A67D43C9F0591A4A2477F7EF7911C3313C3844A02E3C061FD3EAA ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:12:39.0117 0x0db8  UNS - ok
14:12:39.0148 0x0db8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
14:12:39.0226 0x0db8  upnphost - ok
14:12:39.0257 0x0db8  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
14:12:39.0273 0x0db8  USBAAPL64 - ok
14:12:39.0304 0x0db8  [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
14:12:39.0335 0x0db8  usbccgp - ok
14:12:39.0351 0x0db8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
14:12:39.0366 0x0db8  usbcir - ok
14:12:39.0397 0x0db8  [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci         C:\windows\system32\drivers\usbehci.sys
14:12:39.0429 0x0db8  usbehci - ok
14:12:39.0491 0x0db8  [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
14:12:39.0553 0x0db8  usbhub - ok
14:12:39.0585 0x0db8  [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci         C:\windows\system32\drivers\usbohci.sys
14:12:39.0616 0x0db8  usbohci - ok
14:12:39.0631 0x0db8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\drivers\usbprint.sys
14:12:39.0663 0x0db8  usbprint - ok
14:12:39.0694 0x0db8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
14:12:39.0725 0x0db8  USBSTOR - ok
14:12:39.0756 0x0db8  [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
14:12:39.0787 0x0db8  usbuhci - ok
14:12:39.0834 0x0db8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
14:12:39.0850 0x0db8  usbvideo - ok
14:12:39.0897 0x0db8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
14:12:39.0943 0x0db8  UxSms - ok
14:12:39.0959 0x0db8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\windows\system32\lsass.exe
14:12:39.0975 0x0db8  VaultSvc - ok
14:12:40.0006 0x0db8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
14:12:40.0021 0x0db8  vdrvroot - ok
14:12:40.0068 0x0db8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
14:12:40.0146 0x0db8  vds - ok
14:12:40.0177 0x0db8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
14:12:40.0193 0x0db8  vga - ok
14:12:40.0209 0x0db8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
14:12:40.0255 0x0db8  VgaSave - ok
14:12:40.0287 0x0db8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
14:12:40.0302 0x0db8  vhdmp - ok
14:12:40.0333 0x0db8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
14:12:40.0349 0x0db8  viaide - ok
14:12:40.0380 0x0db8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
14:12:40.0396 0x0db8  volmgr - ok
14:12:40.0411 0x0db8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
14:12:40.0458 0x0db8  volmgrx - ok
14:12:40.0474 0x0db8  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\windows\system32\drivers\volsnap.sys
14:12:40.0505 0x0db8  volsnap - ok
14:12:40.0536 0x0db8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
14:12:40.0552 0x0db8  vsmraid - ok
14:12:40.0630 0x0db8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
14:12:40.0770 0x0db8  VSS - ok
14:12:40.0786 0x0db8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
14:12:40.0833 0x0db8  vwifibus - ok
14:12:40.0864 0x0db8  [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
14:12:40.0895 0x0db8  vwififlt - ok
14:12:40.0926 0x0db8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
14:12:40.0989 0x0db8  W32Time - ok
14:12:41.0020 0x0db8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
14:12:41.0051 0x0db8  WacomPen - ok
14:12:41.0082 0x0db8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
14:12:41.0129 0x0db8  WANARP - ok
14:12:41.0145 0x0db8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
14:12:41.0191 0x0db8  Wanarpv6 - ok
14:12:41.0285 0x0db8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
14:12:41.0363 0x0db8  WatAdminSvc - ok
14:12:41.0441 0x0db8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
14:12:41.0550 0x0db8  wbengine - ok
14:12:41.0581 0x0db8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
14:12:41.0628 0x0db8  WbioSrvc - ok
14:12:41.0644 0x0db8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
14:12:41.0691 0x0db8  wcncsvc - ok
14:12:41.0706 0x0db8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
14:12:41.0722 0x0db8  WcsPlugInService - ok
14:12:41.0737 0x0db8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
14:12:41.0753 0x0db8  Wd - ok
14:12:41.0800 0x0db8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
14:12:41.0862 0x0db8  Wdf01000 - ok
14:12:41.0909 0x0db8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
14:12:41.0956 0x0db8  WdiServiceHost - ok
14:12:41.0956 0x0db8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
14:12:41.0971 0x0db8  WdiSystemHost - ok
14:12:42.0018 0x0db8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
14:12:42.0049 0x0db8  WebClient - ok
14:12:42.0081 0x0db8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
14:12:42.0143 0x0db8  Wecsvc - ok
14:12:42.0159 0x0db8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
14:12:42.0205 0x0db8  wercplsupport - ok
14:12:42.0237 0x0db8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
14:12:42.0268 0x0db8  WerSvc - ok
14:12:42.0299 0x0db8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
14:12:42.0346 0x0db8  WfpLwf - ok
14:12:42.0377 0x0db8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
14:12:42.0393 0x0db8  WIMMount - ok
14:12:42.0408 0x0db8  WinDefend - ok
14:12:42.0424 0x0db8  WinHttpAutoProxySvc - ok
14:12:42.0471 0x0db8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
14:12:42.0533 0x0db8  Winmgmt - ok
14:12:42.0627 0x0db8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
14:12:42.0767 0x0db8  WinRM - ok
14:12:42.0829 0x0db8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
14:12:42.0861 0x0db8  WinUsb - ok
14:12:42.0923 0x0db8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
14:12:43.0001 0x0db8  Wlansvc - ok
14:12:43.0173 0x0db8  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:12:43.0266 0x0db8  wlidsvc - ok
14:12:43.0282 0x0db8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
14:12:43.0297 0x0db8  WmiAcpi - ok
14:12:43.0329 0x0db8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
14:12:43.0360 0x0db8  wmiApSrv - ok
14:12:43.0391 0x0db8  WMPNetworkSvc - ok
14:12:43.0422 0x0db8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
14:12:43.0438 0x0db8  WPCSvc - ok
14:12:43.0453 0x0db8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
14:12:43.0485 0x0db8  WPDBusEnum - ok
14:12:43.0500 0x0db8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
14:12:43.0531 0x0db8  ws2ifsl - ok
14:12:43.0563 0x0db8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
14:12:43.0594 0x0db8  wscsvc - ok
14:12:43.0594 0x0db8  WSearch - ok
14:12:43.0719 0x0db8  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
14:12:43.0843 0x0db8  wuauserv - ok
14:12:43.0875 0x0db8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
14:12:43.0906 0x0db8  WudfPf - ok
14:12:43.0937 0x0db8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
14:12:43.0953 0x0db8  WUDFRd - ok
14:12:43.0968 0x0db8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
14:12:43.0984 0x0db8  wudfsvc - ok
14:12:44.0015 0x0db8  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\windows\System32\wwansvc.dll
14:12:44.0031 0x0db8  WwanSvc - ok
14:12:44.0124 0x0db8  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:12:44.0155 0x0db8  YahooAUService - ok
14:12:44.0187 0x0db8  ================ Scan global ===============================
14:12:44.0218 0x0db8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
14:12:44.0249 0x0db8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
14:12:44.0265 0x0db8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
14:12:44.0296 0x0db8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
14:12:44.0327 0x0db8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
14:12:44.0343 0x0db8  [ Global ] - ok
14:12:44.0343 0x0db8  ================ Scan MBR ==================================
14:12:44.0358 0x0db8  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
14:12:44.0779 0x0db8  \Device\Harddisk0\DR0 - ok
14:12:44.0795 0x0db8  ================ Scan VBR ==================================
14:12:44.0826 0x0db8  [ CF683E1DBDAD90052A1A11DE8FEE45FD ] \Device\Harddisk0\DR0\Partition1
14:12:44.0826 0x0db8  \Device\Harddisk0\DR0\Partition1 - ok
14:12:44.0842 0x0db8  [ 3B2C2A9BCAD7024C84B9B1710BDAEDE9 ] \Device\Harddisk0\DR0\Partition2
14:12:44.0842 0x0db8  \Device\Harddisk0\DR0\Partition2 - ok
14:12:44.0857 0x0db8  [ 00B2499E294C1525FD9104BAF638CEFF ] \Device\Harddisk0\DR0\Partition3
14:12:44.0857 0x0db8  \Device\Harddisk0\DR0\Partition3 - ok
14:12:44.0857 0x0db8  Waiting for KSN requests completion. In queue: 64
14:12:45.0871 0x0db8  Waiting for KSN requests completion. In queue: 64
14:12:46.0885 0x0db8  Waiting for KSN requests completion. In queue: 64
14:12:47.0899 0x0db8  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
14:12:47.0915 0x0db8  Win FW state via NFP2: enabled
14:12:50.0832 0x0db8  ============================================================
14:12:50.0832 0x0db8  Scan finished
14:12:50.0832 0x0db8  ============================================================
14:12:50.0832 0x1424  Detected object count: 0
14:12:50.0832 0x1424  Actual detected object count: 0
14:14:20.0675 0x0ff8  Deinitialize success
 

 

aswMBR log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-03 14:14:30
-----------------------------
14:14:30.371    OS Version: Windows x64 6.1.7601 Service Pack 1
14:14:30.371    Number of processors: 2 586 0x2A07
14:14:30.371    ComputerName: PAUL-LAPTOP  UserName: Paul
14:14:31.198    Initialize success
14:39:26.727    AVAST engine defs: 14010201
14:47:03.546    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:47:03.546    Disk 0 Vendor: ST950032 0004 Size: 476940MB BusType: 3
14:47:03.702    Disk 0 MBR read successfully
14:47:03.702    Disk 0 MBR scan
14:47:03.717    Disk 0 unknown MBR code
14:47:03.733    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:47:03.764    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       181248 MB offset 206848
14:47:03.795    Disk 0 Partition - 00     0F Extended LBA            271568 MB offset 371402752
14:47:03.826    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS        24023 MB offset 927574016
14:47:03.889    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       271567 MB offset 371404800
14:47:04.029    Disk 0 scanning C:\windows\system32\drivers
14:47:52.062    Service scanning
14:48:27.912    Modules scanning
14:48:28.411    Disk 0 trace - called modules:
14:48:28.473    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:48:28.473    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800680a530]
14:48:28.489    3 CLASSPNP.SYS[fffff88001b8343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a44050]
14:48:29.300    AVAST engine scan C:\windows
14:48:36.694    AVAST engine scan C:\windows\system32
14:52:29.837    AVAST engine scan C:\windows\system32\drivers
14:53:13.813    AVAST engine scan C:\Users\Paul
14:54:57.444    File: C:\Users\Paul\AppData\Local\Temp\2ijkbq1k.x2i\mcyrsjdi.exe  **INFECTED** MSIL:Agent-ART [Trj]
14:54:57.600    File: C:\Users\Paul\AppData\Local\Temp\441xaokl.ujk\mcyrsjdi.exe  **INFECTED** MSIL:Agent-ART [Trj]
14:57:14.148    AVAST engine scan C:\ProgramData
15:02:34.822    Scan finished successfully
15:05:27.889    Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
15:05:27.920    The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"

 

Attached Files

  • Attached File  MBR.zip   536bytes   0 downloads

Edited by niav, 03 January 2014 - 10:22 AM.


#11 niav

niav
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 03 January 2014 - 10:28 AM

nasdaq just to add that when I started the machine today and before I scanned using TDSSKiller and aswMBR I got the popup to install RealPlayer that I mentioned previously. I force closed the process afgytdrp_846732_setup.exe in C:\Users\Paul\AppData\Local\Temp using task manager. I don't know if this would have affected the detections by either of the tools. Thanks.


Edited by niav, 03 January 2014 - 10:28 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:45 PM

Posted 03 January 2014 - 11:23 AM

Download Malwarebytes Anti-Rootkit. Follow the instructions on this page.

How to use Malwarebytes Anti-Rootkit to remove rootkits from a Computer.
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit/

Post the log for my review.

#13 niav

niav
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 03 January 2014 - 12:14 PM

I used the up to date version from the Malwarebytes site. Here is the log:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Paul :: PAUL-LAPTOP [administrator]

03/01/2014 16:32:25
mbar-log-2014-01-03 (16-32-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 260493
Time elapsed: 22 minute(s), 46 second(s)

Memory Processes Detected: 1
C:\Users\Paul\AppData\Local\Temp\2ijkbq1k.x2i\mcyrsjdi.exe (Adware.Agent) -> 332 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak (Unknown.Rootkit.Driver) -> Replace on reboot.
C:\Users\Paul\AppData\Local\Temp\2ijkbq1k.x2i\mcyrsjdi.exe (Adware.Agent) -> Delete on reboot.
C:\Windows\SysWOW64\rp.dll (Adware.Downloader) -> Delete on reboot.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_380096_setup.exe (Adware.GoOffer) -> Delete on reboot.
C:\Users\Paul\AppData\Local\Temp\afgytdrp_846732_setup.exe (Adware.GoOffer) -> Delete on reboot.
C:\Users\Paul\AppData\Local\Temp\441xaokl.ujk\mcyrsjdi.exe (Adware.Agent) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 


Edited by niav, 03 January 2014 - 12:14 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:45 PM

Posted 03 January 2014 - 01:41 PM

Looks like we got it.

How is the computer running now?

#15 niav

niav
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 03 January 2014 - 02:04 PM

I think it is still there. After the Malwarebytes Anti-Rootkit reboot there are still files and folders being created in the \Temp folder, afgytdrp_840196_setup.exe and the folder nphttdub.ulw which contains the malware mcyrsjdi.exe were both created on that reboot. Worse still I am now getting popupus to backup my files and the file BackupSetup.exe has appeared in \Temp. I do not know where it has come from. I did not download it and it was not there earlier.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users